Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how openjsf compares to other vendors in security performance

View Risk Score →

nvm-sh nvmnvm executes commands from a malicious Node.js mirror's version strings

Risk 73
Severity
7.5
First published (updated )
CVE-2026-10796

npm/@wdio/browserstack-serviceWebdriverIO has Command Injection in the BrowserStack Service

Risk 86
Severity
9.8
First published (updated )
CVE-2026-25244

npm/fast-urifast-uri vulnerable to host confusion via percent-encoded authority delimiters

Risk 31
Severity
7.5
EPSS
0.03%
First published (updated )
CVE-2026-6322

crates/fast-urifast-uri vulnerable to path traversal via percent-encoded dot segments

Risk 31
Severity
7.5
EPSS
0.03%
First published (updated )
CVE-2026-6321

npm/eslintStack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular referenc…

Risk 31
Severity
5.5
First published (updated )
CVE-2025-50537
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

messageformat messageformatThe messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaSc…

Risk 43
Severity
7.5
First published (updated )
CVE-2025-57349

Openjsf Express Node.jsPreload arbitrary resources by injecting additional `Link` headers

Risk 28
Severity
5.3
First published (updated )
CVE-2024-10491

npm/body-parserbody-parser vulnerable to denial of service when url encoding is enabled

Risk 46
Severity
7.5
First published (updated )
CVE-2024-45590

npm/serve-staticserve-static affected by template injection that can lead to XSS

Risk 40
Severity
5
First published (updated )
CVE-2024-43800

Openjsf Express Node.jsexpress vulnerable to XSS via response.redirect()

Risk 41
Severity
5
First published (updated )
CVE-2024-43796
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

npm/@electron/packager@electron/packager's build process memory potentially leaked into final executable

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2024-29900

Openjsf Express Node.jsExpress.js Open Redirect in malformed URLs

Risk 28
Severity
6.1
EPSS
0.04%
First published (updated )
CVE-2024-29041

kedi ElectronCordkedi ElectronCord's Discord Token is public

Risk 31
Severity
7.5
EPSS
0.04%
First published (updated )
CVE-2024-26136

redhat/qsExpress.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs.…

Risk 46
Severity
7.5
First published (updated )
CVE-2022-24999

Openjsf DijitXSS in Dijit Editor's LinkDialog plugin

Risk 35
Severity
5.4
First published (updated )
CVE-2020-4051
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Openjsf Serve-indexXSS

Risk 38
Severity
6.1
First published (updated )
CVE-2015-8856

Openjsf ExpressXSS

Risk 39
Severity
6.1
First published (updated )
CVE-2014-6393

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203