OsVault/npm/ejs
npm4 critical

ejs

127 known vulnerabilities · 4 critical · 6 high

CVE-2017-1000189HIGH

ejs vulnerable to DoS due to weak input validation

Published Mar 5, 2018
CVE-2017-1000228CRITICAL

ejs is vulnerable to remote code execution due to weak input validation

Published Nov 30, 2017
CVE-2024-33883MEDIUM

ejs lacks certain pollution protection

Published Apr 28, 2024
CVE-2017-1000188MEDIUM

mde ejs vulnerable to XSS

Published Nov 30, 2017
CVE-2022-29078CRITICAL

ejs template injection vulnerability

Published Apr 26, 2022
GHSA-2crg-3p73-43xp

@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass

Published Apr 10, 2026
CVE-2023-6460MEDIUM

Logging of the firestore key within nodejs-firestore

Published Dec 4, 2023
GHSA-mwv9-gp5h-frr4

Sveltejs devalue's `devalue.parse` and `devalue.unflatten` emit objects with `__proto__` own properties

Published Mar 12, 2026
CVE-2023-23936MEDIUM

CRLF Injection in Nodejs ‘undici’ via host

Published Feb 16, 2023
CVE-2021-21413HIGH

Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate

Published Apr 6, 2021
GHSA-3f6h-2hrp-w5wx

@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service

Published Apr 10, 2026
CVE-2017-1000042MEDIUM

Content Injection via TileJSON attribute in mapbox.js

Published Nov 9, 2018
MAL-2025-190727

Malicious code in @ensdomains/dnsprovejs (npm)

Published Nov 24, 2025
CVE-2024-38999CRITICAL

jrburke requirejs vulnerable to prototype pollution

Published Jul 1, 2024
CVE-2023-34232HIGH

Snowflake NodeJS Driver vulnerable to Command Injection

Published Jun 9, 2023
CVE-2022-23510CRITICAL

@cubejs-backend/api-gateway row level security bypass

Published Dec 12, 2022
CVE-2020-15092HIGH

Stored XSS in TimelineJS3

Published Jul 9, 2020
CVE-2026-27118

Cache poisoning in @sveltejs/adapter-vercel

Published Feb 19, 2026
MAL-2022-2216

Malicious code in courier-plugin-sdk-nodejs (npm)

Published Jun 20, 2022
MAL-2022-1896

Malicious code in checkpackagejson (npm)

Published Jun 20, 2022
MAL-2022-4568

Malicious code in metadata-api-nodejs (npm)

Published Jun 20, 2022
MAL-2022-2961

Malicious code in facebook-nodejs-business-sdk-tests (npm)

Published Jun 20, 2022
MAL-2023-112

Malicious code in audit-ejs (npm)

Published Jun 15, 2023
MAL-2022-4903

Malicious code in nodejs-docs-samples-iot-mqtt-example (npm)

Published Jun 20, 2022
MAL-2022-4904

Malicious code in nodejs-driver (npm)

Published Jun 20, 2022
GHSA-8wj8-cfxr-9374

AWS Advanced NodeJS Wrapper: Privilege Escalation in Aurora PostgreSQL instance

Published Nov 13, 2025
MAL-2022-6538

Malicious code in textlint-checker-for-vuejs-jp-docs (npm)

Published Jun 20, 2022
MAL-2025-190718

Malicious code in @asyncapi/nodejs-template (npm)

Published Nov 24, 2025
MAL-2025-190719

Malicious code in @asyncapi/nodejs-ws-template (npm)

Published Nov 24, 2025
MAL-2024-1290

Malicious code in samplenodejsservice (npm)

Published Apr 22, 2024
MAL-2024-8967

Malicious code in cktool.target.nodejs (npm)

Published Sep 25, 2024
MAL-2024-63

Malicious code in dynatrace-oneagent-nodejs (npm)

Published Jan 7, 2024
GHSA-v457-wxvj-p9w9

@vitejs/plugin-rsc has a Denial of Service with React Server Components

Published Apr 10, 2026
MAL-2025-4842

Malicious code in knn-kdtreejs (npm)

Published Jun 10, 2025
MAL-2022-1419

Malicious code in babelhelspevvuejsxmergeprops (npm)

Published Aug 19, 2022
MAL-2025-2254

Malicious code in ee-server-auth-nodejs (npm)

Published Mar 11, 2025
MAL-2023-636

Malicious code in nodejs-encrypt-agent (npm)

Published Apr 26, 2023
CVE-2022-35948MEDIUM

Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type

Published Aug 18, 2022
MAL-2022-5253

Malicious code in paytm-mini-programs-nodejs-sdk (npm)

Published Jun 20, 2022
CVE-2025-68155

@vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

Published Dec 16, 2025
MAL-2025-48553

Malicious code in webpack-compilejsx (npm)

Published Oct 22, 2025
MAL-2026-41

Malicious code in spire.officejs-document (npm)

Published Jan 5, 2026
MAL-2022-5724

Malicious code in redox-sample-nodejs (npm)

Published Jun 20, 2022
MAL-2026-1715

Malicious code in dotenv-nodejs (npm)

Published Mar 18, 2026
CVE-2017-16113HIGH

Regular Expression Denial of Service in parsejson

Published Jul 24, 2018
MAL-2026-313

Malicious code in spire.officejs-fonts (npm)

Published Jan 16, 2026
MAL-2022-389

Malicious code in @localizejs/fetlife-assets (npm)

Published Jun 20, 2022
MAL-2025-3910

Malicious code in nodejs-fetch-proxy (npm)

Published May 16, 2025
CVE-2017-1000043MEDIUM

Content Injection via TileJSON Name in mapbox.js

Published Nov 9, 2018
MAL-2022-4906

Malicious code in nodejs-gcloud-pubsub-module (npm)

Published Jun 20, 2022
MAL-2025-191426

Malicious code in simplejsonform (npm)

Published Nov 24, 2025
CVE-2022-36127HIGH

Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header

Published Jul 19, 2022
MAL-2022-4905

Malicious code in nodejs-email (npm)

Published Jul 21, 2022
MAL-2022-5447

Malicious code in preloadsmartablejs (npm)

Published Jun 20, 2022
MAL-2022-6519

Malicious code in testherejson (npm)

Published Dec 7, 2022
MAL-2025-3115

Malicious code in rapyd-nodejs (npm)

Published Apr 3, 2025
CVE-2025-67489

@vitejs/plugin-rsc Remote Code Execution through unsafe dynamic imports in RSC server function APIs on development server

Published Dec 8, 2025
MAL-2022-218

Malicious code in @dungnt11/splidejs (npm)

Published Aug 19, 2022
MAL-2022-5563

Malicious code in quest-bee-nodejs (npm)

Published Aug 10, 2022
MAL-2022-6166

Malicious code in slint-config-nodejs (npm)

Published Jun 20, 2022
MAL-2022-5416

Malicious code in poppejs (npm)

Published Aug 19, 2022
CVE-2024-6376

ejson shell parser in MongoDB Compass maybe bypassed

Published Jul 1, 2024
CVE-2026-33228

Prototype Pollution via parse() in NodeJS flatted

Published Mar 19, 2026
MAL-2022-6933

Malicious code in vimeo-threejs-player (npm)

Published Jun 13, 2022
MAL-2025-49079

Malicious code in zohocrm-nodejs-sdk-3.0 (npm)

Published Oct 29, 2025
MAL-2022-3459

Malicious code in grenache-nodejs-fib-client (npm)

Published Jun 20, 2022
MAL-2022-7038

Malicious code in wallet-nodejs-binding (npm)

Published Jun 20, 2022
MAL-2022-3411

Malicious code in google-auth-library-nodejs (npm)

Published Sep 7, 2022
GHSA-ccgf-5rwj-j3hv

TeleJSON: DOM XSS via unsanitised constructor name in `new Function()`

Published Apr 2, 2026
MAL-2026-312

Malicious code in spire.officejs-externs (npm)

Published Jan 16, 2026
MAL-2024-1038

Malicious code in nodejs-socket (npm)

Published Feb 26, 2024
MAL-2025-190728

Malicious code in @ensdomains/dnssecoraclejs (npm)

Published Nov 24, 2025
MAL-2022-7262

Malicious code in xbcrypt-nohejs (npm)

Published Aug 19, 2022
MAL-2025-4487

Malicious code in logbin-nodejs (npm)

Published May 27, 2025
MAL-2022-996

Malicious code in angara.tablejs (npm)

Published Jun 20, 2022
MAL-2025-191301

Malicious code in @productdevbook/animejs-vue (npm)

Published Nov 25, 2025
MAL-2022-1825

Malicious code in capacitybot-cf-nodejs-fct (npm)

Published Jun 20, 2022
MAL-2022-3921

Malicious code in invision-nodejs-test-utils (npm)

Published Jun 20, 2022
MAL-2023-171

Malicious code in chart-tablejs (npm)

Published Jun 13, 2023
MAL-2023-302

Malicious code in ejs-audit (npm)

Published Jun 19, 2023
MAL-2022-2882

Malicious code in euirejs (npm)

Published Aug 19, 2022
MAL-2023-622

Malicious code in next2ejs (npm)

Published May 17, 2023
MAL-2024-1345

Malicious code in generic-synthetic-nodejs (npm)

Published May 8, 2024
MAL-2023-588

Malicious code in meetingsdk-sample-vuejs (npm)

Published Jul 4, 2023
MAL-2022-4765

Malicious code in myjohndeereapi-oauth2-nodejs-example (npm)

Published Jun 20, 2022
MAL-2023-635

Malicious code in nodejs-cookie-proxy-agent (npm)

Published Apr 26, 2023
MAL-2025-2257

Malicious code in example-nodejs-express (npm)

Published Mar 11, 2025
MAL-2023-737

Malicious code in react-vuejs (npm)

Published May 22, 2023
MAL-2022-3457

Malicious code in grenache-nodejs-example-fib-client (npm)

Published Jun 20, 2022
MAL-2022-3458

Malicious code in grenache-nodejs-example-fib-server (npm)

Published Jun 20, 2022
MAL-2022-3460

Malicious code in grenache-nodejs-fib-server (npm)

Published Jun 20, 2022
MAL-2022-3461

Malicious code in grenache-nodejs-utp (npm)

Published Jun 20, 2022
MAL-2022-4902

Malicious code in nodejs-color (npm)

Published Aug 16, 2022
MAL-2026-39

Malicious code in spire.officejs-common (npm)

Published Jan 5, 2026
MAL-2022-5154

Malicious code in output-scrubber-nodejs (npm)

Published Jun 20, 2022
MAL-2025-4833

Malicious code in gwnodejssectest1 (npm)

Published Jun 10, 2025
MAL-2025-1572

Malicious code in auth0-nodejs-webapp-sample-new-test (npm)

Published Feb 28, 2025
MAL-2023-950

Malicious code in vue2ejs (npm)

Published May 17, 2023
MAL-2024-10267

Malicious code in webhooks-resources-nodejs-server (npm)

Published Oct 29, 2024
MAL-2022-3040

Malicious code in finastra-nodejs-libs (npm)

Published Jun 20, 2022
MAL-2025-191564

Malicious code in aps-simple-viewer-nodejs (npm)

Published Dec 1, 2025
MAL-2023-8419

Malicious code in ironfish-rust-nodejs (npm)

Published Nov 1, 2023
MAL-2025-191579

Malicious code in lbank-connector-nodejs (npm)

Published Dec 1, 2025
MAL-2024-10956

Malicious code in config-sdk-nodejs (npm)

Published Nov 26, 2024
MAL-2023-8488

Malicious code in resume-sourcing-nodejs-client-credentials (npm)

Published Nov 9, 2023
MAL-2024-11058

Malicious code in nodejs-prom-reporter (npm)

Published Nov 27, 2024
MAL-2025-1173

Malicious code in sample-nodejs-vsk-with-adm (npm)

Published Feb 3, 2025
MAL-2022-5743

Malicious code in remote-pay-cloud-nodejs-example (npm)

Published Jun 20, 2022
MAL-2022-5758

Malicious code in requirejs-injector (npm)

Published Jun 20, 2022
MAL-2024-11166

Malicious code in eslint-config-sunset-nodejs (npm)

Published Dec 1, 2024
MAL-2024-11186

Malicious code in cdp-agentkit-nodejs (npm)

Published Dec 4, 2024
MAL-2024-12132

Malicious code in zoomapps-texteditor-vuejs (npm)

Published Dec 26, 2024
MAL-2024-12026

Malicious code in pushservicejs (npm)

Published Dec 19, 2024
MAL-2025-2120

Malicious code in organizer-nodejs (npm)

Published Mar 4, 2025
MAL-2024-8060

Malicious code in nodejs-docs-samples-vision (npm)

Published Aug 28, 2024
MAL-2025-2694

Malicious code in nodejs-website (npm)

Published Mar 25, 2025
MAL-2022-7118

Malicious code in wetimejs-twilio-internal (npm)

Published Jul 26, 2022
MAL-2023-1076

Malicious code in wasabi-nodejs (npm)

Published Aug 9, 2023
CVE-2026-22803

@sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata)

Published Jan 15, 2026
MAL-2023-435

Malicious code in fe-core-components-vuejs (npm)

Published Feb 20, 2023
MAL-2022-4423

Malicious code in luhrfzvejsgcakmb (npm)

Published Jul 11, 2022
MAL-2022-5252

Malicious code in paytm-kapacitor-simplejson-datasource (npm)

Published Jun 20, 2022
MAL-2026-2365

Malicious code in env-nodejs (npm)

Published Mar 24, 2026
MAL-2026-406

Malicious code in aws-crt-nodejs (npm)

Published Jan 21, 2026
MAL-2025-192852

Malicious code in polyfill-corejs2 (npm)

Published Dec 23, 2025
MAL-2026-1962

Malicious code in parsejson-pro (npm)

Published Mar 20, 2026
MAL-2026-40

Malicious code in spire.officejs-editors (npm)

Published Jan 5, 2026
Check your entire dependency tree at onceRun dependency scan →