nodebb

16 known vulnerabilities · 5 critical · 1 high

CVE-2023-2850MEDIUM

Unintentional leakage of private information via cross-origin websocket session hijacking

Published Jul 25, 2023

CVE-2015-3296MEDIUM

NodeBB Cross-site Scripting Vulnerability in Markdown Processing

Published May 17, 2022

CVE-2015-9286MEDIUM

Cross-site Scripting in NodeBB

Published May 1, 2019

CVE-2021-43787CRITICAL

XSS via prototype pollution in NodeBB

Published Nov 30, 2021

CVE-2022-36076HIGH

NodeBB account takeover via SSO plugins

Published Sep 16, 2022

CVE-2021-43786CRITICAL

API token verification can be bypassed in NodeBB

Published Nov 30, 2021

CVE-2023-26045CRITICAL

Path traversal and code execution via prototype vulnerability

Published Jul 25, 2023

CVE-2024-57041

NodeBB Cross-site scripting (XSS) vulnerability

Published Jan 24, 2025

CVE-2022-3978MEDIUM

NodeBB vulnerable to Cross-Site Request Forgery

Published Nov 13, 2022

CVE-2024-29316MEDIUM

Incorrect Access Control in NodeBB

Published Mar 29, 2024

CVE-2022-46164CRITICAL

NodeBB vulnerable to account takeover via prototype vulnerability

Published Dec 5, 2022

CVE-2025-50979

NodeBB SQL Injection vulnerability

Published Aug 27, 2025

CVE-2022-36045CRITICAL

Cryptographically weak PRNG in `utils.generateUUID`

Published Aug 30, 2022

CVE-2021-43788MEDIUM

NodeBB vulnerable to path traversal in translator module

Published Nov 30, 2021

MAL-2022-4895

Malicious code in nodebb-theme-opera (npm)

Published Jul 25, 2022

MAL-2023-634

Malicious code in nodebb-plugin-sso-auto-login (npm)

Published Apr 20, 2023

Check your entire dependency tree at onceRun dependency scan →