OsVault/npm/nodemailer
npm

nodemailer

10 known vulnerabilities · 0 critical · 3 high

GHSA-c7w3-x93f-qmm8

Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

Published Mar 26, 2026
CVE-2020-7769HIGH

Command injection in nodemailer

Published May 10, 2021
CVE-2025-14874

Duplicate Advisory: Nodemailer is vulnerable to DoS through Uncontrolled Recursion

Published Dec 18, 2025
CVE-2025-13033

Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

Published Oct 7, 2025
CVE-2021-23400MEDIUM

Header injection in nodemailer

Published Dec 10, 2021
GHSA-vvjj-xcjg-gr5g

Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

Published Apr 8, 2026
GHSA-rcmh-qjqh-p98v

Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls

Published Dec 1, 2025
CVE-2017-16072HIGH

nodemailer.js is malware

Published Aug 29, 2018
CVE-2017-16071HIGH

nodemailer-js is malware

Published Aug 29, 2018
MAL-2024-11149

Malicious code in noirxnodemailer (npm)

Published Nov 29, 2024
Check your entire dependency tree at onceRun dependency scan →