Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • M
Cross-site Scripting (XSS)
express <3.11.0,>=4.0.0 <4.5.0 npm 12 Sep, 2014
  • H
Remote Code Execution (RCE)
mongo-express <0.54.0 npm 16 Oct, 2019
  • H
Denial of Service (DoS)
express-fileupload <1.1.6-alpha.6 npm 22 Oct, 2019
  • H
Arbitrary Code Injection
expressfs * npm 24 Jul, 2019
  • H
Privilege Escalation
express-cart <1.1.6 npm 21 Aug, 2018
  • H
Malicious Package
express-cookies * npm 03 May, 2018
  • H
Arbitrary Code Execution
express-cart <1.1.7 npm 06 Jun, 2018
  • H
Remote Code Execution (RCE)
angular-expressions <1.0.1 npm 26 Jan, 2020
  • H
Private Data Disclosure
express-restify-mongoose < 2.5.0,>= 3.0.0 <3.1.0 npm 22 Jun, 2016
  • H
Prototype Pollution
express-fileupload <1.1.10 npm 30 Jul, 2020
  • H
Improper Authentication
express-laravel-passport * npm 05 Jan, 2020
  • H
Directory Traversal
express-blinker * npm 01 Mar, 2018
  • H
XML External Entity (XXE) Injection
express-saml2 * npm 22 Jan, 2018
  • H
Authorization Bypass
express-jwt <6.0.0 npm 01 Jul, 2020
  • H
SQL Injection
express-cart <1.1.8 npm 26 Sep, 2018
  • M
Authentication Bypass
expressjs-ip-control <1.0.7 npm 16 Nov, 2020
  • M
Filter Bypass
express-validator >=4.2.1 <6.0.0 npm 28 May, 2019
  • M
Cross-site Scripting (XSS)
express-cart * npm 07 Apr, 2019
  • M
Cross-site Scripting (XSS)
express-graphql <0.4.11 >=0.4.0 npm 21 Jun, 2017
  • M
Cross-site Request Forgery (CSRF)
express-cart * npm 21 Jul, 2020
  • M
Rate Limiting Bypass
express-brute * npm 21 Apr, 2019
  • M
Regular Expression Denial of Service (ReDoS)
express-validators * npm 11 Nov, 2020
  • L
Prototype Pollution
express-mock-middleware * npm 01 Apr, 2020
  • L
Timing Attack
express-basic-auth <1.1.7 npm 16 Apr, 2019