pkg:npm/nodebb

14 total CVEsCRITICAL5HIGH1MEDIUM7

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2023-26045Path traversal and code execution via prototype vulnerability
    >= 2.5.0, < 2.8.7
  • CRITICAL9.8CVE-2022-36045Cryptographically weak PRNG in `utils.generateUUID`
    from 0, < 1.19.8
  • CRITICAL9.8CVE-2021-43786API token verification can be bypassed in NodeBB
    >= 1.15.0, < 1.18.5
  • CRITICAL9.4CVE-2022-46164NodeBB vulnerable to account takeover via prototype vulnerability
    from 0, < 2.6.1
  • CRITICAL9.0CVE-2021-43787XSS via prototype pollution in NodeBB
    >= 1.15.0, < 1.18.5
  • HIGH7.5CVE-2022-36076NodeBB account takeover via SSO plugins
    from 0, < 1.17.2
  • MEDIUM6.3CVE-2024-29316Incorrect Access Control in NodeBB
    from 0, < 3.6.7
  • MEDIUM6.1CVE-2015-3296NodeBB Cross-site Scripting Vulnerability in Markdown Processing
    from 0, < 0.70
  • MEDIUM6.1CVE-2015-9286Cross-site Scripting in NodeBB
    from 0, < 0.8.2
  • MEDIUM5.0CVE-2021-43788NodeBB vulnerable to path traversal in translator module
    >= 1.0.4, < 1.18.5
  • MEDIUM4.7CVE-2023-2850Unintentional leakage of private information via cross-origin websocket session hijacking
    >= 3.0.0, < 3.1.3
  • MEDIUM4.6CVE-2024-57041NodeBB Cross-site scripting (XSS) vulnerability
    from 0, < 3.11.1
  • MEDIUM4.3CVE-2022-3978NodeBB vulnerable to Cross-Site Request Forgery
    from 0, < 2.5.8
  • CVE-2025-50979NodeBB SQL Injection vulnerability
    from 0, <= 4.3.0