45466 policies in database
Link to program      
2017-12-08
2020-05-07
Node.js third-party modules logo
Thank
Gift
HOF
Reward

Reward

500 $ 

Node.js third-party modules

No technology is perfect, and Node.js believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in a third-party Node.js module, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

If you seek help, please ping us on our public Slack https://nodejs-security- wg.herokuapp.com/ .

Vulnerabilities in Node.js core should be reported via@nodejs

Disclosure Timeline

  • Vulnerability is identified or Disclosed to Node.js Security Team - We will endeavor to keep reporter / finder in the loop with all communications / events.
  • Maintainers are notified if it's not a self disclosure.
  • After a fix is made available, the public advisory is finalized and a CVE assigned.
  • If no fix is available after 45 days, the advisory will timeout and will be made publicly available.

Thank you for helping keep the Node.js ecosystem safe!

In Scope

Scope Type Scope Name
application

yarn

undefined

pino

undefined

fastify

undefined

lodash

undefined

seneca

undefined

gitlabhook

undefined

http_server

undefined

express

undefined

noble

undefined

url-parse

undefined

markdown-pdf

undefined

simplehttpserver

undefined

statics-server

undefined

node-red

undefined

mqtt-packet

undefined

express-cart

undefined

pdf-image

undefined

gatsby-remark-images-contentful

undefined

handlebars

undefined

finalhandler

undefined

atob

undefined

kill-port

undefined

dot

undefined

is-my-json-valid

undefined

pdf-officegen

undefined

node-tar

undefined

smart-extend

undefined

jQuery

undefined

bufferjs

undefined

http-sync

undefined

node-email

undefined

questor

undefined

node-buffer-builder

undefined

atlasboard-atlassian-package

undefined

zlib-browserify

undefined

kramed

undefined

whereis

undefined

merge-deep

undefined

assign-deep

undefined

crud-file-server

undefined

defaults-deep

undefined

bower

undefined

servey

undefined

just-extend

undefined

mpath

undefined

harp

undefined

flatmap-stream

undefined

zombie

undefined

tianma-static

undefined

morgan

undefined

send

undefined

ponse

undefined

node-xlsx

undefined

http-live-simulator

undefined

samlify

undefined

bruteser

undefined

knightjs

undefined

ascii-art

undefined

takeapeek

undefined

apex-publish-static-files

undefined

samsung-remote

undefined

cached-path-relative

undefined

ps

undefined

libnmap

undefined

egg-scripts

undefined

flintcms

undefined

win-spawn

undefined

extend

undefined

sql

undefined

exceljs

undefined

open

undefined

public

undefined

mcstatic

undefined

bracket-template

undefined

augustine

undefined

html-pages

undefined

grunt-serve

undefined

sexstatic

undefined

metascraper

undefined

react-marked-markdown

undefined

macaddress

undefined

base64url

undefined

ua-parser-js

undefined

useragent

undefined

byte

undefined

merge

undefined

njwt

undefined

canvas

undefined

formidable

undefined

command-exists

undefined

memjs

undefined

file-static-server

undefined

utile

undefined

getcookies

undefined

put

undefined

funcster

undefined

cryo

undefined

fs-path

undefined

stringstream

undefined

npmconf

undefined

entitlements

undefined

merge-objects

undefined

merge-options

undefined

merge-recursive

undefined

marked

undefined

deep-extend

undefined

deap

undefined

https-proxy-agent

undefined

typeorm

undefined

sshpk

undefined

protobufjs

undefined

stattic

undefined

resolve-path

undefined

mixin-deep

undefined

rgb2hex

undefined

foreman

undefined

concat-with-sourcemaps

undefined

hoek

undefined

superstatic

undefined

626

undefined

metascrapper

undefined

hekto

undefined

anywhere

undefined

general-file-server

undefined

angular-http-server

undefined

node-srv

undefined

simple-server

undefined

pullit

undefined

scrape-metadata

undefined

glance

undefined

http-proxy-agent

undefined

featurebook

undefined

html-janitor

undefined

lactate

undefined

serve-here

undefined

serve

undefined

multer

undefined

body-parser

undefined

m-server

undefined

pdfinfojs

undefined

buttle

undefined

cloudcmd

undefined

git-dummy-commit

undefined

tree-kill

undefined

express-useragent

undefined

treekill

undefined

node-static

undefined

node-df

undefined

kill-port-process

undefined

fileview

undefined

new-serve

undefined

seeftl

undefined

meta-git

undefined

hexo-admin

undefined

npm-git-publish

undefined

jimp

undefined

jpeg-js

undefined

devcert

undefined

Ghost

undefined

crypto-js

undefined

jison

undefined

logkitty

undefined

react-autolinker-wrapper

undefined

utils-extend

undefined

jsonpointer

undefined

Uppy

undefined

json-bigint

undefined

property-expr

undefined

i18next

undefined

json8-merge-patch

undefined

node-downloader-helper

undefined

json-stable-stringify

web_application

MQTT.js

web_application

node.extend

web_application

reveal.js

web_application

localhost-now

web_application

total.js

web_application

webpack-bundle-analyzer


This program have been found on Hackerone on 2017-12-08.

FireBounty © 2015-2024

Legal notices | Privacy policy