Security Vulnerabilities - CVEs Published In August 2022
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.
CVSS Score
7.5
EPSS Score
0.009
Published
2022-08-02
This affects all versions of package monorepo-build.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-08-02
This affects all versions of package s3-kilatstorage.
CVSS Score
7.2
EPSS Score
0.004
Published
2022-08-02
This affects all versions of package curljs.
CVSS Score
7.3
EPSS Score
0.005
Published
2022-08-02
This affects all versions of package node-latex-pdf.
CVSS Score
7.3
EPSS Score
0.005
Published
2022-08-02
This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.
CVSS Score
9.4
EPSS Score
0.005
Published
2022-08-02
This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.
CVSS Score
9.4
EPSS Score
0.005
Published
2022-08-02
This affects the package image-tiler before 2.0.2.
CVSS Score
9.8
EPSS Score
0.006
Published
2022-08-02
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.
CVSS Score
9.4
EPSS Score
0.005
Published
2022-08-02
The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.
CVSS Score
7.3
EPSS Score
0.043
Published
2022-08-02