CRITICAL10.0CVE-2023-26045Path traversal and code execution via prototype vulnerability >= 2.5.0, < 2.8.7
CRITICAL9.8CVE-2022-36045Cryptographically weak PRNG in `utils.generateUUID` from 0, < 1.19.8
CRITICAL9.8CVE-2021-43786API token verification can be bypassed in NodeBB >= 1.15.0, < 1.18.5
CRITICAL9.4NodeBB vulnerable to account takeover via prototype vulnerability
from 0, < 2.6.1
CRITICAL9.0XSS via prototype pollution in NodeBB
>= 1.15.0, < 1.18.5
HIGH7.5NodeBB account takeover via SSO plugins
from 0, < 1.17.2
MEDIUM6.3Incorrect Access Control in NodeBB
from 0, < 3.6.7
MEDIUM6.1NodeBB Cross-site Scripting Vulnerability in Markdown Processing
from 0, < 0.70
MEDIUM6.1Cross-site Scripting in NodeBB
from 0, < 0.8.2
MEDIUM5.0NodeBB vulnerable to path traversal in translator module
>= 1.0.4, < 1.18.5
MEDIUM4.7Unintentional leakage of private information via cross-origin websocket session hijacking
>= 3.0.0, < 3.1.3
MEDIUM4.6NodeBB Cross-site scripting (XSS) vulnerability
from 0, < 3.11.1
MEDIUM4.3NodeBB vulnerable to Cross-Site Request Forgery
from 0, < 2.5.8
—NodeBB SQL Injection vulnerability
from 0, <= 4.3.0