Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Nodemailer Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7769 1 Nodemailer 1 Nodemailer 2021-07-21 7.5 HIGH 9.8 CRITICAL
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.
CVE-2021-23400 1 Nodemailer 1 Nodemailer 2021-07-06 6.8 MEDIUM 8.8 HIGH
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.