Known Vulnerabilities for products from Nodemailer
Listed below are 3 of the newest known vulnerabilities associated with the vendor "Nodemailer".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-38728 json | Not Provided | 2026-05-15 | 2026-05-15 | |
| CVE-2026-3455 json | Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function du... | Not Provided | 2026-03-03 | 2026-04-29 |
| CVE-2021-23400 json | The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlin... | 8.8 - HIGH | 2021-06-29 | 2021-07-06 |
| CVE-2020-7769 json | This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command f... | 9.8 - CRITICAL | 2020-11-12 | 2021-07-21 |
Known software with vulnerabilities from Nodemailer
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Nodemailer | Nodemailer | 0.1 |