VulnerableCode Package Details - pkg:npm/meshcentral@0.6.39

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/meshcentral@0.6.39

Essentials
History (4)

purl	pkg:npm/meshcentral@0.6.39

Next non-vulnerable version	1.1.21
Latest non-vulnerable version	1.1.21
Risk	4.5

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-4hqh-k6cz-ekc5 Aliases: CVE-2023-51842 GHSA-wpxw-5xfm-x22v	An algorithm-downgrade issue was discovered in Ylianst MeshCentral 1.1.16.	1.1.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jx9y-p4mk-h3bh Aliases: CVE-2023-51837 GHSA-8xw6-9h78-c89j	Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.	1.1.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-qkvm-dwnm-t7hr Aliases: CVE-2024-26135 GHSA-cp68-qrhr-g9h8	MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue.	1.1.21 Affected by 0 other vulnerabilities.
VCID-xwy4-x69j-y7g7 Aliases: CVE-2023-51838 GHSA-v269-rrr6-cx6r	Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.	1.1.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:20:45.677807+00:00	GitLab Importer	Affected by	VCID-qkvm-dwnm-t7hr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/meshcentral/CVE-2024-26135.yml	38.6.0
2026-06-12T19:18:28.739561+00:00	GitLab Importer	Affected by	VCID-xwy4-x69j-y7g7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/meshcentral/CVE-2023-51838.yml	38.6.0
2026-06-12T19:18:01.501701+00:00	GitLab Importer	Affected by	VCID-jx9y-p4mk-h3bh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/meshcentral/CVE-2023-51837.yml	38.6.0
2026-06-12T19:17:39.834577+00:00	GitLab Importer	Affected by	VCID-4hqh-k6cz-ekc5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/meshcentral/CVE-2023-51842.yml	38.6.0