Search for packages
| purl | pkg:npm/nodemailer@0.4.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5va3-b6xm-s3dt
Aliases: CVE-2020-7769 GHSA-48ww-j4fc-435p |
Injection Vulnerability Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending emails. |
Affected by 2 other vulnerabilities. |
|
VCID-5w3y-3jd9-tug2
Aliases: GHSA-9h6g-pr28-7cqp GMS-2024-59 |
nodemailer ReDoS when trying to send a specially crafted email A ReDoS vulnerability occurs when nodemailer tries to parse img files with the parameter `attachDataUrls` set, causing the stuck of event loop. Another flaw was found when nodemailer tries to parse an attachments with a embedded file, causing the stuck of event loop. |
Affected by 0 other vulnerabilities. |
|
VCID-ggzv-yq4b-4qdk
Aliases: CVE-2021-23400 GHSA-hwqf-gcqm-7353 |
Injection Vulnerability The package nodemailer is vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T04:33:53.989528+00:00 | GitLab Importer | Affected by | VCID-5w3y-3jd9-tug2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nodemailer/GHSA-9h6g-pr28-7cqp.yml | 38.6.0 |
| 2026-06-06T00:47:17.052761+00:00 | GitLab Importer | Affected by | VCID-ggzv-yq4b-4qdk | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nodemailer/CVE-2021-23400.yml | 38.6.0 |
| 2026-06-04T20:40:56.849517+00:00 | GitLab Importer | Affected by | VCID-5va3-b6xm-s3dt | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nodemailer/CVE-2020-7769.yml | 38.6.0 |