is-my-node-vulnerable
This package helps ensure the security of your Node.js installation by checking for known vulnerabilities. It compares the version of Node.js you have installed (process.version) to the Node.js Security Database and alerts you if a vulnerability is found. Usage: npx is-my-node-vulnerable It's strongly recommended to include this as a step in the app CI. Output - When vulnerable: $ node -v v20.3.0 $ npx is-my-node-vulnerable █████ █████ ███ ██ ██████ ███████ ██████ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ███████ ██ ██ ██ ██ ███ █████ ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ██ ██ ██ ████ ██████ ███████ ██ ██ The current Node.js version (v20.3.0) is vulnerable to the following CVEs: CVE-2023-30581: The use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition Patched versions: ^16.20.1 || ^18.16.1 || ^20.3.1 Output - When non-vulnerable: $ node -v v20.11.1 $ npx is-my-node-vulnerable █████ ██ ██ ████
FEATURES
ALTERNATIVES
Open source security auditing tool to search and dump system configuration.
OCaml bindings to the YARA scanning engine for integrating YARA scanning capabilities into OCaml projects
A tool to find and search for registered CVEs, creating a local CVE database for offline use.
Linux privilege escalation auditing tool for detecting security deficiencies in Linux kernels.
A Java based HTTP/HTTPS proxy for assessing web application vulnerability with various useful features.
A free and open-source tool for identifying vulnerabilities in Joomla-based websites.
Platform for users to test cybersecurity skills by exploiting vulnerabilities.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.