Package impact
npm / nodemailer
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13033 | high | 7.5 | 7.5 | 7mo ago | A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient addres… | |||
| CVE-2025-14874 | unknown | — | — | 5mo ago | A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser. | |||
| CVE-2021-23400 | unknown | — | — | 5y ago | The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. | |||
| CVE-2020-7769 | unknown | — | — | 5y ago | This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. |