Vulnerabilities > Nodebb > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-29 | CVE-2023-30591 | Improper Check for Unusual or Exceptional Conditions vulnerability in Nodebb Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively. | 7.5 |
| 2022-09-02 | CVE-2022-36076 | Unspecified vulnerability in Nodebb NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. | 7.5 |
| 2021-11-29 | CVE-2021-43786 | Unspecified vulnerability in Nodebb Nodebb is an open source Node.js based forum software. | 7.5 |
| 2020-08-26 | CVE-2020-15156 | Unspecified vulnerability in Nodebb Blog Comments In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. | 8.1 |