express-sandbox-code-injection
sandbox
.x-frame-options-misconfiguration
X-Frame-Options
header, there is a risk that software does not properly verify whether or not a browser should be allowed to render a page in an iframe
.require-request
express-data-exfiltration
Object.assign
can cause web response to include data that it should not have or can lead to a mass assignment vulnerability.express-expat-xxe
express-wkhtmltoimage-injection
phantom
methods it can result in Server-Side Request Forgery vulnerabilitiesexpress-wkhtmltopdf-injection
wkhtmltopdf
methods it can result in Server-Side Request Forgery vulnerabilitiesexpress-puppeteer-injection
puppeteer
methods it can result in Server-Side Request Forgery vulnerabilitiescors-misconfiguration
express-xml2json-xxe
express-vm-injection
$VM
.express-jwt-hardcoded-secret
express-phantom-injection
phantom
methods it can result in Server-Side Request Forgery vulnerabilitiesexpress-insecure-template-usage
$REQ
is being compiled into the template, which can lead to a Server Side Template Injection (SSTI) vulnerability.express-vm2-injection
vm2
.