Every CVE whose affected-product data names Nodered Node-red, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2021-21297 — CVSS 7.7 (high): Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype…
CVE-2019-15607 — CVSS 5.4 (medium): A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of…
CVE-2021-21298 — CVSS 3.5 (low): Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which…