Every CVE whose affected-product data names Openjsf Express, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2022-24999 — CVSS 7.5 (high): qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express…
CVE-2014-6393 — CVSS 6.1 (medium): The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400…
CVE-2024-29041 — CVSS 6.1 (medium): Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are…
CVE-2024-43796 — CVSS 5.0 (medium): Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to…
CVE-2024-10491 — CVSS 4.0 (medium): A vulnerability has been identified in the Express response.links function, allowing for arbitrary resource injection in the Link header…