Xmlhttprequest-ssl Project Xmlhttprequest-ssl — known CVE vulnerabilities
Every CVE whose affected-product data names Xmlhttprequest-ssl Project Xmlhttprequest-ssl, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (1)
CVE-2021-31597 — CVSS 9.4 (critical): The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when…