VYPR

Nodemailer

by Nodemailer

npm: nodemailer

Source repositories

CVEs (2)

  • CVE-2025-13033HigNov 14, 2025
    risk 0.42cvss 7.5epss 0.01

    A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to…

  • CVE-2025-14874Dec 18, 2025
    risk 0.00cvss epss 0.00

    A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.