Nodemailer
by Nodemailer
npm: nodemailer
Source repositories
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-13033 | Hig | 0.42 | 7.5 | 0.01 | Nov 14, 2025 | A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to… | ||
| CVE-2025-14874 | 0.00 | — | 0.00 | Dec 18, 2025 | A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser. |
- risk 0.42cvss 7.5epss 0.01
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to…
- CVE-2025-14874Dec 18, 2025risk 0.00cvss —epss 0.00
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.