nodemailer vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-P6GQ-J5CR-W38FHighnodemailer: Nodemailer: Message-level raw option bypasses disableFileAccess/disableUrlAccess, enabling arbitrary file read and full-response SSRF in…GHSA-268H-HP4C-CRQ3Mediumnodemailer: Nodemailer: CRLF injection in Nodemailer List-* header comments allows arbitrary message header injectionGHSA-WQVQ-JVPQ-H66FMediumnodemailer: Nodemailer jsonTransport bypasses disableFileAccess and disableUrlAccess during message normalizationGHSA-R7G4-QG5F-QQM2Mediumnodemailer: Nodemailer: Improper TLS Certificate Validation in OAuth2 Token Fetch Enables Credential InterceptionGHSA-VVJJ-XCJG-GR5GMediumnodemailer: Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO) GHSA-C7W3-X93F-QMM8Lownodemailer: Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameterCVE-2025-14874Highnodemailer: Nodemailer’s addressparser is vulnerable to DoS caused by recursive callsCVE-2025-13033Mediumnodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation ConflictGHSA-9H6G-PR28-7CQPMediumnodemailer: nodemailer ReDoS when trying to send a specially crafted emailCVE-2021-23400Mediumnodemailer: Header injection in nodemailerCVE-2020-7769Criticalnodemailer: Command injection in nodemailer

Stop the waste.
Protect your environment with Kodem.