Mscdex Ssh2 vulnerabilities
2 known vulnerabilities affecting mscdex/ssh2.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-26301P2CRITICALCVSS 10.0fixed in 1.4.02021-09-20
CVE-2020-26301 [CRITICAL] CWE-78 CVE-2020-26301: ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4
ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.
nvd
CVE-2025-70034P3HIGHCVSS 7.5v1.17.02026-03-09
CVE-2025-70034 [HIGH] CWE-1333 CVE-2025-70034: An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in
An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0.
nvd