Express / Node.js security posture
Review linked rules in the directory and use Composer to export guardrails for your IDE. Detailed posture metrics will appear here as the catalog grows.
2 linked rules in the directory.
Top risks for this stack
00 critical03 high
body-parser is vulnerable to denial of service when url encoding is usedMEDIUM
Nov 2025
Flagged as mitigated by linked rules — verify in Composer export.
Express ressource injectionMEDIUM
Oct 2024
Flagged as mitigated by linked rules — verify in Composer export.
body-parser vulnerable to denial of service when url encoding is enabledHIGH
Sep 2024
Flagged as mitigated by linked rules — verify in Composer export.
Regular Expression Denial of Service (ReDoS) in lodashMEDIUM
Flagged as mitigated by linked rules — verify in Composer export.
Command Injection in lodashHIGH
Flagged as mitigated by linked rules — verify in Composer export.
jsonwebtoken unrestricted key type could lead to legacy keys usage HIGH
Flagged as mitigated by linked rules — verify in Composer export.
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()MEDIUM
Flagged as mitigated by linked rules — verify in Composer export.
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMACMEDIUM
Flagged as mitigated by linked rules — verify in Composer export.