BETAmodules.com is in beta — open to partnerships & joint ventures.Build with us
modules.com
⌘K

nodebb

v1.4.0npm· JavaScript

NodeBB Forum

The verdict
Has 9 high-severity advisories. Verify a patched version exists before using. Check the OSV link for the fixed-in version.
Check the OSV link for the fixed-in version.
Live from the npm registry · derived rules, not AI
How it scores
MaintenanceAbandoned
PopularityUnknown
Security9 advisories
LicenseCopyleft
DepsHeavy
Maintenance
Last published 9 years ago.
Popularity
Download count unavailable.
Security
9 known advisories (worst: high severity).
License
GPL-3.0
Dependencies
76 direct dependencies
Security advisories
Live from OSV.dev · cached 24h
  • HIGH
    Cryptographically weak PRNG in `utils.generateUUID`
    GHSA-p4cc-w597-6cpm Fixed in 1.19.8Published 2022-08-30
  • HIGH
    NodeBB vulnerable to account takeover via prototype vulnerability
    GHSA-rf3g-v8p5-p675 Fixed in 2.6.1Published 2022-12-05
  • HIGH
    NodeBB SQL Injection vulnerability
    GHSA-rfh2-8vxq-jqr8 Published 2025-08-27
  • HIGH
    NodeBB account takeover via SSO plugins
    GHSA-xmgg-fx9p-prq6 Fixed in 1.17.2Published 2022-09-16
  • MEDIUM
    Unintentional leakage of private information via cross-origin websocket session hijacking
    GHSA-4qcv-qf38-5j3j Fixed in 3.1.3Published 2023-07-25
  • MEDIUM
    NodeBB vulnerable to Cross-Site Request Forgery
    GHSA-5gwx-wf9g-r5mx Fixed in 2.5.8Published 2022-11-13
  • MEDIUM
    NodeBB vulnerable to path traversal in translator module
    GHSA-pfj7-2qfw-vwgm Fixed in 1.18.5Published 2021-11-30
  • MEDIUM
    Incorrect Access Control in NodeBB
    GHSA-qc99-r4wh-c8h6 Fixed in 3.6.7Published 2024-03-29
  • MEDIUM
    NodeBB Cross-site scripting (XSS) vulnerability
    GHSA-vqr3-vrrg-f3jh Fixed in 3.11.1Published 2025-01-24
Recent releases
  • 1.4.09 years ago
  • 0.8.210 years ago
  • 0.7.011 years ago
  • 0.6.111 years ago
  • 0.6.1-dev11 years ago
  • 0.4.311 years ago