Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

nodemailer

Ecosystem:
npm
Package URL:
pkg:npm/nodemailer
Total PRs:
6,646 Dependabot PRs
Latest PR:
about 12 hours ago
Unique Repositories:
3,703 repositories
Unique Repos (30 days):
191 repositories
Security Advisories
Header injection in nodemailer
GHSA-hwqf-gcqm-7353 CVE-2021-23400 MODERATE published over 4 years ago • updated 4 days ago
The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage return...
Nodemailer’s addressparser is vulnerable to DoS caused by recursive calls
GHSA-rcmh-qjqh-p98v CVE-2025-14874 HIGH published 6 months ago • updated about 17 hours ago
### Summary A DoS can occur that immediately halts the system due to the use of an unsafe function. ### Details According to **RFC 5322**, nested ...
Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict
GHSA-mm7p-fcc7-pg87 CVE-2025-13033 MODERATE published 8 months ago • updated 7 days ago
The email parsing library incorrectly handles quoted local-parts containing @. This leads to misrouting of email recipients, where the parser extra...
Command injection in nodemailer
GHSA-48ww-j4fc-435p CVE-2020-7769 CRITICAL published about 5 years ago • updated 4 days ago
This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendm...
Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter
GHSA-c7w3-x93f-qmm8 LOW published 2 months ago • updated 12 days ago
### Summary When a custom `envelope` object is passed to `sendMail()` with a `size` property containing CRLF characters (`\r\n`), the value is conc...
View all 7 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
chore(deps): bump the npm-dependencies group across 1 directory with 89 updates

Wr3ckage7719/MabiniLMS #180

8.0.4 → 8.0.10 Patch PR
Open about 12 hours ago 2 comments
Wr3ckage7719
chore(deps): Bump the production-other group across 1 directory with 22 updates

junnv93/equipment_management_system #247

8.0.5 → 8.0.10 Patch PR
Open about 13 hours ago 1 comment
junnv93
chore(deps)(deps): bump nodemailer from 8.0.8 to 8.0.10 in /apps/api in the email group

M1HUEL/ecommerce #15

8.0.8 → 8.0.10 Patch PR
Open about 16 hours ago 1 comment
M1HUEL
chore(deps): bump the production-dependencies group across 1 directory with 32 updates

buggyblues/shadow #365

8.0.7 → 8.0.10 Patch PR
Open 2 days ago 4 comments
buggyblues
Bump the minor-and-patch group across 1 directory with 29 updates

Jobways03/SPORTSMART_OFFICIAL_MM #34

8.0.3 → 8.0.10 Patch PR
Open 4 days ago 1 comment
Jobways03
Bump the prod-patch-updates group across 1 directory with 5 updates

marcschaeferger-org/pangolin #87

8.0.9 → 8.0.10 Patch PR
Closed 5 days ago 1 comment
marcschaeferger-org
deps(deps): bump the production-patch group with 3 updates

grcengineering/gigachad-grc #332

8.0.7 → 8.0.10 Patch PR
Open 6 days ago 2 comments
grcengineering
deps(deps): bump the patch-minor group across 1 directory with 29 updates

idolrun/expenso #26

8.0.5 → 8.0.10 Patch PR
Open 6 days ago 1 comment
idolrun
chore(deps)(deps): bump nodemailer and @types/nodemailer

DilipViharika/PostgresTool #19

8.0.7 → 8.0.10 Patch PR
Open 6 days ago 2 comments
DilipViharika
chore(deps): bump the production-dependencies group across 1 directory with 38 updates

leonardoschool/leonardoschool #64

8.0.7 → 8.0.10 Patch PR
Open 7 days ago 2 comments
leonardoschool
chore(deps): bump the patch-production group with 10 updates

HeadySystems/heady-ai #168

8.0.4 → 8.0.10 Patch PR
Closed 7 days ago 1 comment
HeadySystems
build(deps): Bump the production-dependencies group with 10 updates

Kha-kis/arr-dashboard #488

8.0.9 → 8.0.10 Patch PR
Closed 7 days ago 1 comment
Kha-kis
chore(deps)(deps): Bump the production-minor-patch group with 10 updates

tobias363/Spillorama-system #2307

8.0.5 → 8.0.10 Patch PR
Open 7 days ago 4 comments
tobias363
chore(deps)(deps): Bump the backend-prod-minor-patch group in /apps/backend with 5 updates

tobias363/Spillorama-system #2304

8.0.5 → 8.0.10 Patch PR
Closed 7 days ago 7 comments
tobias363
chore(deps): bump the production-minor group across 1 directory with 36 updates

sinyuor3sad-code/servix #33

8.0.4 → 8.0.10 Patch PR
Open 7 days ago 1 comment
sinyuor3sad-code
chore(deps)(deps): bump the backend-production group in /backend with 6 updates

beydemirfurkan/tweetly #107

8.0.8 → 8.0.10 Patch PR
Closed 7 days ago 1 comment
beydemirfurkan
Bump the dev-deps group with 5 updates

aswer18400/QXwap #266

8.0.7 → 8.0.10 Patch PR
Open 8 days ago 4 comments
aswer18400
chore(deps): bump nodemailer from 8.0.9 to 8.0.10 in /backend

ringku1/bloodbridge-bd #82

8.0.9 → 8.0.10 Patch PR
Open 8 days ago 2 comments
ringku1
build(deps): bump the production-dependencies group across 1 directory with 17 updates

leego972/virellestudios #39

8.0.7 → 8.0.10 Patch PR
Open 8 days ago 1 comment
leego972
chore(deps): bump the prod-dependencies group across 1 directory with 8 updates

azmarifdev/Next.js-Boilerplate-PostgresQL-Drizzle #201

8.0.7 → 8.0.10 Patch PR
Open 8 days ago 1 comment
azmarifdev
chore(deps)(deps): Bump nodemailer from 8.0.9 to 8.0.10

raychiutw/trip-planner #911

8.0.9 → 8.0.10 Patch PR
Closed 8 days ago 2 comments
raychiutw
chore(deps)(deps): bump the production-deps group across 1 directory with 10 updates

2001leety-code/cocotrip-source- #744

8.0.7 → 8.0.10 Patch PR
Open 8 days ago 2 comments
2001leety-code
chore(deps): Bump the minor-and-patch group across 1 directory with 10 updates

bwyard/artist-platform #182

8.0.9 → 8.0.10 Patch PR
Closed 8 days ago 1 comment
bwyard
chore(deps): bump the npm-production group across 1 directory with 16 updates

interdomestik/interdomestik #875

8.0.7 → 8.0.10 Patch PR
Open 8 days ago 2 comments
interdomestik
chore(deps): bump the production-dependencies group across 1 directory with 13 updates

buggyblues/shadow #331

8.0.7 → 8.0.10 Patch PR
Open 9 days ago 3 comments
buggyblues
chore(deps): bump the production-minor-patch group across 1 directory with 6 updates

Dhanush1376/EventDecor #19

8.0.7 → 8.0.10 Patch PR
Closed 9 days ago 3 comments
Dhanush1376
chore(deps)(deps): bump the all-minor-patch group in /backend with 22 updates

Makaly/claimsflow #43

8.0.7 → 8.0.10 Patch PR
Open 9 days ago 1 comment
Makaly
chore: bump the misc group across 1 directory with 41 updates

jon-aiken/stella #24

8.0.7 → 8.0.8 Patch PR
Open 9 days ago 1 comment
jon-aiken
Bump nodemailer from 8.0.9 to 8.0.10

monahand1023/online-storefront #18

8.0.9 → 8.0.10 Patch PR
Open 9 days ago 1 comment
monahand1023
chore(deps): bump nodemailer from 8.0.7 to 8.0.10 in /backend

almashooq1/alawael-erp #186

8.0.7 → 8.0.10 Patch PR
Open 10 days ago 1 comment
almashooq1
Bump nodemailer from 8.0.9 to 8.0.10

bell-kevin/kevinBell-A.i. #110

8.0.9 → 8.0.10 Patch PR
Open 10 days ago 1 comment
bell-kevin
chore(deps): bump nodemailer from 8.0.7 to 8.0.10

energychain/cernion-energy-tools #159

8.0.7 → 8.0.10 Patch PR
Open 10 days ago 3 comments
energychain
chore(deps): bump nodemailer from 8.0.7 to 8.0.10 in /src

superneko160/mysite #255

8.0.7 → 8.0.10 Patch PR
Open 10 days ago 1 comment
superneko160
chore(deps): bump the production-dependencies group across 1 directory with 30 updates

mirumee/nimara-ecommerce #663

8.0.2 → 8.0.9 Patch PR
Open 12 days ago 1 comment
mirumee
chore(deps): bump the all-non-major group across 6 directories with 26 updates

strataljs/stratal #200

8.0.7 → 8.0.8 Patch PR
Closed 13 days ago 1 comment
strataljs
chore(deps): bump nodemailer from 8.0.7 to 8.0.8 in /server

hitesh-kumar123/Travel-Plans- #293

8.0.7 → 8.0.8 Patch PR
Closed 13 days ago 3 comments
hitesh-kumar123
chore(deps): Bump the npm-minor-patch group in /backend with 6 updates

projectachilles/ProjectAchilles #272

8.0.7 → 8.0.8 Patch PR
Open 13 days ago 2 comments
projectachilles
chore(deps): bump the core-dependencies group across 1 directory with 26 updates

footnote-ai/footnote #400

8.0.7 → 8.0.8 Patch PR
Closed 14 days ago 1 comment
footnote-ai
build(deps): Bump the production-deps group across 1 directory with 15 updates

RocketBus/iris #64

8.0.7 → 8.0.8 Patch PR
Open 14 days ago 2 comments
RocketBus
chore(deps): bump the minor-and-patch group with 3 updates

Yambr/openwhispr-server #30

8.0.7 → 8.0.8 Patch PR
Open 14 days ago 1 comment
Yambr
chore(deps): bump the dependencies group across 1 directory with 38 updates

teacoder-team/backend #114

8.0.5 → 8.0.8 Patch PR
Closed 14 days ago 1 comment
teacoder-team
Bump the production-dependencies group across 1 directory with 37 updates

JulioCout/safe-balance #9

8.0.7 → 8.0.8 Patch PR
Open 14 days ago 1 comment
JulioCout
build(deps): bump nodemailer from 8.0.7 to 8.0.8

OpenArchitex/Caerus #391

8.0.7 → 8.0.8 Patch PR
Closed 14 days ago 1 comment
OpenArchitex
deps: bump the minor-and-patch group across 1 directory with 5 updates

seanyates76/Ez-Quiz-App #53

8.0.4 → 8.0.8 Patch PR
Open 14 days ago 1 comment
seanyates76
deps(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates

JSB2010/jacobbarkin.com #182

8.0.7 → 8.0.8 Patch PR
Open 14 days ago 4 comments
JSB2010
chore(deps): bump the prod-dependencies group across 1 directory with 21 updates

anomalousventures/democracy-direct #205

8.0.2 → 8.0.8 Patch PR
Open 14 days ago 3 comments
anomalousventures
chore(deps): bump the minor-and-patch group across 1 directory with 20 updates

HugoJunioor/FlowDesk #119

8.0.7 → 8.0.8 Patch PR
Open 14 days ago 2 comments
HugoJunioor
Bump the backend-minor-and-patch group with 3 updates

bridgeinpt/bridgeport #122

8.0.7 → 8.0.8 Patch PR
Closed 14 days ago 2 comments
bridgeinpt
chore(deps): bump the production-dependencies group with 25 updates

Vayva-Tech/vayva #36

8.0.7 → 8.0.8 Patch PR
Closed 14 days ago 1 comment
Vayva-Tech
chore(deps): bump the production-dependencies group across 1 directory with 30 updates

maniczko/audioRecorder #919

8.0.5 → 8.0.8 Patch PR
Open 14 days ago 4 comments
maniczko
Package Details
Name: nodemailer
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/nodemailer
JSON API: View JSON
Security Advisories

7

Active advisories
CRITICAL 1
HIGH 1
MODERATE 4
LOW 1
View All npm Advisories
Package Information
Description:

Easy as cake e-mail sending from your Node.js applications

Repository: https://github.com/nodemailer/nodemailer
Homepage: https://nodemailer.com/
Latest Release: 7.0.3
about 1 year ago
Dependent Repos: 214,737
Dependent Packages: 5,947
Downloads: 23,450,333
Ranking: Top 0.071% by dependent repos Top 0.0746% by downloads Top 0.015% by dependent pkgs
PR Status
Open 3,640 (54.8%)
Merged 314 (4.7%)
Closed 2,477 (37.3%)
PR Types
Major 3,762 (56.6%)
Minor 127 (1.9%)
Patch 2,484 (37.4%)
Removal 58 (0.9%)