Moole Vulnerability Database

Find real vulnerabilities before they ship

High

CVE-2025-63705

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.

VectorNETWORK

PublishedMay 07, 2026, 15:16

Published Bycve@mitre.org

Base Score

Score8.8

Package (Ecosystem)IntroducedFixedLimit

node-ts-ocr(npm)N/AN/AN/A

CWE-78

Base Score

8.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base SeverityHigh

Version

3.1

Attack Vector (AV)

NETWORK