Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1naGdxLXg2d2MtNmpyNc4AA9-w
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
Ecosystems: npm
Packages: @zowe/cli
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 5 days ago
High
GSA_kwCzR0hTQS1oM3BxLTY2N3gtcjc4Oc4AA95v
Plate media plugins has a XSS in media embed element when using custom URL parsers
Ecosystems: npm
Packages: @udecode/plate-media
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 7 days ago
Low
GSA_kwCzR0hTQS0zNDJxLTJtYzItNWdtcM4AA95a
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Ecosystems: npm
Packages: @jmondi/url-to-png
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS12dm12LXdydnAtOWdqcs4AA95Z
@jmondi/url-to-png contains a Path Traversal vulnerability
Ecosystems: npm
Packages: @jmondi/url-to-png
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1mcTU0LTJqNTItamM0Ms4AA9w6
Next.js Denial of Service (DoS) condition
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 12 days ago
High
GSA_kwCzR0hTQS13eHIzLTJoZ3YtcW04Zs4AA9wU
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
Ecosystems: npm
Packages: node-twain
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
High
GSA_kwCzR0hTQS13NWZjLWdqM2gtMjZyeM4AA9wS
speaker vulnerable to Denial of Service
Ecosystems: npm
Packages: speaker
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 13 days ago
High
GSA_kwCzR0hTQS1nNTMzLXhxNXctam1mM84AA9wP
node-stringbuilder vulnerable to Out-of-bounds Read
Ecosystems: npm
Packages: node-stringbuilder
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 13 days ago
High
GSA_kwCzR0hTQS12anB2LXg4cDktN3A4Nc4AA9wM
images vulnerable to Denial of Service
Ecosystems: npm
Packages: images
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 13 days ago
High
GSA_kwCzR0hTQS00M3dxLXhyY20tM3Zncs4AA9wO
@discordjs/opus vulnerable to Denial of Service
Ecosystems: npm
Packages: @discordjs/opus
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 13 days ago
High
GSA_kwCzR0hTQS03dmhtLWZtcGgtN3d4d84AA9wN
audify vulnerable to Improper Validation of Array Index
Ecosystems: npm
Packages: audify
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 13 days ago
High
GSA_kwCzR0hTQS05anhjLXFqcjktdmp4cc4AA9rr
electron-updater Code Signing Bypass on Windows
Ecosystems: npm
Packages: electron-updater
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: 13 days ago
Low
GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 13 days ago
High
GSA_kwCzR0hTQS1qZ2Y0LXZ3YzMtcjQ2ds4AA9oh
Directus Allows Single Sign-On User Enumeration
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS03aG1oLXBmcnAtdmN4NM4AA9og
Directus GraphQL Field Duplication Denial of Service (DoS)
Ecosystems: npm
Packages: @directus/env
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1oeGdtLWdobXYteGpqbc4AA9oe
Directus incorrectly handles `_in` filter
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS04cDcyLXJjcTQtaDZwd84AA9n5
Directus Blind SSRF On File Import
Ecosystems: npm
Packages: @directus/api
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 14 days ago
High
GSA_kwCzR0hTQS1wOWNnLXZxY2MtZ3JjeM4AA9m5
Server Side Request Forgery (SSRF) attack in Fedify
Ecosystems: npm
Packages: @fedify/fedify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS13OW1oLTV4OGotOTc1NM4AA9m2
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
Critical
GSA_kwCzR0hTQS01ZjR4LWh3djItdzl3Ms4AA9l_
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Ecosystems: npm
Packages: hfs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 18 days ago
Critical
GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS13aHB4LWc1NDItN2M3ds4AA9b8
@cat5th/key-serializer Prototype Pollution vulnerability
Ecosystems: npm
Packages: @cat5th/key-serializer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
High
GSA_kwCzR0hTQS0zcTU2LTljYzItNDZqNM4AA9bz
robinweser fast-loops vulnerable to prototype pollution
Ecosystems: npm
Packages: fast-loops
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS0zMjhwLTM2MmctcjQ4as4AA9b3
ag-grid packages vulnerable to Prototype Pollution
Ecosystems: npm
Packages: ag-grid-enterprise, ag-grid-community, @ag-grid-enterprise/charts
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: 21 days ago
High
GSA_kwCzR0hTQS14M20zLTR3cHYtNXZnY84AA9bx
jrburke requirejs vulnerable to prototype pollution
Ecosystems: npm
Packages: requirejs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Critical
GSA_kwCzR0hTQS04NzZwLWM3N20teDJoY84AA9bu
Prototype pollution in ag-grid-community via the _.mergeDeep function
Ecosystems: npm
Packages: ag-grid-community, ag-grid-enterprise
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS04OHZyLWhqcXgtNTdxaM4AA9bv
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
Ecosystems: npm
Packages: @adolph_dudu/ratio-swiper
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS13NTh2LXIzY3AtcXI5M84AA9bt
@amoy/common v was discovered to contain a prototype pollution via the function extend
Ecosystems: npm
Packages: @amoy/common
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 21 days ago
High
GSA_kwCzR0hTQS1naDR4LXF2M3AtbTlwbc4AA9bq
akbr patch-into was discovered to contain a prototype pollution via the function patchInto
Ecosystems: npm
Packages: @akbr/patch-into
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1nYzdtLTU5NmgteDU3cs4AA9br
frappejs was discovered to contain a prototype pollution via the function registerView
Ecosystems: npm
Packages: @airvertco/frappejs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS12ZzZ2LWpjZzMtNW1wN84AA9bm
@aofl/cli-lib Prototype Pollution vulnerability
Ecosystems: npm
Packages: @aofl/cli-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1tcDNnLXZwbTktOXZxds4AA9Xz
@fastly/js-compute has a use-after-free in some host call implementations
Ecosystems: npm
Packages: @fastly/js-compute
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1xNnh2LWptNHYtMzQ5aM4AA9Xx
Cross-site Scripting in ZenUML
Ecosystems: npm
Packages: @zenuml/core
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS05aGN2LWo5cHYtcW1waM4AA9LE
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Ecosystems: pypi, packagist, nuget, npm
Packages: django-tinymce, tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13OWp4LTRnNmctcnA3eM4AA9LD
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Ecosystems: pypi, packagist, nuget, npm
Packages: django-tinymce, tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yNWhjLXFjZzYtMzh3as4AA9LC
socket.io has an unhandled 'error' event
Ecosystems: npm
Packages: socket.io
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wMzZyLXF4Z3gtanEyds4AA9I3
Lobe Chat API Key Leak
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zaDV2LXE5M2MtNmg2cc4AA9Ij
ws affected by a DoS when handling a request with many HTTP headers
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tajRwLWdtaHItOTJnM84AA9IS
@akbr/update Prototype Pollution
Ecosystems: npm
Packages: @akbr/update
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xajg2LXY2bTctNHF2Ms4AA9Ii
Object Resolver Prototype Pollution
Ecosystems: npm
Packages: @apphp/object-resolver
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qOHB4LXBqbXAtMzI1Zs4AA9IZ
flatten-json Prototype Pollution
Ecosystems: npm
Packages: @allanlancioni/flatten-json
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qajU4LTQ4OHYtNHJnZs4AA9Id
obx Prototype Pollution
Ecosystems: npm
Packages: @almela/obx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00eGczLTd3N3EtODU2cc4AA9IO
object-deep-assign Prototype Pollution
Ecosystems: npm
Packages: @alexbinary/object-deep-assign
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02OXIyLTJmZzctN2hmOc4AA9IR
Badger Database Prototype Pollution
Ecosystems: npm
Packages: @abw/badger-database
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mZzUyLTVqamotMjhoN84AA9IK
@cdr0/sg Prototype Pollution
Ecosystems: npm
Packages: @cdr0/sg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14Z3FtLXdwN3ctbWdnMs4AA9GA
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1odnhnLTc3bWctdnJ2cM4AA9GC
Mattermost Desktop App Remote Code Execution
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Ecosystems: npm
Packages: @strapi/plugin-upload
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 1 month ago
Low
GSA_kwCzR0hTQS02ajg5LWZyeGMtcTI2bc4AA8_C
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jYzU1LW12cWMtZzltZ84AA8-u
SummerNote Cross Site Scripting Vulnerability
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tNXZ2LTZyNGgtM3ZqOc4AA88w
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Ecosystems: nuget, maven, npm, go, pypi
Packages: Microsoft.Identity.Client, com.microsoft.azure:msal4j, @azure/msal-node, Azure.Identity, github.com/Azure/azure-sdk-for-go/sdk/azidentity, com.azure:azure-identity, @azure/identity, azure-identity
Source: GitHub Advisory Database
Blast Radius: 78.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03djV2LTloNjMtY2o4Ns4AA85H
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Ecosystems: npm
Packages: @grpc/grpc-js
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS12dmhqLXY4OGYtNWd4cs4AA85G
ghtml Cross-Site Scripting (XSS) vulnerability
Ecosystems: npm
Packages: ghtml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13NXhtLW14NDctdjdjOM4AA81m
lunary-ai/lunary allows users unauthorized access to projects
Ecosystems: npm
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13am1qLWgzeGMtaHhwOM4AA8x-
Generation of Error Message Containing Sensitive Information in zsa
Ecosystems: npm
Packages: zsa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1ycHg4LWZnNnctcm02eM4AA8xQ
lunary-ai/lunary XSS in SAML metadata endpoint
Ecosystems: npm
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02NjV3LW13cnItNzdxM84AA8tx
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
Ecosystems: npm
Packages: @jmondi/url-to-png
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS04NzhoLXJxY3EtbXYzeM4AA8s7
Jan path traversal vulnerability
Ecosystems: npm
Packages: @janhq/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xZmpoLW12cTYtYzVwOM4AA8s6
Jan path traversal vulnerability
Ecosystems: npm
Packages: @janhq/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS01anFjLXFqNTctNGhyY84AA8s5
Jan path traversal vulnerability
Ecosystems: npm
Packages: @janhq/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS02MzJwLXA0OTUtMjVtNc4AA8sw
Directus is soft-locked by providing a string value to random string util
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS05cDZwLTh2OXItOGM5bc4AA8sB
javascript-deobfuscator crafted payload can lead to code execution
Ecosystems: npm
Packages: js-deobfuscator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0ycDU3LXJtOXctZ3ZmcM4AA8mQ
ip SSRF improper categorization in isPublic
Ecosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05aGZ3LWN2ZjQtNXgyNc4AA8lJ
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function
Ecosystems: npm
Packages: @wangeditor/editor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wbWgyLXdwam0tZmo0Nc4AA8kH
mysql2 vulnerable to Prototype Pollution
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0ycWpwLWZnOGMtZzg3OM4AA8iS
vxe-table Cross-site Scripting vulnerability
Ecosystems: npm
Packages: vxe-table
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zOTY1LWhweDItcTU5N84AA8iR
Pug allows JavaScript code execution if an application accepts untrusted input
Ecosystems: npm
Packages: pug, pug-code-gen
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS14Z3doLWNndjktNzgzds4AA8f0
Ghost allows CSV Injection during member CSV export
Ecosystems: npm
Packages: @tryghost/members-csv
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 2 months ago
High
GSA_kwCzR0hTQS1wajI3LTJ4dnAtNHF4Z84AA8aZ
@fastify/session reuses destroyed session cookie
Ecosystems: npm
Packages: @fastify/session
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04dnI0LWg0cnItOHBoNs4AA8WB
MiguelCastillo @bit/loader Prototype Pollution issue
Ecosystems: npm
Packages: @bit/loader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS01Zjk3LWgyYzItODI2cc4AA8WE
json-schema-ref-parser Prototype Pollution issue
Ecosystems: npm
Packages: @apidevtools/json-schema-ref-parser
Source: GitHub Advisory Database
Blast Radius: 36.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1nM3EyLXZjanEtcmdyY84AA8V-
Blackprint @blackprint/engine Prototype Pollution issue
Ecosystems: npm
Packages: @blackprint/engine
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01aDV2LWh3NDQtZjZnZ84AA8EM
Oceanic allows unsanitized user input to lead to path traversal in URLs
Ecosystems: npm
Packages: oceanic.js
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05M3BmLW1yYzgtNGczaM4AA8C-
Konga is vulnerable to Cross Site Scripting (XSS) attacks
Ecosystems: npm
Packages: kongadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1ncnY3LWZnNWMteG1qZ84AA7_S
Uncontrolled resource consumption in braces
Ecosystems: npm
Packages: braces
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nNjVoLTM1ZjMteDJ3M84AA74v
Directus Lacks Session Tokens Invalidation
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 2 months ago
High
GSA_kwCzR0hTQS1oNnI0LXh2dzYtamM1aM4AA74t
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wOHYzLW02NDMtNHhxeM4AA74s
Directus allows redacted data extraction on the API through "alias"
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04ZnhnLW1yMzQtanFyOM4AA74r
NocoDB SQL Injection vulnerability
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xZzczLWczY2YtdmhoaM4AA74q
NocoDB Allows Preview of Files with Dangerous Content
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS14Y3A0LTYydmotY3Ezcs4AA74o
@valtimo/components exposes access token to form.io
Ecosystems: npm
Packages: @valtimo/components
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1teGhxLXh3M2ctcnBoY84AA74V
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1nNDlxLWp3NDItNng4Nc4AA74Q
thelounge may publicly disclose of all usernames/idents via port 113
Ecosystems: npm
Packages: thelounge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1mcjVoLXJxcDgtbWo2Z84AA74P
Next.js Server-Side Request Forgery in Server Actions
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 2 months ago
High
GSA_kwCzR0hTQS03N3I1LWd3M2otMm1wZs4AA74O
Next.js Vulnerable to HTTP Request Smuggling
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 2 months ago
High
GSA_kwCzR0hTQS0zOGdmLXJoMnctZ21qN84AA74H
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: npm
Packages: @cyclonedx/cyclonedx-library
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xanFwLXhyOTYtY2o5Oc4AA70j
Trix Editor Arbitrary Code Execution Vulnerability
Ecosystems: rubygems, npm
Packages: actiontext, trix
Source: GitHub Advisory Database
Blast Radius: 44.9
Published: 3 months ago
High
GSA_kwCzR0hTQS04N2hxLXE0Z3AtOXdyNM4AA70i
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
Ecosystems: npm
Packages: react-pdf
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 3 months ago
High
GSA_kwCzR0hTQS13Z3JtLTY3eGYtaGhwcc4AA7z7
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
Ecosystems: npm
Packages: pdfjs-dist
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oZnJ2LWgzcTgtOWpwcs4AA7v7
kurwov vulnerable to Denial of Service due to improper data sanitization
Ecosystems: npm
Packages: kurwov
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tNWpmLThjcm0tcjY1bc4AA7ve
Vditor allows Cross-site Scripting via an attribute of an `A` element
Ecosystems: npm
Packages: vditor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1tanI0LTd4ZzUtcGZ2aM4AA7ir
libxmljs2 type confusion vulnerability when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs2
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 3 months ago
High
GSA_kwCzR0hTQS03OGgzLXBnNHgtajhjds4AA7ij
libxmljs vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs2
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1tZzQ5LWpxZ3ctZ2NqNs4AA7ii
libxmljs vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 3 months ago
High
GSA_kwCzR0hTQS02NDMzLXg1cDQtOGpjN84AA7ih
libxmljs vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1yY20yLTIyZjMtcHF2M84AA7fu
Firebase vulnerable to CRSF attack
Ecosystems: npm
Packages: firebase-tools
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1yNHE5LXh4NWctajI0cM4AA7es
s3-url-parser vulnerable to Denial of Service via regexes component
Ecosystems: npm
Packages: s3-url-parser
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 3 months ago
Critical
GSA_kwCzR0hTQS0yeHAzLTU3cDctcWY0ds4AA7eK
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Ecosystems: npm
Packages: xml-crypto
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: 3 months ago
High
GSA_kwCzR0hTQS03Z3J4LWY5NDUtbWo5Ns4AA7cr
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Statistics
Advisories: 19,557
Packages: 8,629
Repositories: 1,426
Ecosystems: 12
Filter by Package
parse-server 30 electron 26 @openzeppelin/contracts-upgradeable 21 directus 21 @openzeppelin/contracts 20 tinymce 16 sequelize 16 next 16 ghost 14 swagger-ui 14 joplin 13 undici 13 strapi 13 ckeditor4 13 vm2 12 angular 11 TinyMCE 11 handlebars 11 tinymce/tinymce 11 marked 11 nodebb 11 nocodb 10 serve 9 @evershop/evershop 9 next-auth 9 node-forge 8 urijs 8 steal 8 bootstrap 8 tar 8 express-cart 8 jsrsasign 8 url-parse 8 matrix-appservice-irc 8 npm 8 matrix-js-sdk 8 validator 8 @strapi/strapi 8 org.webjars.npm:jquery 8 systeminformation 8 editor.md 8 jquery-rails 8 jquery 8 snyk-broker 7 uptime-kuma 7 sanitize-html 7 matrix-react-sdk 7 jquery-ui 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 hapi 7 lodash 7 total.js 7 shescape 7 jQuery 7 hermes-engine 7 safe-eval 6 rsshub 6 parse-url 6 @strapi/plugin-users-permissions 6 aaptjs 6 vditor 5 ejs 5 dojo 5 keystone 5 sweetalert2 5 xlsx 5 openpgp 5 mysql2 5 prismjs 5 ua-parser-js 5 ws 5 yarn 5 public 5 mongoose 5 vite 5 lodash-es 5 total4 5 rendertron 5 apostrophe 4 vega 4 moment 4 mongo-express 4 @keystone-6/core 4 dompurify 4 follow-redirects 4 safer-eval 4 hummus 4 muhammara 4 @backstage/plugin-scaffolder-backend 4 remarkable 4 simple-markdown 4 meshcentral 4 engine.io 4 glance 4 jsonwebtoken 4 convert-svg-core 4 ecstatic 4 mermaid 4 auth0-js 4 realms-shim 4 fastify 4 auth0-lock 4 materialize-css 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 qs 4 katex 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 axios 4 valine 4 apollo-server-core 4 generator-jhipster 4 simple-git 4 object-path 3 node-ipc 3 @backstage/techdocs-common 3 socket.io-parser 3 node-opcua 3 @strapi/utils 3 node-red-dashboard 3 protobufjs 3 passport-wsfed-saml2 3 keycloak-connect 3 xmldom 3 http-live-simulator 3 @sequelize/core 3 jquery-validation 3 uap-core 3 code-server 3 django-tinymce 3 feathers-sequelize 3 jspdf 3 org.webjars.npm:xlsx 3 node-jose 3 jointjs 3 mysql 3 codecov 3 nodemailer 3 notevil 3 dns-sync 3 @cubejs-backend/api-gateway 3 slp-validate 3 postcss 3 ses 3 m-server 3 grunt 3 tough-cookie 3 n8n 3 locutus 3 js-yaml 3 loader-utils 3 mathjs 3 socket.io 3 apollo-server 3 highcharts 3 @jmondi/url-to-png 3 socket.io-file 3 @uppy/companion 3 slpjs 3 @janhq/core 3 lodash.defaultsdeep 3 bootstrap 3 json-ptr 3 node-fetch 3 convict 3 sails 3 ids-enterprise 3 @materializecss/materialize 3 @commercial/subtext 3 openmct 3 nadesiko3 3 @lobehub/chat 3 blamer 3 mixme 3 dojox 3 simplehttpserver 3 braces 3 jose-node-cjs-runtime 3 jose-node-esm-runtime 3 localhost-now 3 docsify 3 @sveltejs/kit 3 libxmljs 3 froala-editor 3 snyk 3 parsel 3 renovate 3 bson 3 serialize-to-js 3 wrangler 3 @ckeditor/ckeditor5-markdown-gfm 3 immer 3 json-pointer 3 @apollo/server 3 bin-links 3 xdLocalStorage 3 yapi-vendor 3 @soketi/soketi 3
Filter by Repository
https://github.com/parse-community/parse-server 30 https://github.com/electron/electron 25 https://github.com/strapi/strapi 24 https://github.com/directus/directus 22 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/sequelize/sequelize 16 https://github.com/tinymce/tinymce 16 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/vercel/next.js 12 https://github.com/TryGhost/Ghost 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/backstage/backstage 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/NodeBB/NodeBB 11 https://github.com/keystonejs/keystone 10 https://github.com/nocodb/nocodb 10 https://github.com/nextauthjs/next-auth 10 https://github.com/jquery/jquery 10 https://github.com/evershopcommerce/evershop 9 https://github.com/matrix-org/matrix-js-sdk 8 https://github.com/matrix-org/matrix-appservice-irc 8 https://github.com/kjur/jsrsasign 8 https://github.com/apollographql/apollo-server 8 https://github.com/digitalbazaar/forge 8 https://github.com/stealjs/steal 8 https://github.com/sebhildebrandt/systeminformation 8 https://github.com/pandao/editor.md 8 https://github.com/lodash/lodash 7 https://github.com/unshiftio/url-parse 7 https://github.com/twbs/bootstrap 7 https://github.com/louislam/uptime-kuma 7 https://github.com/ericcornelissen/shescape 7 https://github.com/matrix-org/matrix-react-sdk 7 https://github.com/totaljs/framework 6 https://github.com/DIYgod/RSSHub 6 https://github.com/ionicabizau/parse-url 6 https://github.com/eclipse-theia/theia 6 https://github.com/shenzhim/aaptjs 6 https://github.com/facebook/hermes 6 https://github.com/npm/node-tar 6 https://github.com/jquery/jquery-ui 6 https://github.com/panva/jose 6 https://github.com/apostrophecms/sanitize-html 5 https://github.com/markedjs/marked 5 https://github.com/GoogleChrome/rendertron 5 https://github.com/vitejs/vite 5 https://github.com/handlebars-lang/handlebars.js 5 https://github.com/vega/vega 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/gatsbyjs/gatsby 5 https://github.com/sidorares/node-mysql2 5 https://github.com/openpgpjs/openpgpjs 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/npm/cli 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/steveukx/git-js 4 https://github.com/ofirdagan/cross-domain-local-storage 4 https://github.com/npm/npm 4 https://github.com/fastify/fastify 4 https://github.com/PrismJS/prism 4 https://github.com/Dogfalo/materialize 4 https://github.com/balderdashy/sails 4 https://github.com/socketio/engine.io 4 https://github.com/axios/axios 4 https://github.com/mde/ejs 4 https://github.com/medialize/uri.js 4 https://github.com/medialize/URI.js 4 https://github.com/mrvautin/expressCart 4 https://github.com/cloudflare/workers-sdk 4 https://github.com/auth0/lock 4 https://github.com/auth0/node-jsonwebtoken 4 https://github.com/follow-redirects/follow-redirects 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/yarnpkg/yarn 4 https://github.com/Ylianst/MeshCentral 4 https://github.com/KaTeX/KaTeX 4 https://github.com/angular/angular.js 4 https://github.com/jonschlinkert/remarkable 4 https://github.com/xCss/Valine 4 https://github.com/hapijs/hapi 4 https://github.com/websockets/ws 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/mozilla/node-convict 3 https://github.com/jquery-validation/jquery-validation 3 https://github.com/sveltejs/kit 3 https://github.com/ag-grid/ag-grid 3 https://github.com/facebook/react 3 https://github.com/xmldom/xmldom 3 https://github.com/mozilla/pdf.js 3 https://github.com/node-opcua/node-opcua 3 https://github.com/nodemailer/nodemailer 3 https://github.com/nodejs/llhttp 3 https://github.com/transloadit/uppy 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/kujirahand/nadesiko3 3 https://github.com/beerpwn/CVE 3 https://github.com/node-fetch/node-fetch 3 https://github.com/MrRio/jsPDF 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/immerjs/immer 3 https://github.com/neocotic/convert-svg 3 https://github.com/NaturalIntelligence/fast-xml-parser 3 https://github.com/n8n-io/n8n 3 https://github.com/nasa/openmct 3 https://github.com/clientIO/joint 3 https://github.com/ckeditor/ckeditor5 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/simpleledger/slpjs 3 https://github.com/cisco/node-jose 3 https://github.com/chjj/marked 3 https://github.com/cure53/DOMPurify 3 https://github.com/salesforce/tough-cookie 3 https://github.com/skoranga/node-dns-sync 3 https://github.com/RIAEvangelist/node-ipc 3 https://github.com/renovatebot/renovate 3 https://github.com/socketio/socket.io 3 https://github.com/socketio/socket.io-parser 3 https://github.com/soketi/soketi 3 https://github.com/zestedesavoir/zmarkdown 3 https://github.com/docsifyjs/docsify 3 https://github.com/dojo/dojo 3 https://github.com/dojo/dojox 3 https://github.com/postcss/postcss 3 https://github.com/dwisiswant0/advisory 3 https://github.com/zeit/next.js 3 https://github.com/josdejong/mathjs 3 https://github.com/adaltas/node-mixme 3 https://github.com/jasonraimondi/url-to-png 3 https://github.com/jarofghosts/glance 3 https://github.com/YMFE/yapi 3 https://github.com/typeorm/typeorm 3 https://github.com/libxmljs/libxmljs 3 https://github.com/mongo-express/mongo-express 3 https://github.com/ua-parser/uap-core 3 https://github.com/mongodb/js-bson 3 https://github.com/moment/moment 3 https://github.com/highcharts/highcharts 3 https://github.com/micromatch/braces 3 https://github.com/mermaid-js/mermaid 3 https://github.com/vanessa219/vditor 3 https://github.com/webpack/loader-utils 3 https://github.com/lobehub/lobe-chat 3 https://github.com/vendure-ecommerce/vendure 3 https://github.com/hapijs/subtext 3 https://github.com/gruntjs/grunt 3 https://github.com/apostrophecms/apostrophe 3 https://github.com/mariocasciaro/object-path 3 https://github.com/Marak/colors.js 3 https://github.com/manuelstofer/json-pointer 3 https://github.com/HackAllSec/CVEs 3 https://github.com/vriteio/vrite 3 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/Automattic/mongoose 3 https://github.com/lukeed/dset 2 https://github.com/Qwerios/madlib-object-utils 2 https://github.com/rabobank-blockchain/vp-toolkit 2 https://github.com/matrix-org/matrix-appservice-bridge 2 https://github.com/jonschlinkert/mixin-deep 2 https://github.com/discordjs/opus 2 https://github.com/mathjax/MathJax 2 https://github.com/dimpu/ngx-md 2 https://github.com/grpc/grpc-node 2 https://github.com/jonschlinkert/merge-deep 2 https://github.com/dfinity/agent-js 2 https://github.com/mout/mout 2 https://github.com/guardian/html-janitor 2 https://github.com/hapijs/hoek 2 https://github.com/jonschlinkert/assign-deep 2 https://github.com/request/request 2 https://github.com/quilljs/quill 2 https://github.com/laverdet/isolated-vm 2 https://github.com/lovell/sharp 2 https://github.com/punkave/sanitize-html 2 https://github.com/pugjs/pug 2 https://github.com/dominictarr/event-stream 2 https://github.com/dominictarr/libnested 2 https://github.com/psi-4ward/psitransfer 2 https://github.com/protobufjs/protobuf.js 2 https://github.com/jonschlinkert/set-value 2 https://github.com/google/closure-library 2 https://github.com/pnpm/pnpm 2 https://github.com/HashBrownCMS/hashbrown-cms 2 https://github.com/pkrumins/node-tree-kill 2 https://github.com/jhipster/jhipster-kotlin 2 https://github.com/honojs/hono 2 https://github.com/jgraph/mxgraph 2 https://github.com/shelljs/shelljs 2 https://github.com/cloudhead/node-static 2 https://github.com/codecov/codecov-node 2 https://github.com/mozilla/nunjucks 2 https://github.com/manvel-khnkoyan/jpv 2 https://github.com/moxiecode/plupload 2 https://github.com/johannschopplich/nuxt-api-party 2 https://github.com/senchalabs/connect 2