Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

High

GSA_kwCzR0hTQS1qamZmLXEzcTQtNWhoOM4AA7Lu

@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
Ecosystems: npm
Packages: @andrei-tatar/nora-firebase-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 8 hours ago

Low

GSA_kwCzR0hTQS04Mmp2LTl3anctcHFoNs4AA7KU

Prototype pollution in emit function
Ecosystems: npm
Packages: derby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago

Moderate

GSA_kwCzR0hTQS1tNjRxLTRqcWgtZjcyZs4AA7KT

Stored Cross-site Scripting (XSS) in excalidraw's web embed component
Ecosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 1 day ago

High

GSA_kwCzR0hTQS04bTQ1LTJyam0tajM0N84AA7I8

Handling untrusted input can result in a crash, leading to loss of availability / denial of service
Ecosystems: npm
Packages: @solana/web3.js
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 1 day ago

High

GSA_kwCzR0hTQS04NDZnLXA3aG0tZjU0cs4AA7Ba

AWS Amplify CLI has incorrect trust policy management
Ecosystems: npm
Packages: @aws-amplify/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago

Moderate

GSA_kwCzR0hTQS14NTY1LTMycXAtbTN2Zs4AA67m

phin may include sensitive headers in subsequent requests after redirect
Ecosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 7 days ago

Moderate

GSA_kwCzR0hTQS13bTR3LTdoMnEtM3BmN84AA67l

Matrix IRC Bridge truncated content of messages can be leaked
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago

Critical

GSA_kwCzR0hTQS1mcHc3LWoyaGctNjl2Nc4AA66u

mysql2 Remote Code Execution (RCE) via the readCodeFor function
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 8 days ago

Moderate

GSA_kwCzR0hTQS00d2gzLTN3ZjItMzltOc4AA66A

Summernote vulnerable to cross-site scripting
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 8 days ago

Moderate

GSA_kwCzR0hTQS1ocDhoLTd4NjktNHdtds4AA63y

zcap has incomplete expiration checks in capability chains.
Ecosystems: npm
Packages: @digitalbazaar/zcap
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 8 days ago

High

GSA_kwCzR0hTQS05d3dwLXE3d3EtangzNc4AA63x

@fastify/secure-session: Reuse of destroyed secure session cookie
Ecosystems: npm
Packages: @fastify/secure-session
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 8 days ago

Moderate

GSA_kwCzR0hTQS1tcXIyLXc3d2otampncs4AA62q

mysql2 cache poisoning vulnerability
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 8 days ago

Moderate

GSA_kwCzR0hTQS00OWo0LTg2bTgtcTJqd84AA62p

mysql2 vulnerable to Prototype Poisoning
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 8 days ago

Moderate

GSA_kwCzR0hTQS1yOTU2LTI1NTMtdnZocs4AA6sD

React Native Sms User Consent Intent Redirection Vulnerability
Ecosystems: npm
Packages: @kyivstarteam/react-native-sms-user-consent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago

Moderate

GSA_kwCzR0hTQS0ycDJ4LXA3d2otajVoMs4AA6qU

PsiTransfer: File integrity violation
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago

Moderate

GSA_kwCzR0hTQS14Zzh2LW0ybWgtNDVtNs4AA6qV

PsiTransfer: Violation of the integrity of file distribution
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago

High

GSA_kwCzR0hTQS01cGdnLTJnOHYtcDR4Oc4AA6pz

SheetJS Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: xlsx
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 14 days ago

Critical

GSA_kwCzR0hTQS12YzZxLWNjajktOXI4Oc4AA6py

MailDev Remote Code Execution
Ecosystems: npm
Packages: maildev
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 14 days ago

High

GSA_kwCzR0hTQS02Y2Y2LThodnItcjY4d84AA6o3

dectalk-tts Uses Unencrypted HTTP Request
Ecosystems: npm
Packages: dectalk-tts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago

Low

GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2

Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 14 days ago

Low

GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1

Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 14 days ago

Moderate

GSA_kwCzR0hTQS04amh3LTI4OWgtamgyZ84AA6l1

Vite's `server.fs.deny` did not deny requests for patterns with directories.
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 15 days ago

High

GSA_kwCzR0hTQS1jNGdyLXE5N2ctcHB3Y84AA6gY

In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
Ecosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago

High

GSA_kwCzR0hTQS0zNGgzLThtdzQtcXc1N84AA6d1

@electron/packager's build process memory potentially leaked into final executable
Ecosystems: npm
Packages: @electron/packager
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 20 days ago

Moderate

GSA_kwCzR0hTQS0zNXczLTZxaGMtNDc0ds4AA6d0

@workos-inc/authkit-nextjs session replay vulnerability
Ecosystems: npm
Packages: @workos-inc/authkit-nextjs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago

High

GSA_kwCzR0hTQS13Mzg3LTVxcXctN2c4bc4AA6dw

Content-Security-Policy header generation in middleware could be compromised by malicious injections
Ecosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago

High

GSA_kwCzR0hTQS0yZzRjLThmcG0tYzQ2ds4AA6YV

web3-utils Prototype Pollution vulnerability
Ecosystems: npm
Packages: web3-utils
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: 22 days ago

Moderate

GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 23 days ago

Moderate

GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 23 days ago

Moderate

GSA_kwCzR0hTQS1ydjk1LTg5NmgtYzJ2Y84AA6Rd

Express.js Open Redirect in malformed URLs
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 24 days ago

Moderate

GSA_kwCzR0hTQS0zd2M1LWZjdzItMjMyOc4AA6Rb

KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 24 days ago

Moderate

GSA_kwCzR0hTQS1mOTh3LTdjeHItZmYyaM4AA6Ra

KaTeX's `\includegraphics` does not escape filename
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 24 days ago

Moderate

GSA_kwCzR0hTQS1jdnI2LTM3Z3gtdjh3Y84AA6RZ

KaTeX's maxExpand bypassed by Unicode sub/superscripts
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 24 days ago

Moderate

GSA_kwCzR0hTQS02NGZtLThodzItdjcyd84AA6RY

KaTeX's maxExpand bypassed by `\edef`
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 24 days ago

High

GSA_kwCzR0hTQS0yNDZwLXhtZzgtd21jcc4AA6RW

OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
Ecosystems: npm
Packages: @oneuptime/common-server, @oneuptime/model
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago

High

GSA_kwCzR0hTQS04cHByLXd3dzgtaGZqeM4AA6RK

@thi.ng/paths Prototype Pollution vulnerability
Ecosystems: npm
Packages: @thi.ng/paths
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago

Moderate

GSA_kwCzR0hTQS04ODJqLTR2ajUtN3Ztas4AA6O1

Cache Poisoning Vulnerability
Ecosystems: npm
Packages: translate
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 27 days ago

Moderate

GSA_kwCzR0hTQS1mNXgzLTMyZzYteHEzNs4AA6O0

Denial of service while parsing a tar file due to lack of folders count validation
Ecosystems: npm
Packages: tar, node-tar
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: 27 days ago

High

GSA_kwCzR0hTQS13cjNqLXB3ajktaHFxNs4AA6Nc

Path traversal in webpack-dev-middleware
Ecosystems: npm
Packages: webpack-dev-middleware
Source: GitHub Advisory Database
Blast Radius: 48.0
Published: 28 days ago

Moderate

GSA_kwCzR0hTQS14Z2o0LTJocmYtajR4Z84AA6Mj

Cross-site scripting in Survey Creator
Ecosystems: npm
Packages: survey-creator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago

Critical

GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD

Server crashes on invalid Cloud Function or Cloud Job name
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 1 month ago

High

GSA_kwCzR0hTQS1tcDc2LTd3NXYtcHI3Nc4AA6CN

TurboBoost Commands vulnerable to arbitrary method invocation
Ecosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS1jeGpoLXBxd3AtOG1mcM4AA6AJ

follow-redirects' Proxy-Authorization header kept across hosts
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS1mcjN3LTJwMjItNnc3cM4AA572

URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 1 month ago

Low

GSA_kwCzR0hTQS0yY2NyLWcycnYtaDY3N84AA571

Session Token in URL in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 1 month ago

High

GSA_kwCzR0hTQS1mNzhqLTR3M2ctNHE2Nc4AA56t

StimulusReflex arbitrary method call
Ecosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS1oaGh2LXE1N2ctODgycc4AA502

jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
Ecosystems: npm
Packages: jose, jose-node-esm-runtime, jose-node-cjs-runtime
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS0zcDNwLWNnajctdmd3M84AA5zO

RSSHub vulnerable to Server-Side Request Forgery
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 1 month ago

Moderate

GSA_kwCzR0hTQS0yd3F3LWhyNGYteHJoaM4AA5zN

RSSHub Cross-site Scripting vulnerability caused by internal media proxy
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 1 month ago

Critical

GSA_kwCzR0hTQS04NmZjLWY5Z3ItdjUzM84AA5xc

HTTP Handling Vulnerability in the Bare server
Ecosystems: npm
Packages: @tomphttp/bare-server-node
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 1 month ago

Critical

GSA_kwCzR0hTQS1mcWc4LXZmdjctOGZqOM4AA5wD

JSONata expression can pollute the "Object" prototype
Ecosystems: npm
Packages: jsonata
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 months ago

High

GSA_kwCzR0hTQS1yNHBmLTN2N3ItaGg1Nc4AA5wC

electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
Ecosystems: npm
Packages: app-builder-lib
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS04MmpmLThmMjQteHE5bc4AA5t8

hexo-theme-anzhiyu Cross-site Scripting vulnerability
Ecosystems: npm
Packages: hexo-theme-anzhiyu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS01bWhnLXd2OHctcDU5as4AA5sN

Directus version number disclosure
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 months ago

Critical

GSA_kwCzR0hTQS00ZzJ4LXZxNXAtNXZqNs4AA5sL

Budibase affected by VM2 Constructor Escape Vulnerability
Ecosystems: npm
Packages: @budibase/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Critical

GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK

ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago

High

GSA_kwCzR0hTQS1xdzlnLTc1NDktN3dnNc4AA5r0

Directus has MySQL accent insensitive email matching
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 months ago

Low

GSA_kwCzR0hTQS02OGMyLTRtcHgtcWg5Nc4AA5rz

Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Ecosystems: npm
Packages: @sentry/react-native
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS1mZmZnLWN3YzkteHZqN84AA5rI

mongo-express Cross-site Request Forgery vulnerability
Ecosystems: npm
Packages: mongo-express
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS02anZnLWhwMjUtNDJmNs4AA5rD

Nteract Remote Code Execution vulnerability
Ecosystems: npm
Packages: nteract
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Low

GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR

OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Critical

GSA_kwCzR0hTQS04NGMzLWo4cjItbWNtOM4AA5gp

@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keys
Ecosystems: npm
Packages: @nfid/embed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Low

GSA_kwCzR0hTQS00Z21qLTNwM2gtZ204aM4AA5gl

es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Ecosystems: npm
Packages: es5-ext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS1ybTk3LXg1NTYtcTM2aM4AA5fD

sanitize-html Information Exposure vulnerability
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 2 months ago

High

GSA_kwCzR0hTQS0yZmM5LXhwcDgtMmc5aM4AA5ef

`@backstage/backend-common` vulnerable to path traversal through symlinks
Ecosystems: npm
Packages: @backstage/backend-common
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 months ago

Critical

GSA_kwCzR0hTQS1jOXZ2LWZoZ3YtY2pjM84AA5aA

agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Ecosystems: npm
Packages: @dfinity/auth-client, @dfinity/identity
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 2 months ago

High

GSA_kwCzR0hTQS1jcDY4LXFyaHItZzloOM4AA5Zx

MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago

High

GSA_kwCzR0hTQS0zamN2LTVmOXAtMmYycM4AA5YN

Cross-site Scripting in electron-pdf
Ecosystems: npm
Packages: electron-pdf
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS01ampxLThjdmotdjZtOc4AA5Xi

Cross-site Scripting in Serenity
Ecosystems: npm, nuget
Packages: @serenity-is/corelib, Serenity.Net.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

High

GSA_kwCzR0hTQS13NGh2LXZtdjktaGdjcs4AA5Vm

GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`
Ecosystems: npm
Packages: @scrypted/core, @scrypted/server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago

Low

GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg

Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS05ZjI0LWpxaG0tamZjd84AA5Vf

fetch(url) leads to a memory leak in undici
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS1wbWdtLWgzY2MtbTRoas4AA5Va

React Native Document Picker Directory Traversal vulnerability
Ecosystems: npm
Packages: react-native-document-picker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS04bTM2LTYycnctOW14d84AA5Pv

mapshaper Path Traversal vulnerability
Ecosystems: npm
Packages: mapshaper
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 2 months ago

Low

GSA_kwCzR0hTQS1tM2Y0LTk1N3gtbTc4Nc4AA5OZ

lambda-middleware Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7

Ghost has possible Cross-site Scripting issue
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago

High

GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb

angular vulnerable to super-linear runtime due to backtracking
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS0yMnIzLTl3NTUtY2o1NM4AA5Lq

Pkg Local Privilege Escalation
Ecosystems: npm
Packages: pkg
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS03OHhqLWNnaDUtMmgyMs4AA5Ki

NPM IP package incorrectly identifies some private IP addresses as public
Ecosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS13aDV3LTgyZjMtd3J4aM4AA5JM

CKEditor cross-site scripting vulnerability in AJAX sample
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS1tdzJjLXZ4NmotbWc3Ns4AA5JL

CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK

CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 2 months ago

Critical

GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB

Stimulsoft Dashboard.JS directory traversal vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS05bTZtLWM2NHItdzRmNM4AA5Es

Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS05Y2dmLXB4d3EtMmNwd84AA5ET

Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 2 months ago

High

GSA_kwCzR0hTQS1tcHdqLWZjcjYteDM0Y84AA5DS

Yarn untrusted search path vulnerability
Ecosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS1tZjc0LXFxN3ctNmo3ds4AA5C2

Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

Low

GSA_kwCzR0hTQS1tcTZ2LXczNWctM2M5N84AA5C1

Local File Inclusion vulnerability in zmarkdown
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

High

GSA_kwCzR0hTQS12MjY5LXJycjYtY3g2cs4AA5CF

Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS01NDd4LTc0OHYtdnA2cM4AA5A9

Dash apps vulnerable to Cross-site Scripting
Ecosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS05aDZnLXByMjgtN2NxcM4AA4-p

nodemailer ReDoS when trying to send a specially crafted email
Ecosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS1wZjU1LWZqOTYteGYzN84AA499

@lobehub/chat vulnerable to unauthorized access to plugins
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago

High

GSA_kwCzR0hTQS1ydjhwLXJyMmgtZmdwZ84AA484

@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @apollo/experimental-nextjs-app-support
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 3 months ago

High

GSA_kwCzR0hTQS1xaGpmLWhtNWotMzM1d84AA483

@urql/next Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @urql/next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

High

GSA_kwCzR0hTQS05OTdnLTI3eDgtNDNyZs4AA482

react-query-streamed-hydration Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @tanstack/react-query-next-experimental
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago

High

GSA_kwCzR0hTQS12dmgyLTgyYzctcHBmZ84AA48B

network Arbitrary Command Injection vulnerability
Ecosystems: npm
Packages: network
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 3 months ago

Critical

GSA_kwCzR0hTQS04eHc2LTloNzgtYzg5as4AA470

Ylianst MeshCentral Missing SSL Certificate Validation
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

High

GSA_kwCzR0hTQS13cHh3LTV4Zm0teDIyds4AA47V

MeshCentral algorithm-downgrade issue
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago

Critical

GSA_kwCzR0hTQS03eG04LXdqcTctODhyNc4AA47X

DeviceFarmer stf uses DES-ECB
Ecosystems: npm
Packages: @devicefarmer/stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago

High

GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX

Sending a GET or HEAD request with a body crashes SvelteKit
Ecosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 3 months ago

Statistics

Advisories: 17,466
Packages: 8,120
Repositories: 1,376
Ecosystems: 12

Filter by Severity

Moderate 7,469 High 6,099 Critical 2,660 Low 957

Filter by Ecosystem

maven 5,491 npm 3,495 pypi 3,463 packagist 3,212 go 1,835 nuget 1,388 rubygems 812 cargo 771 swift 31 hex 29 actions 16 pub 8

Filter by Package

parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 directus 16 sequelize 16 swagger-ui 14 tinymce 14 strapi 13 ghost 13 ckeditor4 13 next 13 undici 12 vm2 12 marked 11 angular 11 handlebars 11 nodebb 11 tinymce/tinymce 9 TinyMCE 9 @evershop/evershop 9 org.webjars.npm:jquery 9 serve 9 jquery-rails 9 next-auth 9 jquery 9 tar 8 urijs 8 steal 8 joplin 8 @strapi/strapi 8 validator 8 jQuery 8 jsrsasign 8 url-parse 8 bootstrap 8 editor.md 8 matrix-js-sdk 8 systeminformation 8 express-cart 8 npm 8 node-forge 8 snyk-broker 7 matrix-appservice-irc 7 jquery-ui 7 hermes-engine 7 total.js 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 matrix-react-sdk 7 lodash 7 nocodb 7 hapi 7 shescape 7 aaptjs 6 parse-url 6 sanitize-html 6 safe-eval 6 rsshub 6 dojo 5 vite 5 prismjs 5 openpgp 5 public 5 yarn 5 lodash-es 5 keystone 5 sweetalert2 5 total4 5 ua-parser-js 5 @strapi/plugin-users-permissions 5 rendertron 5 xlsx 5 moment 4 engine.io 4 dompurify 4 @keystone-6/core 4 realms-shim 4 apostrophe 4 vega 4 vditor 4 mongo-express 4 safer-eval 4 simple-git 4 jsonwebtoken 4 katex 4 mongoose 4 follow-redirects 4 fastify 4 ecstatic 4 generator-jhipster 4 hummus 4 muhammara 4 ws 4 auth0-js 4 glance 4 apollo-server-core 4 remarkable 4 qs 4 simple-markdown 4 meshcentral 4 auth0-lock 4 mermaid 4 valine 4 ejs 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 uptime-kuma 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 @backstage/plugin-scaffolder-backend 4 axios 4 materialize-css 4 n8n 3 org.webjars.npm:xlsx 3 froala-editor 3 jointjs 3 socket.io-file 3 slpjs 3 passport-wsfed-saml2 3 dns-sync 3 highcharts 3 connect 3 fast-xml-parser 3 jose 3 codecov 3 node-red-dashboard 3 ses 3 mixme 3 feathers-sequelize 3 notevil 3 tough-cookie 3 convert-svg-core 3 localhost-now 3 jspdf 3 xmldom 3 m-server 3 keycloak-connect 3 code-server 3 node-jose 3 @strapi/utils 3 @cubejs-backend/api-gateway 3 nodemailer 3 mathjs 3 @backstage/techdocs-common 3 slp-validate 3 node-opcua 3 postcss 3 socket.io-parser 3 apollo-server 3 node-ipc 3 jquery-validation 3 raneto 3 @ckeditor/ckeditor5-markdown-gfm 3 bootstrap 3 js-yaml 3 loader-utils 3 blamer 3 grunt 3 object-path 3 ftp-srv 3 protobufjs 3 @frangoteam/fuxa 3 yapi-vendor 3 immer 3 http-live-simulator 3 uap-core 3 wrangler 3 mysql 3 nadesiko3 3 docsify 3 dojox 3 simplehttpserver 3 parsel 3 @uppy/companion 3 convict 3 fuxa-server 3 mxgraph 3 node-fetch 3 stimulsoft-dashboards-js 3 express-fileupload 3 xdLocalStorage 3 @apollo/server 3 llhttp 3 json-pointer 3 @hapi/subtext 3 serialize-to-js 3 buttle 3 typeorm 3 lodash.defaultsdeep 3 mysql2 3 @vrite/sdk 3 @commercial/subtext 3 json-ptr 3 @sveltejs/kit 3 snyk 3 ids-enterprise 3 @materializecss/materialize 3 @soketi/soketi 3 sails 3

Filter by Repository