Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00anF3LXZmbWotOXJtaM4AAxMd
Cross-site Scripting in yapi-vendor
Ecosystems: npm
Packages: yapi-vendor
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS02OWYyLTQzNzUtcXY5aM4AAxMO
Command injection in smartctl
Ecosystems: npm
Packages: smartctl
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS1qOHdyLWZ3ZjItdnZyOc4AAxM9
Command Injection in create-choo-electron
Ecosystems: npm
Packages: create-choo-electron
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS05dzVqLTRtd3YtMndqOM4AAxNC
Remote code execution in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS01NGp3LWpxcjktNmNqOc4AAxM2
Command injection in vagrant.js
Ecosystems: npm
Packages: vagrant.js
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1nNXFyLXhnZzctOHEyd84AAxND
Command Injection in puppet-facter
Ecosystems: npm
Packages: puppet-facter
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS1maGc3LW04OXEtMjVyM84AAxIw
ReDoS Vulnerability in ua-parser-js version
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS14NzN3LWc4aHgtdjdycM4AAxGk
Code injection in electerm
Ecosystems: npm
Packages: electerm
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1obTdmLXJxN3Etajl4cM4AAxFC
@builder.io/qwik vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @builder.io/qwik
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1oNDUyLTc5OTYtaDQ1aM4AAxDY
cookiejar Regular Expression Denial of Service via Cookie.parse function
Ecosystems: maven, npm
Packages: org.webjars.npm:cookiejar, cookiejar
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1xam03LTU1dnYtM2M1Zs4AAxDO
mel-spintax has Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: mel-spintax
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1jcmhnLXhncmctdnZjY84AAw-o
a12nserver vulnerable to potential SQL Injections via Knex dependency
Ecosystems: npm
Packages: @curveball/a12n-server
Source: GitHub Advisory Database
Published: 16 days ago
Critical
GSA_kwCzR0hTQS12dmozLTg1dmYtZmdtd84AAw93
global-modules-path Command Injection vulnerability
Ecosystems: npm
Packages: global-modules-path
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS02NHdwLWpoOXAtNWNnMs4AAw6f
RSSHub SSRF vulnerability
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS13NW13LWYyaHEtNWZ3OM4AAw6U
gry vulnerable to Command Injection
Ecosystems: npm
Packages: gry
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS03Y2g0LXJyOTktY3Fjd84AAw6Q
gatsby-transformer-remark has possible unsanitized JavaScript code injection
Ecosystems: npm
Packages: gatsby-transformer-remark
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS1xdjY2LWY4NzYtdmp2cs4AAw6F
skeemas Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: skeemas
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS03OThoLWc0ajUtNTUzN84AAw6E
PapaParse Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: papaparse
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS00anJtLWMzMngtdzRqZs4AAw3Y
convict vulnerable to Prototype Pollution
Ecosystems: npm
Packages: convict
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributes
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1jbThoLXE5MnYteGNmY84AAw1D
mercurius has Uncaught Exception when using subscriptions
Ecosystems: npm
Packages: mercurius
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS01OGg0LTltN20tajltNM4AAw0w
@okta/oidc-middlewareOpen Redirect vulnerability
Ecosystems: npm
Packages: @okta/oidc-middleware
Source: GitHub Advisory Database
Published: 20 days ago
High
GSA_kwCzR0hTQS0zeHE1LXdqZmgtcHBqY84AAw0p
Luxon Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: luxon
Source: GitHub Advisory Database
Published: 20 days ago
High
GSA_kwCzR0hTQS05dnZ3LWNjOXctZjI3aM4AAw0l
debug Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Published: 20 days ago
Critical
GSA_kwCzR0hTQS14ajl2LTZxMmYtdnFoeM4AAw0A
wifey vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: wifey
Source: GitHub Advisory Database
Published: 20 days ago
Critical
GSA_kwCzR0hTQS13dnIyLXE4Nm0tNndocM4AAwzO
Baobab vulnerable to Prototype Pollution
Ecosystems: npm
Packages: baobab
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS13eGdoLThnbXItM3FoM84AAwzL
terminal-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: terminal-kit
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS04cGg4LTlxMmotYzNycc4AAwx-
nodebatis SQL Injection vulnerability
Ecosystems: npm
Packages: nodebatis
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS1mMjU5LWg2bTgtaG04bc4AAwx2
exec-local-bin vulnerable to Command Injection
Ecosystems: npm
Packages: exec-local-bin
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS13OW1yLTRtZnItNDk5Zs4AAwww
Vercel ms Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: ms
Source: GitHub Advisory Database
Published: 24 days ago
High
GSA_kwCzR0hTQS02ZzMzLTh3MnEtNGh4ds4AAwwq
robots-txt-guard Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: robots-txt-guard
Source: GitHub Advisory Database
Published: 24 days ago
High
GSA_kwCzR0hTQS1oODU3LTJnNTYtNDY4Z84AAwwo
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: @mattkrick/sanitize-svg
Source: GitHub Advisory Database
Published: 24 days ago
High
GSA_kwCzR0hTQS03bTM3LWN4MzUtcWdtcs4AAwvt
Uniswap Universal Router Incorrect Authorization vulnerability
Ecosystems: npm
Packages: @uniswap/universal-router
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS05bWp4LXdmcXAtajVwaM4AAwvv
window-control vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: window-control
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS1wZnJtLTRyanctZzlxNc4AAwsv
string-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: string-kit
Source: GitHub Advisory Database
Published: 27 days ago
High
GSA_kwCzR0hTQS03NTk5LWZxZ20tdjg0cM4AAwrj
rgb2hex vulnerable to inefficient regular expression complexity
Ecosystems: npm
Packages: rgb2hex
Source: GitHub Advisory Database
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1mcjU0LTcyd3ItY3F2cc4AAwri
express-param vulnerable to Improper Handling of Extra Parameters
Ecosystems: npm
Packages: express-param
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1tNjg4LWN4MnAtcmdxOc4AAwp5
Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
Ecosystems: npm
Packages: twitter-fetcher-js
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS05YzQ3LW02cXEtN3A0aM4AAwpn
Prototype Pollution in JSON5 via Parse Method
Ecosystems: npm
Packages: json5
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03OW1wLWN4cDQtOXA2cs4AAwo2
Json2html vulnerable to cross-site scripting
Ecosystems: npm
Packages: node-json2html
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qNXA3LWpmNHEtNzQycc4AAwnP
markdown-it vulnerable to Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: markdown-it
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wMjdoLTRjcGYtZnc0OM4AAwnR
email-existence Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: email-existence
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02eHJmLXE5NzctNXZnY84AAwmb
json-pointer vulnerable to Prototype Pollution
Ecosystems: npm
Packages: json-pointer
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04Z2g4LWhxd2cteGYzNM4AAwl1
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability
Ecosystems: npm
Packages: fast-json-patch
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0yajJ4LTJncHctZzhmbc4AAwl4
flat vulnerable to Prototype Pollution
Ecosystems: npm
Packages: flat
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tdzR4LWcyeDgtcWN2Zs4AAwlu
tree-kit vulnerable to Prototype Pollution
Ecosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wOGo4LXd4dnAtaDY5Nc4AAwln
SimbCo httpster vulnerable to Path Traversal
Ecosystems: npm
Packages: httpster
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00NXJtLTI4OTMtNWY0Oc4AAwgi
liquidjs may leak properties of a prototype
Ecosystems: npm
Packages: liquidjs
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oanJmLTJtNjgtNTk1Oc4AAwgh
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xd3BoLTQ5NTItN3hyNs4AAwgg
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04Y2Y3LTMyZ3ctd3IzM84AAwgf
jsonwebtoken unrestricted key type could lead to legacy keys usage
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yN2gyLWh2cHItcDc0cc4AAwge
jsonwebtoken has insecure input validation in jwt.verify function
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jNnJwLXdycDktcXI0cc4AAwf6
dustjs-linkedin vulnerable to Prototype Pollution
Ecosystems: npm
Packages: dustjs-linkedin
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wcHB2LWNoOHAtcnAyd84AAwd6
lite-dev-server vulnerable to Directory Traversal
Ecosystems: npm
Packages: lite-dev-server
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nNjYyLXFxNDUtcHB3bc4AAwd8
Smoothie vulnerable to Cross-site Scripting when tooltipLabel or strokeStyle are controlled by users
Ecosystems: npm
Packages: smoothie
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS00dzJqLTJyZzQtNW1qd84AAweA
vm2 vulnerable to Arbitrary Code Execution
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tNXY4LXdwdzQtcmozeM4AAwd9
abacus-ext-cmdline vulnerable to Command Injection
Ecosystems: npm
Packages: abacus-ext-cmdline
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qZm04LWh3aGctcjZnZ84AAwbj
p4 vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: p4
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS04OXc3LTVxNDUtcjUzd84AAwbi
lite-server vulnerable to Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:lite-server, lite-server
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS13Y3dtLWMzbXItcHhjcs4AAwbk
easy-static-server vulnerable to Directory Traversal
Ecosystems: npm
Packages: easy-static-server
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zM3ZoLTd4OHEtbWczNc4AAwbl
safe-eval vulnerable to Prototype Pollution
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12Mjc5LXYyeG0td2hxOc4AAwaQ
Oils JS vulnerable to Open Redirect
Ecosystems: npm
Packages: oils
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS05N2p2LWMzNDItNXhoY84AAwaR
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Ecosystems: npm
Packages: whois
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS00anY5LTM1NjMtMjNqM84AAwZv
Knex.js has a limited SQL injection vulnerability
Ecosystems: npm
Packages: knex
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1odzQ2LXZnNnctODhmas4AAwXM
replicator vulnerable to Deserialization of Untrusted Data
Ecosystems: npm
Packages: replicator
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0yNTJoLTJjbXEtcG1yNs4AAwXI
easywebpack-cli Path Traversal vulnerability
Ecosystems: npm
Packages: @easy-team/easywebpack-cli
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1wNDk1LWp4aDItd3JmZ84AAwYT
npm package rfc6902 vulnerable to Prototype Pollution
Ecosystems: npm
Packages: rfc6902
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS05OTV4LTMzd3EtOGdjOc4AAwVt
cycle-import-check vulnerable to Command Injection
Ecosystems: npm
Packages: cycle-import-check
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wcGpxLXF4aHgtbTI1Zs4AAwSb
Authentication Bypass for passport-wsfed-saml2
Ecosystems: npm
Packages: passport-wsfed-saml2
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS02anFtLTNjOWctcGNoN84AAwRq
@cubejs-backend/api-gateway row level security bypass
Ecosystems: npm
Packages: @cubejs-backend/api-gateway
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12Yzl4LWdtbXItcDdqas4AAwP1
@claviska/jquery-minicolors vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @claviska/jquery-minicolors
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nZzhyLXhqd3EtNHc5Ms4AAwOk
Cross-site scripting vulnerability in TinyMCE alerts
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS1mNDRxLTYzNGMtanZ3ds4AAwM5
libp2p DoS vulnerability from lack of resource management
Ecosystems: npm
Packages: libp2p
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS05cDk1LWZ4dmctcWdxMs4AAwKh
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1yZjNnLXY4cDUtcDY3Nc4AAwJ4
NodeBB vulnerable to account takeover via prototype vulnerability
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS0ycjd2LWNtY2gtNXgyNs4AAwJT
muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference
Ecosystems: npm
Packages: muhammara, hummus
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tOHI1LTd3ZjQtNjNtd84AAwI7
Nadesiko3 OS Command Injection vulnerability
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14Mmp4LXczd20tOXAzcM4AAwI2
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS03MjQ5LTh4MjItNHJnNM4AAwI3
nadesiko3 vulnerable to OS Command Injection
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00eDZnLTNjbXgtdzc2cs4AAwGD
Snyk plugins vulnerable to Command Injection
Ecosystems: npm
Packages: @snyk/snyk-cocoapods-plugin, snyk-docker-plugin, snyk-gradle-plugin, @snyk/snyk-hex-plugin, snyk-python-plugin, snyk-sbt-plugin, snyk-mvn-plugin, snyk
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS03ZnhtLWM4NDgtODlxOM4AAwEt
static-dev-server vulnerable to path traversal
Ecosystems: npm
Packages: static-dev-server
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB
ghost vulnerable to unauthorized newsletter modification via improper access controls
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS13NTczLTRoZzctN3dncc4AAwD1
decode-uri-component vulnerable to Denial of Service (DoS)
Ecosystems: npm
Packages: decode-uri-component
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS1ocnBwLWg5OTgtajNwcM4AAwDM
qs vulnerable to Prototype Pollution
Ecosystems: npm
Packages: qs
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ
Heap buffer overflow in GPU
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV
sweetalert2 v8.19.1 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
sweetalert2 v9.17.4 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS00NTdyLWNxYzgtOXZqOc4AAwBT
sweetalert2 v10.16.10 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oZ3A4LXc4ZmotcjRjbc4AAv_v
ToolJet is vulnerable to Denial of Service (DoS)
Ecosystems: npm
Packages: tooljet
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yN3FwLWNmaHYtcDg0d84AAv_b
Uncaught exception in engine.io
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zZmpqLXA3OWotYzloaM4AAv_I
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Ecosystems: npm
Packages: fastify
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01Z3d4LXdmOWctcjVteM4AAv2W
NodeBB vulnerable to Cross-Site Request Forgery
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mZndmLTQ3eDItanByOM4AAv2P
Matrix-appservice-irc vulnerable to sql injection via roomIds argument
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05OHBmLWdmaDMteDNtcM4AAv0C
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: readthedocs
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS0zcW1jLTJyNzYtNHJxcM4AAv0B
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
Ecosystems: npm
Packages: @redwoodjs/api
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS1yNGpnLTV2ODktOXY2Ms4AAvvz
Withdrawn: Octocat.js vulnerable to code injection
Ecosystems: npm
Packages: octocat.js
Source: GitHub Advisory Database
Published: 3 months ago
Filter by Package
parse-server 22 electron 19 marked 16 swagger-ui 14 strapi 14 handlebars 13 @openzeppelin/contracts-upgradeable 13 sequelize 12 @openzeppelin/contracts 12 next 12 tinymce 10 ckeditor4 10 jquery 9 validator 9 serve 9 url-parse 8 urijs 8 nodebb 8 steal 8 jquery-ui 8 ghost 8 npm 8 node-forge 8 systeminformation 7 total.js 7 tar 7 keystone 7 snyk-broker 7 next-auth 7 hapi 7 angular 7 jsrsasign 7 hermes-engine 7 lodash 7 express-cart 6 parse-url 6 bootstrap 6 aaptjs 6 ua-parser-js 5 shescape 5 safer-eval 5 matrix-js-sdk 5 undici 5 qs 5 dojo 5 joplin 5 ecstatic 5 dns-sync 5 @strapi/strapi 5 vm2 5 moment 5 jsonwebtoken 5 public 5 sanitize-html 5 lodash-es 5 editor.md 5 prismjs 5 rendertron 5 generator-jhipster 4 simple-git 4 sweetalert2 4 matrix-appservice-irc 4 muhammara 4 hummus 4 nocodb 4 apostrophe 4 valine 4 highcharts 4 is-my-json-valid 4 mermaid 4 directus 4 materialize-css 4 ejs 4 realms-shim 4 safe-eval 4 fastify 4 aws-iot-device-sdk-v2 4 awsiotsdk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 xmldom 4 ws 4 yarn 4 openpgp 4 auth0-lock 4 remarkable 4 auth0-js 4 jwt-simple 3 static-eval 3 rsshub 3 jspdf 3 nadesiko3 3 ftp-srv 3 engine.io 3 jointjs 3 axios 3 loader-utils 3 subtext 3 @hapi/subtext 3 bin-links 3 node-red-dashboard 3 feathers-sequelize 3 mongoose 3 lodash.merge 3 apollo-server 3 node-opcua 3 harp 3 raneto 3 apollo-server-core 3 https-proxy-agent 3 protobufjs 3 hekto 3 aedes 3 @ckeditor/ckeditor5-markdown-gfm 3 json-pointer 3 @uppy/companion 3 slpjs 3 froala-editor 3 convert-svg-core 3 yapi-vendor 3 node-ipc 3 vditor 3 jquery-validation 3 grunt 3 mathjs 3 minimist 3 send 3 notevil 3 sails 3 node-fetch 3 json-ptr 3 immer 3 @backstage/plugin-scaffolder-backend 3 convict 3 mongo-express 3 mixme 3 simplehttpserver 3 xlsx 3 org.webjars.npm:xlsx 3 locutus 3 @backstage/techdocs-common 3 xdLocalStorage 3 matrix-react-sdk 3 codecov 3 bson 3 socket.io-file 3 uap-core 3 dompurify 3 object-path 3 glance 3 @commercial/subtext 3 parsel 3 http-live-simulator 3 lodash.mergewith 3 lodash.defaultsdeep 3 buttle 3 serialize-to-js 3 m-server 3 js-yaml 3 slp-validate 3 dojox 3 localhost-now 3 ids-enterprise 3 TinyMCE 3 tinymce/tinymce 3 uglify-js 3 http-proxy-agent 2 macaddress 2 decal 2 waterline-sequel 2 passport-wsfed-saml2 2 set-in 2 whereis 2 merge 2 sshpk 2 @node-red/runtime 2 docsify 2 angular-expressions 2 highlight.js 2 express-fileupload 2 st 2 crud-file-server 2 tough-cookie 2 ssri 2 mustache 2 @curveball/a12n-server 2 rollup-plugin-server 2 generator-jhipster-kotlin 2 aegir 2 statics-server 2 vp-toolkit 2 assign-deep 2 status-board 2 rgb2hex 2 http-file-server 2 typeorm 2 jquery.terminal 2 @cubejs-backend/api-gateway 2 mqtt-packet 2 @soketi/soketi 2 simple-markdown 2 takeapeek 2 bleach 2 jquery.json-viewer 2 node-red 2 node-sass 2 loopback-connector-mongodb 2 mqtt 2 @keystone-6/core 2 electron-markdownify 2 @actions/core 2 papaparse 2 @hapi/hoek 2 react 2 ses 2 debug 2 yeoman-genrator 2 saml2-js 2 ibm_db 2 json-serializer 2 node-saml 2 detect-character-encoding 2 quill 2 snyk 2 css-what 2 isolated-vm 2 loopback 2 defaults-deep 2 flatmap-stream 2 eslint-config-eslint 2 mout 2 minimatch 2 jose 2 jose-browser-runtime 2 jose-node-esm-runtime 2 jose-node-cjs-runtime 2 google-closure-library 2 fs-path 2 moment-timezone 2 constantinople 2 node-simple-router 2 list-n-stream 2 knockout 2 renovate 2 semver-regex 2 mysql 2 tomato 2 bootstrap-table 2 serialize-javascript 2 Moment.js 2 deap 2 deep-get-set 2 blamer 2 @finastra/nestjs-proxy 2 dot 2 fast-string-search 2 querymen 2 giting 2 jpeg-js 2 ungit 2 sds 2 postcss 2 code-server 2 multi-ini 2 socket.io 2 i18next 2 html-janitor 2 mapbox.js 2 fastify-csrf 2 keycloak-connect 2 ms 2 madlib-object-utils 2 express-openid-connect 2 passport-saml 2 bodymen 2 libnested 2 swagger-ui-dist 2 lodash-amd 2 oauth2-server 2 @finastra/ssr-pages 2 reveal.js 2 karma 2 follow-redirects 2 @strikeentco/set 2 bmoor 2 cached-path-relative 2 min-dash 2 shelljs 2 markdown-it 2 scratch-svg-renderer 2 parcel-bundler 2 js-data 2 mercurius 2 jsx-slack 2 @auth0/nextjs-auth0 2 acorn 2 set-value 2 @xmldom/xmldom 2 starkbank-ecdsa 2 dotty 2 shell-quote 2