Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm Security Advisories
Loading...
Moderate
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Published: about 3 hours ago
GSA_kwCzR0hTQS05MnIzLW0ybWctcGo5N84AA3lD
Vite XSS vulnerability in `server.transformIndexHtml` via URL payloadEcosystems: npm
Packages: vite
Source: GitHub Advisory Database
Published: about 3 hours ago
Moderate
Ecosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Published: 1 day ago
GSA_kwCzR0hTQS00ZzZxLTc3ajctdnZqY84AA3hm
Logging of the firestore key within nodejs-firestoreEcosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 4 days ago
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
Ecosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Published: 5 days ago
GSA_kwCzR0hTQS1wcnIzLWMzbTUtcDdxMs4AA3d1
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression ComplexityEcosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Published: 5 days ago
Low
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Published: 8 days ago
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) VulnerabilityEcosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 8 days ago
GSA_kwCzR0hTQS1oZnhoLXJqdjctMjM2Oc4AA3Xr
Uptime Kuma Authenticated remote code execution via TailscalePingEcosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 8 days ago
High
Ecosystems: npm
Packages: sequelize-typescript
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS03cHZ4LTQ1ODUtaHF3d84AA3W_
sequelize-typescript Prototype Pollution vulnerabilityEcosystems: npm
Packages: sequelize-typescript
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 11 days ago
GSA_kwCzR0hTQS12NHYyLThoODgtNjVxas4AA3W6
Attribute Injection leading to XSS(Cross-Site-Scripting)Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 11 days ago
Critical
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Published: 12 days ago
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command executionEcosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authenticationEcosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
Ecosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS02aDY3LTkzNHItODJnN84AA3RQ
Bypass of field access control in strapi-plugin-protected-populateEcosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
Ecosystems: npm
Packages: fast-jwt
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS1jMmZmLTg4eDIteDlwZ84AA3RL
JWT Algorithm ConfusionEcosystems: npm
Packages: fast-jwt
Source: GitHub Advisory Database
Published: 15 days ago
High
Ecosystems: npm
Packages: json-web-token
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS00eHc5LWN4MzktcjM1Nc4AA3P4
json-web-token library is vulnerable to a JWT algorithm confusion attackEcosystems: npm
Packages: json-web-token
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Published: 18 days ago
GSA_kwCzR0hTQS13bTYzLTc2MjctY2gzM84AA3P1
@vendure/core's insecure currencyCode handling allows wrong payment amountsEcosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Published: 18 days ago
High
Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Published: 19 days ago
GSA_kwCzR0hTQS01NHhxLWNncXItcnBtM84AA3N1
sharp vulnerability in libwebp dependency CVE-2023-4863Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Published: 19 days ago
GSA_kwCzR0hTQS1oeGpjLTlqOHYtdjlwcs4AA3Nu
CKEditor Cross-site Scripting vulnerabilityEcosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Published: 20 days ago
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodesEcosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Published: 21 days ago
GSA_kwCzR0hTQS04aGdnLXh4bTUtMzg3M84AA3ID
DOMPurify Open Redirect vulnerabilityEcosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
Ecosystems: npm
Packages: cesium
Source: GitHub Advisory Database
Published: 21 days ago
GSA_kwCzR0hTQS00NTMyLXBteDctOXd3N84AA3GU
Cross-site Scripting in cesiumEcosystems: npm
Packages: cesium
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
Ecosystems: npm
Packages: bootbox
Source: GitHub Advisory Database
Published: 21 days ago
GSA_kwCzR0hTQS1tNGNoLTRtNWYtMmdwNs4AA3GR
Bootbox.js Cross Site Scripting vulnerabilityEcosystems: npm
Packages: bootbox
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
Ecosystems: npm
Packages: @sentry/nextjs
Source: GitHub Advisory Database
Published: 26 days ago
GSA_kwCzR0hTQS0ycm1yLXh3OG0tMjJxOc4AA3B6
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpointEcosystems: npm
Packages: @sentry/nextjs
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Published: 26 days ago
GSA_kwCzR0hTQS12OGZjLXF4dmotZjNtZ84AA3BP
NASA Open MCT Cross Site Scripting vulnerabilityEcosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Published: 26 days ago
GSA_kwCzR0hTQS00Zzg4LTRoZ20tbTk5eM4AA3BK
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerabilityEcosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
Ecosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Published: 27 days ago
GSA_kwCzR0hTQS1obTkyLXZnbXctcWZteM4AA3Ah
chromedriver Command Injection vulnerabilityEcosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
Ecosystems: npm
Packages: axios
Source: GitHub Advisory Database
Published: 27 days ago
GSA_kwCzR0hTQS13ZjVwLWc2dnctcmh4eM4AA2_y
Axios Cross-Site Request Forgery VulnerabilityEcosystems: npm
Packages: axios
Source: GitHub Advisory Database
Published: 27 days ago
High
Ecosystems: npm
Packages: @clickbar/dot-diver
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS05dzVmLW13M3AtcGo0N84AA26p
Prototype Pollution(PP) vulnerability in setByPathEcosystems: npm
Packages: @clickbar/dot-diver
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: npm
Packages: @strapi/strapi, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o
Unauthorized Access to Private Fields in User Registration APIEcosystems: npm
Packages: @strapi/strapi, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: cordova-plugin-fingerprint-aio
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS03dmZ4LWhmdm0tcmhyOM4AA24s
cordova-plugin-fingerprint-aio DoS vulnerabilityEcosystems: npm
Packages: cordova-plugin-fingerprint-aio
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS00Z3BtLXIyM2gtZ3Byd84AA2zp
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first characterEcosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: npm
Packages: browserify-sign
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS14OXc1LXYzcTItM3Jod84AA2uZ
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attackEcosystems: npm
Packages: browserify-sign
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS14d2NxLXBtOG0tYzR2Zs4AA2sP
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standardEcosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
Ecosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1tcGo4LXEzOXgtd3E1aM4AA2sN
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standardEcosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: npm
Packages: node-email-check
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS05MjQyLTZwMzYtNjI1Ns4AA2pR
Inefficient Regular Expression Complexity in node-email-checkEcosystems: npm
Packages: node-email-check
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK
Parse Server may crash when uploading file without extensionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: about 1 month ago
Low
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1jNTloLXI2cDgtcTl3Y84AA2m9
Next.js missing cache-control header may lead to CDN caching empty replyEcosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: about 1 month ago
High
Ecosystems: npm, cargo
Packages: @tauri-apps/cli, tauri-cli
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS0ycmNwLWp2cjQtcjI1Oc4AA2mV
Tauri's Updater Private Keys Possibly Leaked via Vite Environment VariablesEcosystems: npm, cargo
Packages: @tauri-apps/cli, tauri-cli
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1obWd3LTlqcmctaGYybc4AA2kX
Directus crashes on invalid WebSocket messageEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open APIEcosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS12NjVyLXAzdnYtampmds4AA2kF
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave pluginEcosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: react-devtools-core
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1yeHJjLXJndjQtanB2eM4AA2j_
React Developer Tools extension Improper Authorization vulnerabilityEcosystems: npm
Packages: react-devtools-core
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: npm
Packages: deobfuscator
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1qZzgyLXhoM3ctcmh4eM4AA2jA
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code executionEcosystems: npm
Packages: deobfuscator
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1yYzR2LTk5Y3ItcGpjbc4AA2gY
Prototype Pollution in ali-security/mongooseEcosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS0zbTVxLXEzOXYteGY4Zs4AA2gV
nocodb SQL Injection vulnerabilityEcosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Published: about 2 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS13cXE0LTV3cHYtbXgyZ84AA2eY
Undici's cookie header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @babel/traverse
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS02N2h4LTZ4NTMtanc5Ms4AA2eW
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeEcosystems: npm
Packages: @babel/traverse
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: npm
Packages: node-qpdf
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1mcHI4LTR3dngtajlxM84AA2cb
node-qpdf vulnerable to command injectionEcosystems: npm
Packages: node-qpdf
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS01Z2htLWgyd3EtZzNtaM4AA2bp
Allocation of Resources Without Limits or Throttling in vriteio/vriteEcosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS13MzVwLXd4d2otcmNtOc4AA2bq
Server-Side Request Forgery (SSRF) in vriteio/vriteEcosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS00NGZmLTl3NGYtOTl3Ns4AA2bn
Improper Input Validation in vriteio/vriteEcosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: npm
Packages: @graphql-mesh/runtime
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1ycjR4LWNyaGYtODg4Ns4AA2X5
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operationEcosystems: npm
Packages: @graphql-mesh/runtime
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1nOXYyLXdxY2otajk5Z84AA2X4
Uptime Kuma has Persistentent User SessionsEcosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS00eGN4LWN3cnEtdzc5Ms4AA2SA
Prototype Pollution in NASA Open MCTEcosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Published: 2 months ago
Critical
Ecosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS04cjZqLXY4cG0tZnF3M84AA2SB
Code injection in fseventsEcosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Published: 2 months ago
High
Ecosystems: npm
Packages: express-zod-api
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS1tdnJwLTNjdngtYzMyNc4AA2PO
Zod denial of service vulnerability during email validationEcosystems: npm
Packages: express-zod-api
Source: GitHub Advisory Database
Published: 2 months ago
High
Ecosystems: npm
Packages: static-server
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS12ODM0LXJodjQtNjVtM84AA2Mj
static-server Path Traversal vulnerabilityEcosystems: npm
Packages: static-server
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: postcss
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS03Zmg1LTY0cDItM3Yyas4AA2Js
PostCSS line return parsing errorEcosystems: npm
Packages: postcss
Source: GitHub Advisory Database
Published: 2 months ago
Low
Ecosystems: npm
Packages: zod
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS1tOTVxLTdxcDMteHY0Ms4AA2IO
Zod denial of service vulnerabilityEcosystems: npm
Packages: zod
Source: GitHub Advisory Database
Published: 2 months ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC
Electron affected by libvpx's heap buffer overflow in vp8 encodingEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: quill-mention
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS1qZ3c1LXJwNHAtcWhwNs4AA2Hm
quill-mention Cross-site Scripting vulnerabilityEcosystems: npm
Packages: quill-mention
Source: GitHub Advisory Database
Published: 2 months ago
High
Ecosystems: npm
Packages: @napi-rs/image
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS00dmpyLWNydmgtMzgzaM4AA2HD
@napi-rs/image affected by libwebp CVEEcosystems: npm
Packages: @napi-rs/image
Source: GitHub Advisory Database
Published: 2 months ago
High
Ecosystems: npm
Packages: get-func-name
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS00cTZwLXI2djItanZjNc4AA2HC
Chaijs/get-func-name vulnerable to ReDoSEcosystems: npm
Packages: get-func-name
Source: GitHub Advisory Database
Published: 2 months ago
Critical
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1wNDZnLThjM3EtODlwMs4AA2AM
FUXA SQL Injection vulnerabilityEcosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS00NWMzLWM0YzMtOHJxZ84AA2AN
FUXA vulnerable to Local File InclusionEcosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS12OXE1LTljcnAtOTJmOc4AA2AH
FUXA SQL Injection vulnerabilityEcosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS13d2ZqLWg4NDMtM2hycc4AA2AL
FUXA local file inclusion vulnerabilityEcosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Published: 3 months ago
Critical
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1neDZyLXFjMnYtM3Azds4AA1_3
systeminformation SSID Command Injection VulnerabilityEcosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS14cnBtLWhjY2ctMjh4N84AA1_d
Improper Input Validation in nocodbEcosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: graphql
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS05cHY3LXZmdm0tNnZyN84AA19X
graphql Uncontrolled Resource Consumption vulnerabilityEcosystems: npm
Packages: graphql
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: jodit
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS05NXhyLWNxNmgtdndyM84AA18A
Jodit Editor vulnerable to cross-site scriptingEcosystems: npm
Packages: jodit
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: blamer
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS02ZjlwLWc0NjYtZjh2OM4AA17_
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() APIEcosystems: npm
Packages: blamer
Source: GitHub Advisory Database
Published: 3 months ago
Critical
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1yODdxLWZxMzctcHZyNs4AA17X
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXAEcosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS0yMnJyLWYzcDgtNWdmOM4AA15b
Directus affected by VM2 sandbox escape vulnerabilityEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: npm
Packages: @strapi/plugin-users-permissions, @strapi/admin
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS0yNHEyLTU5aG0tcmg5cs4AA12t
Strapi Improper Rate Limiting vulnerabilityEcosystems: npm
Packages: @strapi/plugin-users-permissions, @strapi/admin
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1tMjg0LTg1bWYtY2dyY84AA12s
Strapi's field level permissions not being respected in relationship titleEcosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS12OGdnLTRtcTItODhxNM4AA12r
Strapi may leak sensitive user information, user reset password, tokens via content-manager viewsEcosystems: npm
Packages: @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTableEcosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg
Electron vulnerable to out-of-package code execution when launched with arbitrary cwdEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf
Electron context isolation bypass via nested unserializable return valueEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1neGg3LXd2OXEtZndmcs4AA1vc
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabledEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1mY3Y2LWZnNXItam05cc4AA1rK
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointerEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: npm
Packages: @dcl/single-sign-on-client
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS12cDRmLXd4Z3ctN3g4eM4AA1rC
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-clientEcosystems: npm
Packages: @dcl/single-sign-on-client
Source: GitHub Advisory Database
Published: 3 months ago
Low
Ecosystems: npm
Packages: apollo-server-core, @apollo/server
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1qNWczLTVjOHItN3FmeM4AA1lN
Prevent logging invalid header valuesEcosystems: npm
Packages: apollo-server-core, @apollo/server
Source: GitHub Advisory Database
Published: 3 months ago
Critical
Ecosystems: npm
Packages: find-exec
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS05NXJwLTZncXAtNjYyMs4AA1lI
Command Injection Vulnerability in find-execEcosystems: npm
Packages: find-exec
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @goauthentik/api
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS12bWY5LTZwY3YteHI4N84AA1ja
Username enumeration attack in goauthentikEcosystems: npm
Packages: @goauthentik/api
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1ocHg0LXI4NmctNWpyZ84AA1jW
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSSEcosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: swift, npm, packagist
Packages: https://github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS12eHZtLXF3dzMtMmZoN84AA1jJ
MongoDB Driver may publish events containing authentication-related dataEcosystems: swift, npm, packagist
Packages: https://github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1jaDNjLXY0N3gtNHBncM4AA1i9
Cleartext Signed Message Signature Spoofing in openpgpEcosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @webiny/react-rich-text-renderer
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS0zeDU5LXZybWMtNW14Ns4AA1fb
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text contentEcosystems: npm
Packages: @webiny/react-rich-text-renderer
Source: GitHub Advisory Database
Published: 3 months ago
Low
Ecosystems: npm
Packages: basti-cdk
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1xNHBwLWozNmgtM2dxZ84AA1e3
Minimal `basti` IAM Policy Allows Shell AccessEcosystems: npm
Packages: basti-cdk
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS1qNTVyLTc4N3AtbTU0Oc4AA1aq
Shescape on Windows escaping may be bypassed in threaded contextEcosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @node-saml/node-saml
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS12eDhtLTZmaHctcGNjd84AA1aW
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityErrorEcosystems: npm
Packages: @node-saml/node-saml
Source: GitHub Advisory Database
Published: 4 months ago
Critical
Ecosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS01cDQyLW02ZjMtaHBtas4AA1Wh
tree-kit Prototype Pollution vulnerabilityEcosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS12N3Y4LWdqdjctZmZtcs4AA1WK
@excalidraw/excalidraw Cross-site Scripting vulnerabilityEcosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS1mcjlnLTJtMmgtYzI3as4AA1VN
Duplicate Advisory: @excalidraw/excalidraw Cross-site Scripting vulnerabilityEcosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS05Yzl2LXcyMjUtdjVyZ84AA1Uk
Ghost vulnerable to arbitrary file read via symlinks in content importEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS05Y3ZjLXY3d20tOTkyY84AA1Uh
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessibleEcosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Published: 4 months ago
Critical
Ecosystems: npm
Packages: external-svg-loader
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS14YzJyLWpmMngtZ2pyOM4AA1Sy
external-svg-loader Cross-site Scripting vulnerabilityEcosystems: npm
Packages: external-svg-loader
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: svelecte
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS03aDQ1LWdyYzUtODl3cc4AA1SS
Svelecte item names vulnerable to execution of arbitrary JavaScriptEcosystems: npm
Packages: svelecte
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS1nNHZwLW02ODItcXFtcM4AA1Qt
OpenZeppelin Contracts vulnerable to Improper Escaping of OutputEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: critters
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS1jeDNqLXFxeGotOTU5N84AA1Qs
Critters Cross-site Scripting VulnerabilityEcosystems: npm
Packages: critters
Source: GitHub Advisory Database
Published: 4 months ago
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
27
electron
26
@openzeppelin/contracts-upgradeable
19
@openzeppelin/contracts
18
sequelize
17
marked
16
swagger-ui
14
tinymce
13
handlebars
13
next
13
strapi
13
vm2
12
directus
12
ghost
11
nodebb
11
ckeditor4
11
angular
10
jquery-rails
10
jquery
10
next-auth
9
org.webjars.npm:jquery
9
validator
9
serve
9
systeminformation
8
url-parse
8
node-forge
8
urijs
8
matrix-js-sdk
8
steal
8
joplin
8
@strapi/strapi
8
npm
8
jQuery.UI.Combined
8
jquery-ui
8
org.webjars.npm:jquery-ui
8
jquery-ui-rails
8
jQuery
8
undici
8
editor.md
8
shescape
7
tar
7
nocodb
7
total.js
7
keystone
7
snyk-broker
7
hapi
7
jsrsasign
7
hermes-engine
7
bootstrap
7
TinyMCE
7
tinymce/tinymce
7
lodash
7
matrix-react-sdk
7
matrix-appservice-irc
6
express-cart
6
parse-url
6
safe-eval
6
aaptjs
6
@strapi/plugin-users-permissions
5
sweetalert2
5
generator-jhipster
5
qs
5
ua-parser-js
5
rendertron
5
dojo
5
ecstatic
5
dns-sync
5
safer-eval
5
moment
5
public
5
@sequelize/core
5
jsonwebtoken
5
lodash-es
5
total4
5
openpgp
5
prismjs
5
sanitize-html
5
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
awsiotsdk
4
aws-iot-device-sdk-v2
4
engine.io
4
rsshub
4
simple-git
4
glance
4
axios
4
hummus
4
yarn
4
muhammara
4
apostrophe
4
valine
4
apollo-server-core
4
dompurify
4
protobufjs
4
highcharts
4
is-my-json-valid
4
auth0-js
4
vditor
4
@keystone-6/core
4
xmldom
4
materialize-css
4
sails
4
ejs
4
passport-wsfed-saml2
4
realms-shim
4
mermaid
4
fastify
4
@backstage/plugin-scaffolder-backend
4
ws
4
xlsx
4
remarkable
4
vega
4
auth0-lock
4
simple-markdown
4
mongoose
4
postcss
3
llhttp
3
tough-cookie
3
@strapi/utils
3
snyk
3
xdLocalStorage
3
jwt-simple
3
mixme
3
static-eval
3
jspdf
3
nadesiko3
3
docsify
3
openmct
3
ftp-srv
3
jointjs
3
@frangoteam/fuxa
3
aedes
3
@hapi/subtext
3
subtext
3
node-fetch
3
bin-links
3
node-red-dashboard
3
loader-utils
3
ses
3
apollo-server
3
harp
3
immer
3
fuxa-server
3
socket.io-parser
3
node-opcua
3
vite
3
hekto
3
object-path
3
mysql
3
@uppy/companion
3
json-pointer
3
minimist
3
slpjs
3
froala-editor
3
blamer
3
convert-svg-core
3
yapi-vendor
3
node-ipc
3
code-server
3
grunt
3
mathjs
3
notevil
3
send
3
feathers-sequelize
3
keycloak-connect
3
json-ptr
3
convict
3
mongo-express
3
org.webjars.npm:xlsx
3
@soketi/soketi
3
locutus
3
@backstage/techdocs-common
3
jquery-validation
3
codecov
3
bson
3
socket.io-file
3
@ckeditor/ckeditor5-markdown-gfm
3
n8n
3
uap-core
3
@commercial/subtext
3
parsel
3
express-fileupload
3
http-live-simulator
3
lodash.defaultsdeep
3
buttle
3
@materializecss/materialize
3
serialize-to-js
3
m-server
3
uptime-kuma
3
@vrite/sdk
3
slp-validate
3
dojox
3
connect
3
ids-enterprise
3
js-yaml
3
localhost-now
3
mxgraph
3
uglify-js
3
simplehttpserver
3
https-proxy-agent
3
fast-xml-parser
3
node-jose
3
raneto
3
@apollo/server
3
request
2
simditor
2
mixin-deep
2
is-svg
2
matrix-appservice-bridge
2
merge-deep
2
fastify-static
2
detect-character-encoding
2
dijit
2
Moment.js
2
crypto-js
2
hawk
2
pullit
2
bootstrap
2
jQuery.Validation
2
@fastify/passport
2
lazysizes
2
node-rules
2
macaddress
2
http-proxy-agent
2
decal
2
waterline-sequel
2
merge
2
@claviska/jquery-minicolors
2
@strapi/admin
2
whereis
2
sshpk
2
jszip
2
@node-red/runtime
2
canvas
2
nunjucks
2
highlight.js
2
sockjs
2
electron-markdownify
2
async-git
2
multi-ini
2
braces
2
@hapi/hoek
2
lodash.merge
2
isolated-vm
2
saml2-js
2
yeoman-genrator
2
json-serializer
2
ibm_db
2
node-saml
2
quill
2
loopback
2
converse.js
2
set-in
2
jodit
2
minimatch
2
flatmap-stream
2
angular-expressions
2
google-closure-library
2
jose-node-cjs-runtime
2
jose-node-esm-runtime
2
jose-browser-runtime
2
jose
2
papaparse
2
fs-path
2
knockout
2
moment-timezone
2
@actions/core
2
constantinople
2
list-n-stream
2
node-simple-router
2
renovate
2
@builder.io/qwik
2
tomato
2
serve-lite
2
shell-quote
2
sharp
2
bootstrap-table
2
jquery
2
@vendure/core
2
bootbox
2
payload
2
node-static
2
@adobe/css-tools
2
deep-get-set
2
deap
2
fast-string-search
2
crud-file-server
2
dot
2
serialize-javascript
2
giting
2
@finastra/nestjs-proxy
2
querymen
2
jsuites
2
jpeg-js
2
set-value
2
@xmldom/xmldom
2
semver-regex
2
mout
2
ungit
2
xmlhttprequest-ssl
2
sds
2