Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtNWotdnFyNi12N3Y4
OS Command Injection in pixl-class
Ecosystems: npm
Packages: pixl-class
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3OGYtMzUzbS1jZjRq
Code Injection in node-rules
Ecosystems: npm
Packages: node-rules
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xOXIyLWYzdmMtcmpnOM4AAuAj
Command Injection in macaddress
Ecosystems: npm
Packages: macaddress
Source: GitHub Advisory Database
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3Zzgtcjl2dy03NjV4
Private Field data leak
Ecosystems: npm
Packages: @keystonejs/keystone
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05N2p2LWMzNDItNXhoY84AAwaR
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Ecosystems: npm
Packages: whois
Source: GitHub Advisory Database
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnMnAtMmN2cS00cHB2
Cross-site scripting in lazysizes
Ecosystems: npm
Packages: lazysizes
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wcDUtMng1NS00OXh3
XSS in svg2png (NPM package)
Ecosystems: npm
Packages: svg2png
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwOTQtdmo5Ny1mbTRx
OS Command Injection in fsa
Ecosystems: npm
Packages: fsa
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2YzQtam1xeC0zcjMz
Open Redirect in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyYzctNmc4dy1qaDU2
Improper Input Validation in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jaGdnLXJybXYtNXE3eM4AAuAh
Withdrawn
Ecosystems: npm
Packages: jwt-simple
Source: GitHub Advisory Database
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtNnEtcnhobS02NzV3
OS Command Injection in adb-driver
Ecosystems: npm
Packages: adb-driver
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yNTJoLTJjbXEtcG1yNs4AAwXI
easywebpack-cli Path Traversal vulnerability
Ecosystems: npm
Packages: @easy-team/easywebpack-cli
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1odzQ2LXZnNnctODhmas4AAwXM
replicator vulnerable to Deserialization of Untrusted Data
Ecosystems: npm
Packages: replicator
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04cGYzLTZmZ3ItM2czZ84AAy3P
`chainId` may be outdated if user changes chains as part of connection in @web3-react
Ecosystems: npm
Packages: @web3-react/walletconnect, @web3-react/metamask, @web3-react/eip1193, @web3-react/coinbase-wallet
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmNmctdzVnai1jOTNo
Prototype Pollution in iniparserjs
Ecosystems: npm
Packages: iniparserjs
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwNzctZnFxcC03OWo4
Prototype Pollution in decal
Ecosystems: npm
Packages: decal
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozMngtajhwai1wZzJo
Prototype Pollution in decal
Ecosystems: npm
Packages: decal
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2d2YtNDM2bS1oNDI0
Resource Exhaustion Denial of Service in http-proxy-agent
Ecosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS14djNxLWpybW0tNGZ4ds4AAy3O
Authentication Bypass in @strapi/plugin-users-permissions
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1NDgtcTc0Ni14NXg2
Code injection in port-killer
Ecosystems: npm
Packages: port-killer
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxNHctM3dwNC1xNXdm
Denial of Service in get-ip-range
Ecosystems: npm
Packages: get-ip-range
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tcGN4LThxcXctcm1jcc4AAuAg
SQL Injection in waterline-sequel
Ecosystems: npm
Packages: waterline-sequel
Source: GitHub Advisory Database
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwZ2gtaG12NC1yM3Y1
Prototype pollution in safe-obj
Ecosystems: npm
Packages: safe-obj
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyNjkteDRwdy12ZmZn
OS Command Injection in diskusage-ng
Ecosystems: npm
Packages: diskusage-ng
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanctcHIyYy05eDk2
Code injection in @rkesters/gnuplot
Ecosystems: npm
Packages: @rkesters/gnuplot
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1Y3EtOTUzNy05cnBm
Prototype Pollution in mixme
Ecosystems: npm
Packages: mixme
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12Yzl4LWdtbXItcDdqas4AAwP1
Duplicate advisory: @claviska/jquery-minicolors vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @claviska/jquery-minicolors
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS02NHdwLWpoOXAtNWNnMs4AAw6f
RSSHub SSRF vulnerability
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS13eGdoLThnbXItM3FoM84AAwzL
terminal-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: terminal-kit
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1mNDRxLTYzNGMtanZ3ds4AAwM5
libp2p DoS vulnerability from lack of resource management
Ecosystems: npm
Packages: libp2p
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04cGg4LTlxMmotYzNycc4AAwx-
nodebatis SQL Injection vulnerability
Ecosystems: npm
Packages: nodebatis
Source: GitHub Advisory Database
Published: 5 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYycnAtMzh2Zy1qM2do
Null characters not escaped
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3bW0tbTN3eC1qN2Zy
Command injection in gitlog
Ecosystems: npm
Packages: gitlog
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2MjctMmZnOS03aDYy
Withdrawn: Arbitrary Code Execution in static-eval
Ecosystems: npm
Packages: static-eval
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNTZyLWpyNHAtNHdnaM4AAuAd
Withdrawn
Ecosystems: npm
Packages: whereis
Source: GitHub Advisory Database
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3cHctMmhqbS04OWdw
Prototype Pollution in merge
Ecosystems: npm
Packages: merge
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cDk1LWZ4dmctcWdxMs4AAwKh
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0NXEtM2ZnNi00OG03
Regular expression denial of service (ReDoS)
Ecosystems: npm
Packages: html-parse-stringify2, html-parse-stringify
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13am1mLTU4dmMteHFqcs4AAuAc
Content injection in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmd3gtYzdxNi1nNTRj
Vulnerability allowing for reading internal HTTP resources
Ecosystems: npm
Packages: highcharts-export-server
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3ZjMtZ2dobS05bWhj
Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: jspdf
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS13eDg0LTY5amgtampwMs4AAuAK
Withdrawn
Ecosystems: npm
Packages: sshpk
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwbTUtdnY5Ny1qZndn
Uncontrolled Resource Consumption in firebase
Ecosystems: npm
Packages: @firebase/util
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtaDktcmc2Zi1qM21y
Verification flaw in Solid identity-token-verifier
Ecosystems: npm
Packages: @solid/identity-token-verifier
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14Mmp4LXczd20tOXAzcM4AAwI2
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0yYzI5LXdjNjUtNGN4Oc4AAlq3
linux-cmdline is vulnerable to Prototype Pollution via the constructor
Ecosystems: npm
Packages: linux-cmdline
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zaGpoLTVoZ3gtZjV3aM4AAxkv
Path traversal vulnerability in glance
Ecosystems: npm
Packages: glance
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS1ncHZqLWdwOGMtYzdwMs4AAxkL
Regular Expression Denial of Service in simple-markdown
Ecosystems: npm
Packages: simple-markdown
Source: GitHub Advisory Database
Published: 4 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zM3YtMzM4aC00djlm
Path traversal in Node-Red
Ecosystems: npm
Packages: @node-red/runtime
Source: GitHub Advisory Database
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtbTktYzJmeC1jN200
XSS in docsify
Ecosystems: npm
Packages: docsify
Source: GitHub Advisory Database
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jaDNyLWo1eDMtNnEybc4AAy46
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyMnctMzk0di01M3Fj
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03bWYtdm02Mi03eDNx
Insecure template handling in haml-coffee
Ecosystems: npm
Packages: haml-coffee
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oMnBtLTM3OGMtcGN4eM4AAy5Z
Path traversal vulnerability in gatsby-plugin-sharp
Ecosystems: npm
Packages: gatsby-plugin-sharp
Source: GitHub Advisory Database
Published: about 2 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2cnEtcmpjMi04NnYy
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Ecosystems: npm
Packages: chownr
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwcWgtNDZxai12d2N3
Cross-site Scripting in docsify
Ecosystems: npm
Packages: docsify
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scripting
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjZjgtcWhxai12anFt
Prototype pollution in total.js
Ecosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Published: over 2 years ago
Low
GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV
sweetalert2 v8.19.1 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
sweetalert2 v9.17.4 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZjgtMmgzMi1mNGNq
Regular Expression Denial of Service in hosted-git-info
Ecosystems: npm
Packages: hosted-git-info
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4dzktMjc4OS02aGhy
Deserialization of Untrusted Data in bson
Ecosystems: npm
Packages: bson
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczcmcteDY4My1tM3F3
Buffer overflow in canvas
Ecosystems: npm
Packages: canvas
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhyOGgtNTN4ci1qaGNt
Path Traversal in marked-tree
Ecosystems: npm
Packages: marked-tree
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4ZmgtcHZxMi14OGM0
Malicious npm package: sonatype
Ecosystems: npm
Packages: sonatype
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14NzdqLXc3d2YtZmptd84AAy5c
Nunjucks autoescape bypass leads to cross site scripting
Ecosystems: npm
Packages: nunjucks
Source: GitHub Advisory Database
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoaHcteGp2Zi13cHJy
Command Injection in @graphql-tools/git-loader
Ecosystems: npm
Packages: @graphql-tools/git-loader
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xcmdmLTlncGMtdnJ4d84AAy5b
Bypass of CSRF protection in the presence of predictable userInfo
Ecosystems: npm
Packages: @fastify/csrf-protection
Source: GitHub Advisory Database
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3cDktNTJoOC14Z2c4
Prototype pollution in JointJS
Ecosystems: npm
Packages: jointjs
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aDgtN3FmZi1naDZj
Server-side request forgery in Ghost CMS
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3MzctNWdxci1jZjlq
Server-Side Request Forgery in ftp-srv
Ecosystems: npm
Packages: ftp-srv
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yN3FwLWNmaHYtcDg0d84AAv_b
Uncaught exception in engine.io
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3MnYtcTIzNS12cDk5
Axios vulnerable to Server-Side Request Forgery
Ecosystems: npm
Packages: axios
Source: GitHub Advisory Database
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4ZmgtOHJnbS0yMjdo
OS Command Injection in node-prompt-here
Ecosystems: npm
Packages: node-prompt-here
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01N3AtcDY3aC1tcTc0
Command Injection Vulnerability in systeminformation
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3d3Ytdmgzdi04OWNx
ReDOS vulnerabities: multiple grammars
Ecosystems: npm
Packages: @highlightjs/cdn-assets, highlight.js
Source: GitHub Advisory Database
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRndzMtOGY3Ny1mNzJj
Regular expression denial of service in codemirror
Ecosystems: npm
Packages: codemirror
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ZzYtOTMzNS14Njk3
Improper Input Validation in SocksJS-Node
Ecosystems: npm
Packages: sockjs
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mZndmLTQ3eDItanByOM4AAv2P
Matrix-appservice-irc vulnerable to sql injection via roomIds argument
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05OHBmLWdmaDMteDNtcM4AAv0C
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: readthedocs
Source: GitHub Advisory Database
Published: 7 months ago
High
GSA_kwCzR0hTQS0zcW1jLTJyNzYtNHJxcM4AAv0B
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
Ecosystems: npm
Packages: @redwoodjs/api
Source: GitHub Advisory Database
Published: 7 months ago
High
GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZoN2YtcXdxbS0zNXBw
Arbitrary File Read in phantom-html-to-pdf
Ecosystems: npm
Packages: phantom-html-to-pdf
Source: GitHub Advisory Database
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxOGctNXBjNS13cmhy
Insufficient Entropy in cryptiles
Ecosystems: npm
Packages: cryptiles
Source: GitHub Advisory Database
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh
Remote code execution via MongoDB BSON parser through prototype pollution
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wNWc5LXJqY2YtOTV2as4AAvs_
fastest-json-copy vulnerable to Prototype Pollution
Ecosystems: npm
Packages: fastest-json-copy
Source: GitHub Advisory Database
Published: 7 months ago
High
GSA_kwCzR0hTQS04MjM3LTNxNWctOTlmds4AAxzz
Denial of Service vulnerability in lite-web-server
Ecosystems: npm
Packages: lite-web-server
Source: GitHub Advisory Database
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3ZmotbWM4dy1qOXdn
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xcWhmLXhmaHctNzg4NM4AAvtB
Markdownify has Files or Directories Accessible to External Parties
Ecosystems: npm
Packages: electron-markdownify
Source: GitHub Advisory Database
Published: 7 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxcHItOW1jNS03Z2No
Command Injection in async-git
Ecosystems: npm
Packages: async-git
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZydjQtNHF2Ni04OGcy
Prototype Pollution in set-or-get
Ecosystems: npm
Packages: set-or-get
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtcHItdmM1cS1oM2p3
Exposure of Resource to Wrong Sphere in valib
Ecosystems: npm
Packages: valib
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtcHgtdmczYy1jbXI0
Improper Authentication in react-adal
Ecosystems: npm
Packages: react-adal
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtZmMtdjd3di1wNjJn
Path Traversal in Yarn
Ecosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3OGYtNTQ5dy1jMzU0
Prototype Pollution in multi-ini
Ecosystems: npm
Packages: multi-ini
Source: GitHub Advisory Database
Published: about 2 years ago
Filter by Package
parse-server 24 electron 19 sequelize 17 @openzeppelin/contracts-upgradeable 16 marked 16 @openzeppelin/contracts 15 swagger-ui 14 strapi 14 handlebars 13 next 12 vm2 10 ghost 10 angular 10 ckeditor4 10 tinymce 10 directus 9 jquery 9 validator 9 serve 9 nodebb 8 url-parse 8 matrix-js-sdk 8 urijs 8 steal 8 jquery-ui 8 next-auth 8 npm 8 node-forge 8 editor.md 8 tar 7 total.js 7 systeminformation 7 jsrsasign 7 keystone 7 snyk-broker 7 hapi 7 bootstrap 7 hermes-engine 7 jQuery 7 undici 7 lodash 7 express-cart 6 parse-url 6 joplin 6 @strapi/strapi 6 safe-eval 6 aaptjs 6 matrix-react-sdk 6 shescape 5 ua-parser-js 5 rendertron 5 dojo 5 dns-sync 5 ecstatic 5 safer-eval 5 moment 5 qs 5 public 5 @sequelize/core 5 jsonwebtoken 5 lodash-es 5 prismjs 5 sanitize-html 5 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 simple-git 4 rsshub 4 simple-markdown 4 glance 4 sweetalert2 4 engine.io 4 matrix-appservice-irc 4 yarn 4 hummus 4 muhammara 4 nocodb 4 apostrophe 4 generator-jhipster 4 valine 4 highcharts 4 is-my-json-valid 4 mermaid 4 auth0-js 4 vditor 4 xmldom 4 materialize-css 4 ejs 4 tinymce/tinymce 4 TinyMCE 4 realms-shim 4 fastify 4 xlsx 4 ws 4 openpgp 4 remarkable 4 vega 4 auth0-lock 4 xdLocalStorage 3 jwt-simple 3 @strapi/plugin-users-permissions 3 mixme 3 static-eval 3 nadesiko3 3 jspdf 3 bson 3 immer 3 jointjs 3 axios 3 ftp-srv 3 aedes 3 subtext 3 @hapi/subtext 3 bin-links 3 node-red-dashboard 3 node-fetch 3 mongoose 3 lodash.merge 3 apollo-server 3 harp 3 minimist 3 dompurify 3 node-opcua 3 apollo-server-core 3 raneto 3 protobufjs 3 hekto 3 object-path 3 jquery-validation 3 json-pointer 3 @uppy/companion 3 slpjs 3 froala-editor 3 convert-svg-core 3 yapi-vendor 3 node-ipc 3 grunt 3 code-server 3 mathjs 3 keycloak-connect 3 send 3 notevil 3 sails 3 feathers-sequelize 3 json-ptr 3 mongo-express 3 convict 3 @backstage/plugin-scaffolder-backend 3 socket.io-parser 3 loader-utils 3 org.webjars.npm:xlsx 3 simplehttpserver 3 socket.io-file 3 locutus 3 @backstage/techdocs-common 3 n8n 3 codecov 3 @ckeditor/ckeditor5-markdown-gfm 3 uap-core 3 @commercial/subtext 3 parsel 3 http-live-simulator 3 lodash.mergewith 3 lodash.defaultsdeep 3 buttle 3 serialize-to-js 3 m-server 3 slp-validate 3 dojox 3 https-proxy-agent 3 ids-enterprise 3 localhost-now 3 js-yaml 3 uglify-js 3 macaddress 2 node-rules 2 lazysizes 2 decal 2 http-proxy-agent 2 waterline-sequel 2 @claviska/jquery-minicolors 2 whereis 2 merge 2 fastify-static 2 canvas 2 sshpk 2 jsuites 2 docsify 2 @node-red/runtime 2 node-jose 2 nunjucks 2 sockjs 2 papaparse 2 highlight.js 2 electron-markdownify 2 async-git 2 multi-ini 2 request 2 braces 2 @hapi/hoek 2 isolated-vm 2 netmask 2 ses 2 saml2-js 2 yeoman-genrator 2 json-serializer 2 ibm_db 2 node-saml 2 quill 2 debug 2 snyk 2 set-in 2 loopback 2 defaults-deep 2 elliptic 2 eslint-config-eslint 2 @fastify/passport 2 flatmap-stream 2 angular-expressions 2 minimatch 2 dotty 2 fs-path 2 jose-node-esm-runtime 2 jose 2 jose-node-cjs-runtime 2 jose-browser-runtime 2 google-closure-library 2 knockout 2 moment-timezone 2 vite 2 @actions/core 2 constantinople 2 list-n-stream 2 tough-cookie 2 node-simple-router 2 renovate 2 @finastra/nestjs-proxy 2 mysql 2 @builder.io/qwik 2 tomato 2 jQuery.Validation 2 serialize-javascript 2 serve-lite 2 bootstrap-table 2 pullit 2 node-static 2 blamer 2 payload 2 deep-get-set 2 deap 2 detect-character-encoding 2 querymen 2 fast-string-search 2 crud-file-server 2 dot 2 set-value 2 giting 2 jpeg-js 2 semver-regex 2 ungit 2 mout 2 @keystone-6/core 2 @xmldom/xmldom 2 sds 2 shell-quote 2 fastify-csrf 2 node-sass 2 html-janitor 2 mapbox-rails 2 mapbox.js 2 @npmcli/arborist 2 jszip 2 ms 2 madlib-object-utils 2 express-openid-connect 2 css-what 2 passport-saml 2 bodymen 2 rgb2hex 2 libnested 2 acorn 2 connect 2 assign-deep 2 merge-deep 2 status-board 2 http-file-server 2 jquery-rails 2 typeorm 2 jquery.terminal 2 angular-http-server 2 @cubejs-backend/api-gateway 2 mqtt-packet 2 bootstrap-sass 2 bootstrap 2 st 2 i18next 2 mustache 2 ssri 2 http-proxy 2 express-fileupload 2