Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1ncHFxLTk1MnEtNTMyN80Wtg
XSS in the `of` option of the `.position()` util in jquery-ui
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4ZzUtMnFmZi1wNDly
Passing in a non-string 'html' argument can lead to unsanitized output
Ecosystems: npm
Packages: striptags
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01aDlnLXg1cnYtMjV3Z80WrQ
Cross-site scripting vulnerability in TinyMCE
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tcGptLXY5OTctYzRoNM0WiQ
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14NWN3LTg0M2YtcjM2Ns4AAujc
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: x-data-spreadsheet
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2cHgtOTQ1OS13M21q
Cross-Site Scripting in @ckeditor/ckeditor5-link
Ecosystems: npm
Packages: @ckeditor/ckeditor5-link
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1oaGZnLTZoZmMtcnZ4bc0WBg
Regular Expression Denial of Service in jsoneditor
Ecosystems: npm
Packages: jsoneditor
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4NDYtd2hyai03M3Y1
Bypassing Sanitization using DOM clobbering in html-janitor
Ecosystems: npm
Packages: html-janitor
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzZzMtMzM0Zi1xNmg0
Pandao editor.md vulnerable to DOM XSS
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnODUtcDZqNy1ncDN3
SimpleMDE XSS Vulnerability
Ecosystems: npm
Packages: simplemde
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1yd3g5LXdxajgtdnI3N84AAluo
Expo on iOS is insecure due incorrect security attribute application
Ecosystems: npm
Packages: expo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwZmotNGo2Zy1jNHc5
Clipboard-based DOM-XSS
Ecosystems: npm
Packages: @github/paste-markdown
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqNDgtNDJ2ci14M3Y5
Regular Expression Denial of Service in path-parse
Ecosystems: npm
Packages: path-parse
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mNzcyLTY2ZzgtcTVoM84AAuFo
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03cjNoLW01ajYtM3E0Ms4AAuFm
@actions/core has Delimiter Injection Vulnerability in exportVariable
Ecosystems: npm
Packages: @actions/core
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yZnZ2LXF4cnEtN2pxNs4AAuFi
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page
Ecosystems: npm
Packages: apollo-server-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14NTY1LTMycXAtbTN2Zs4AA67m
phin may include sensitive headers in subsequent requests after redirect
Ecosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmNngtNDlnMi05OWZt
Cross-site Scripting in Mermaid
Ecosystems: npm
Packages: mermaid
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00d2gzLTN3ZjItMzltOc4AA66A
Summernote vulnerable to cross-site scripting
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3eDMtN2h3Ny1wY2pn
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Ecosystems: npm
Packages: renovate
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS00MndxLXJjaDgtNmY2as4AAt2p
CKEditor5 cross-site scripting vulnerability caused by the editor instance destroying process
Ecosystems: npm
Packages: @ckeditor/ckeditor5-html-embed, @ckeditor/ckeditor5-html-support, @ckeditor/ckeditor5-markdown-gfm
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00dm04LWo5NWYtajZ2Nc4AAtYF
Strapi 4.1.12 Cross-site Scripting via crafted file
Ecosystems: npm
Packages: @strapi/strapi
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4bTMtMjg0cC1xYzR2
Prototype Pollution in sds
Ecosystems: npm
Packages: sds
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5cGMtMjk5cC12eGdw
yargs-parser Vulnerable to Prototype Pollution
Ecosystems: npm
Packages: yargs-parser
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0zY3ZyLTgyMnItcnFjY84AAtkH
undici before v5.8.0 vulnerable to CRLF injection in request headers
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmcjMtODdxMy02NXJj
Cross-site Scripting in vmd
Ecosystems: npm
Packages: vmd
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4OGctY2dtdy12NXh3
Prototype Pollution in Ajv
Ecosystems: npm
Packages: ajv
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1tNGYtNDdjaC1mN2h4
Arbitrary code execution in kill-by-port
Ecosystems: npm
Packages: kill-by-port
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqNDQtZ3BqYy0yOXI3
[thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values
Ecosystems: npm
Packages: @thi.ng/egf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjaDUtd2hnOS1xcjJy
netmask npm package mishandles octal input data
Ecosystems: npm
Packages: netmask
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzZnAtZm1ydi1mNXB4
Uncontrolled Resource Consumption in strapi
Ecosystems: npm
Packages: strapi-admin
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRydmctOTU1dy1oNjhx
Path Traversal in angular-http-server
Ecosystems: npm
Packages: angular-http-server
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4ZzYtZmh3Yy05djlj
Regular Expression Denial of Service (ReDoS) in es6-crawler-detect
Ecosystems: npm
Packages: es6-crawler-detect
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNm0tM2g2NS13NTN4
react-dev-utils OS Command Injection in function `getProcessForPort`
Ecosystems: npm
Packages: react-dev-utils
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2Y2otaHZmdy03ZjJ2
botframework-connector vulnerable to Improper Authentication
Ecosystems: npm
Packages: botframework-connector
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtaDktcmc2Zi1qM21y
Verification flaw in Solid identity-token-verifier
Ecosystems: npm
Packages: @solid/identity-token-verifier
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmaHctcjQycC01Yzdy
Regular expression Denial of Service in @progfay/scrapbox-parser
Ecosystems: npm
Packages: @progfay/scrapbox-parser
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1qdnh4LXY0NXAtdjV2Zs4AAs7J
Denial of Service (DoS) vulnerability in RSSHub
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
IPC messages delivered to the wrong frame in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS03N212LTRyZzctcjhxds4AArtT
Potential Sensitive Cookie Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Ecosystems: npm
Packages: @finastra/nestjs-proxy
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTYyLWMzY3ctM3A1Z84AArtS
Potential Authorization Header Exposure in NPM Packages @finastra/nestjs-proxy, @ffdc/nestjs-proxy
Ecosystems: npm
Packages: @finastra/nestjs-proxy
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00anFjLWp2aDItcHhnOc4AArtF
Path traversal for local publishers in TechDocs backend
Ecosystems: npm
Packages: @backstage/techdocs-common, @backstage/plugin-techdocs-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt
AutoUpdater module fails to validate certain nested components of the bundle
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwN2gtNTNneC1teDdy
Remote Memory Exposure in bl
Ecosystems: npm
Packages: bl
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtNGotNHhobS14cHd4
Sandbox Breakout / Arbitrary Code Execution in sandbox
Ecosystems: npm
Packages: sandbox
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3NTItZjRnZi05NGdj
Materialize-css vulnerable to Cross-site Scripting in autocomplete component
Ecosystems: npm
Packages: @materializecss/materialize, materialize-css
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS14MnBnLW1qaHItMm01eM4AAreR
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Ecosystems: npm
Packages: semantic-release
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4aDgteDY5Ny1naDhx
Tmp files readable by other users in sync-exec
Ecosystems: npm
Packages: sync-exec
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoNXItMjNyNC1tODdo
Cross-Site Scripting in gitbook
Ecosystems: npm
Packages: gitbook
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3ZzQtMzZqcC01djNt
Remote Memory Disclosure in bittorrent-dht
Ecosystems: npm
Packages: bittorrent-dht
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cTktcDNqcS1mbWht
Uncontrolled resource consumption in jpeg-js
Ecosystems: npm
Packages: jpeg-js
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNmgtcnF2OC04cTcz
GraphQL: Security breach on Viewer query
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS03cWN4LTRwMzItcWNteM4AArM_
Missing Cryptographic Step in cassproject
Ecosystems: npm
Packages: cassproject
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ncnc1LWc5aDItd3BnOM4AAX61
Cross-site Scripting in bootstrap-table
Ecosystems: npm
Packages: bootstrap-table
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxNzctN3A3ci04M3Jq
Directory Traversal in Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 4 years ago
Moderate
GSA_kwCzR0hTQS03d3c2LTc1ZmotamNqN84AAqwb
Cross-site Scripting in Auth0 Lock
Ecosystems: npm
Packages: auth0-lock
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtY3gteGhyOC0zdzlw
Denial of Service in uap-core when processing crafted User-Agent strings
Ecosystems: rubygems, npm
Packages: user_agent_parser, uap-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnOTctd3c3aC01bWpy
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Ecosystems: npm
Packages: dojox
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS0yM3d4LWNneHEtdnB3eM3X4Q
Prototype Pollution in dset
Ecosystems: maven, npm
Packages: org.webjars.npm:dset, dset
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcycGYtZzZyOC1wZzIy
auth0-lock vulnerable to XSS via unsanitized placeholder property
Ecosystems: npm
Packages: auth0-lock
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjUtd3h3cC1tN2c5
Open Redirect in Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1cDgtM2htNC1oOWg4
Denial of Service in rgb2hex
Ecosystems: npm
Packages: rgb2hex
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycDYtNG1wNy0zcjl2
Regular Expression Denial of Service in underscore.string
Ecosystems: npm
Packages: underscore.string
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cXctNXB2Zy1tbXdw
Prototype Pollution in lutils-merge
Ecosystems: npm
Packages: lutils-merge
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS1nNjk0LW04dnEtZ3Y5aM04KA
URL Confusion When Scheme Not Supplied in medialize/uri.js
Ecosystems: npm
Packages: urijs
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyZnYtcWdqNi0ydzJw
Cross-site Scripting in NodeBB
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyNG0taGp3ai00M3A4
Insecure Defaults Allow MITM Over TLS in engine.io-client
Ecosystems: npm
Packages: engine.io-client
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2cTctZzU3di1teGNw
HTML Injection in shout
Ecosystems: npm
Packages: shout
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzM3ctcnhqMy1mNTVy
Regular Expression Denial Of Service in uri-js
Ecosystems: npm
Packages: uri-js
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4NHEtNmpmdi04aDlo
Path Traversal in glance
Ecosystems: npm
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyMjUtNmN2ci04cHFw
superagent vulnerable to zip bomb attacks
Ecosystems: npm
Packages: superagent
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmajQtOTZmNy02cjVn
Cross-Site Scripting in html-janitor
Ecosystems: npm
Packages: html-janitor
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyMjgtN2o2cC05aG12
Content Injection via TileJSON attribute in mapbox.js
Ecosystems: rubygems, npm
Packages: mapbox-rails, mapbox.js
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS0ycjJjLWc2M3ItdmNjcs00Kg
Improper Verification of Cryptographic Signature in `node-forge`
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtdnItNXgyZy13ZmM4
Bootstrap Cross-site Scripting vulnerability
Ecosystems: npm, rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS00dnZnLXg4NnAtbXZxY80ymA
Leaking of user information on Cross-Domain communication in sysend
Ecosystems: npm
Packages: sysend
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjbTItOWM4OS13bWZt
Cross-site Scripting in jquery-ui
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS04Y2Y3LTMyZ3ctd3IzM84AAwgf
jsonwebtoken unrestricted key type could lead to legacy keys usage
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oanJmLTJtNjgtNTk1Oc4AAwgh
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xd3BoLTQ5NTItN3hyNs4AAwgg
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NXJtLTI4OTMtNWY0Oc4AAwgi
liquidjs may leak properties of a prototype
Ecosystems: npm
Packages: liquidjs
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03OW1wLWN4cDQtOXA2cs4AAwo2
Json2html vulnerable to cross-site scripting
Ecosystems: npm
Packages: node-json2html
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jbThoLXE5MnYteGNmY84AAw1D
mercurius has Uncaught Exception when using subscriptions
Ecosystems: npm
Packages: mercurius
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12Zm1wLTk5OTktNndxas4AAxwh
Vditor Cross-site Scripting vulnerability
Ecosystems: npm
Packages: vditor
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NjVmLW14eGgtZ3JjNM4AAxwo
Baremetrics date range picker vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: baremetrics-calendar
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01OWZxLTcyN2otaG0zZs4AAx6i
keycloak-connect contains Open redirect vulnerability in the Node.js adapter
Ecosystems: npm
Packages: keycloak-connect
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E
OpenZeppelin Contracts contains Incorrect Calculation
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00anB2LThyNTctcHY3as4AAx8Q
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
Ecosystems: npm
Packages: @nestjs/core
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wOHA3LXgyODgtMjhnNs4AAyJl
Server-Side Request Forgery in Request
Ecosystems: npm
Packages: @cypress/request, request
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZzY3LXEzOWctcjc5cc4AAyyO
matrix-js-sdk vulnerable to invisible eavesdropping in group calls
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04Nzc1LTVod3Ytd3I2ds4AAzbF
Potential for cross-site scripting in PostHog-js
Ecosystems: npm
Packages: posthog-js
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05cXBqLXFxMnItNW1jY84AAzew
html inputs of type password recorded in plaintext when converted to text inputs
Ecosystems: npm
Packages: highlight.run
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1tajZwLTNwYzktd2Y1bc4AAzhf
proxy denial of service vulnerability
Ecosystems: npm
Packages: proxy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS14M2NjLXgzOXAtNDJxeM4AAzz_
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg
OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qM2Y3LTdybWMtNndxas0YEQ
Improper certificate management in AWS IoT Device SDK v2
Ecosystems: pypi, npm, maven
Packages: awsiotsdk, aws-iot-device-sdk-v2, software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncDJmLTI1NG0tcmgzMs0W9A
Unauthorized access to data in @sap-cloud-sdk/core
Ecosystems: npm
Packages: @sap-cloud-sdk/core
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Z3dqLThoeGMtMjg1d80W4g
Prototype Pollution in json-ptr
Ecosystems: npm
Packages: json-ptr
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05Z2ozLWh3cDUtcG13Y80WtQ
XSS in the `altField` option of the Datepicker widget in jquery-ui
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-ui-rails, org.webjars.npm:jquery-ui, jQuery.UI.Combined, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1,400
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 directus 18 sequelize 16 next 15 swagger-ui 14 tinymce 14 ghost 14 strapi 13 joplin 13 ckeditor4 13 undici 12 vm2 12 nodebb 11 handlebars 11 marked 11 angular 11 nocodb 10 @evershop/evershop 9 serve 9 next-auth 9 TinyMCE 9 tinymce/tinymce 9 node-forge 8 urijs 8 jsrsasign 8 express-cart 8 editor.md 8 validator 8 npm 8 @strapi/strapi 8 url-parse 8 tar 8 steal 8 systeminformation 8 bootstrap 8 matrix-js-sdk 8 org.webjars.npm:jquery 8 jquery 8 jquery-rails 8 total.js 7 sanitize-html 7 uptime-kuma 7 jquery-ui 7 jquery-ui-rails 7 matrix-appservice-irc 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 snyk-broker 7 jQuery 7 shescape 7 lodash 7 matrix-react-sdk 7 hermes-engine 7 hapi 7 safe-eval 6 aaptjs 6 rsshub 6 parse-url 6 lodash-es 5 total4 5 openpgp 5 sweetalert2 5 public 5 ejs 5 prismjs 5 vite 5 mongoose 5 dojo 5 yarn 5 vditor 5 ua-parser-js 5 @strapi/plugin-users-permissions 5 rendertron 5 xlsx 5 keystone 5 safer-eval 4 muhammara 4 remarkable 4 convert-svg-core 4 axios 4 hummus 4 simple-git 4 engine.io 4 jsonwebtoken 4 realms-shim 4 ws 4 fastify 4 katex 4 dompurify 4 apostrophe 4 vega 4 auth0-js 4 @keystone-6/core 4 materialize-css 4 moment 4 mongo-express 4 valine 4 mermaid 4 auth0-lock 4 @backstage/plugin-scaffolder-backend 4 qs 4 ecstatic 4 simple-markdown 4 generator-jhipster 4 mysql2 4 meshcentral 4 aws-iot-device-sdk-v2 4 glance 4 apollo-server-core 4 awsiotsdk 4 follow-redirects 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 ses 3 loader-utils 3 org.webjars.npm:xlsx 3 node-red-dashboard 3 notevil 3 object-path 3 passport-wsfed-saml2 3 js-yaml 3 grunt 3 jspdf 3 n8n 3 locutus 3 jointjs 3 codecov 3 feathers-sequelize 3 mysql 3 wrangler 3 yapi-vendor 3 @frangoteam/fuxa 3 ftp-srv 3 renovate 3 blamer 3 bootstrap 3 @ckeditor/ckeditor5-markdown-gfm 3 raneto 3 tough-cookie 3 froala-editor 3 highcharts 3 localhost-now 3 mixme 3 connect 3 jose 3 socket.io-file 3 fast-xml-parser 3 browserify-shim 3 slpjs 3 dns-sync 3 protobufjs 3 http-live-simulator 3 uap-core 3 xmldom 3 m-server 3 keycloak-connect 3 @strapi/utils 3 @cubejs-backend/api-gateway 3 nodemailer 3 slp-validate 3 apollo-server 3 node-opcua 3 postcss 3 jquery-validation 3 socket.io-parser 3 @backstage/techdocs-common 3 node-ipc 3 mathjs 3 node-jose 3 parsel 3 @uppy/companion 3 nadesiko3 3 convict 3 dojox 3 simplehttpserver 3 fuxa-server 3 mxgraph 3 statics-server 3 stimulsoft-dashboards-js 3 express-fileupload 3 node-fetch 3 xdLocalStorage 3 @hapi/subtext 3 subtext 3 @apollo/server 3 json-pointer 3 immer 3 serialize-to-js 3 buttle 3 typeorm 3 lodash.defaultsdeep 3 @vrite/sdk 3 @commercial/subtext 3 json-ptr 3 @sveltejs/kit 3 snyk 3 @soketi/soketi 3 ids-enterprise 3
Filter by Repository
https://github.com/parse-community/parse-server 29 https://github.com/electron/electron 25 https://github.com/strapi/strapi 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/directus/directus 17 https://github.com/sequelize/sequelize 16 https://github.com/tinymce/tinymce 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/patriksimek/vm2 12 https://github.com/nodejs/undici 12 https://github.com/NodeBB/NodeBB 11 https://github.com/vercel/next.js 11 https://github.com/jquery/jquery 10 https://github.com/nextauthjs/next-auth 10 https://github.com/keystonejs/keystone 10 https://github.com/nocodb/nocodb 10 https://github.com/evershopcommerce/evershop 9 https://github.com/stealjs/steal 8 https://github.com/kjur/jsrsasign 8 https://github.com/apollographql/apollo-server 8 https://github.com/pandao/editor.md 8 https://github.com/matrix-org/matrix-js-sdk 8 https://github.com/sebhildebrandt/systeminformation 8 https://github.com/digitalbazaar/forge 8 https://github.com/twbs/bootstrap 7 https://github.com/unshiftio/url-parse 7 https://github.com/lodash/lodash 7 https://github.com/louislam/uptime-kuma 7 https://github.com/matrix-org/matrix-appservice-irc 7 https://github.com/matrix-org/matrix-react-sdk 7 https://github.com/ericcornelissen/shescape 7 https://github.com/jquery/jquery-ui 6 https://github.com/facebook/hermes 6 https://github.com/DIYgod/RSSHub 6 https://github.com/npm/node-tar 6 https://github.com/panva/jose 6 https://github.com/totaljs/framework 6 https://github.com/shenzhim/aaptjs 6 https://github.com/ionicabizau/parse-url 6 https://github.com/eclipse-theia/theia 6 https://github.com/vitejs/vite 5 https://github.com/openpgpjs/openpgpjs 5 https://github.com/markedjs/marked 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/npm/cli 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/handlebars-lang/handlebars.js 5 https://github.com/GoogleChrome/rendertron 5 https://github.com/apostrophecms/sanitize-html 5 https://github.com/gatsbyjs/gatsby 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/vega/vega 5 https://github.com/follow-redirects/follow-redirects 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/xCss/Valine 4 https://github.com/jonschlinkert/remarkable 4 https://github.com/mrvautin/expressCart 4 https://github.com/hapijs/hapi 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/PrismJS/prism 4 https://github.com/sidorares/node-mysql2 4 https://github.com/steveukx/git-js 4 https://github.com/cloudflare/workers-sdk 4 https://github.com/ofirdagan/cross-domain-local-storage 4 https://github.com/axios/axios 4 https://github.com/KaTeX/KaTeX 4 https://github.com/auth0/lock 4 https://github.com/Ylianst/MeshCentral 4 https://github.com/socketio/engine.io 4 https://github.com/balderdashy/sails 4 https://github.com/medialize/URI.js 4 https://github.com/medialize/uri.js 4 https://github.com/yarnpkg/yarn 4 https://github.com/auth0/node-jsonwebtoken 4 https://github.com/angular/angular.js 4 https://github.com/mde/ejs 4 https://github.com/fastify/fastify 4 https://github.com/npm/npm 4 https://github.com/Dogfalo/materialize 4 https://github.com/nodejs/llhttp 3 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3 https://github.com/highcharts/highcharts 3 https://github.com/neocotic/convert-svg 3 https://github.com/sveltejs/kit 3 https://github.com/node-fetch/node-fetch 3 https://github.com/libxmljs/libxmljs 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/kujirahand/nadesiko3 3 https://github.com/beerpwn/CVE 3 https://github.com/immerjs/immer 3 https://github.com/node-opcua/node-opcua 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/transloadit/uppy 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/nodemailer/nodemailer 3 https://github.com/n8n-io/n8n 3 https://github.com/postcss/postcss 3 https://github.com/MrRio/jsPDF 3 https://github.com/dwisiswant0/advisory 3 https://github.com/mozilla/node-convict 3 https://github.com/mongo-express/mongo-express 3 https://github.com/dojo/dojox 3 https://github.com/dojo/dojo 3 https://github.com/docsifyjs/docsify 3 https://github.com/mongodb/js-bson 3 https://github.com/facebook/react 3 https://github.com/moment/moment 3 https://github.com/nasa/openmct 3 https://github.com/renovatebot/renovate 3 https://github.com/RIAEvangelist/node-ipc 3 https://github.com/mermaid-js/mermaid 3 https://github.com/salesforce/tough-cookie 3 https://github.com/cure53/DOMPurify 3 https://github.com/gruntjs/grunt 3 https://github.com/NaturalIntelligence/fast-xml-parser 3 https://github.com/clientIO/joint 3 https://github.com/simpleledger/slpjs 3 https://github.com/mariocasciaro/object-path 3 https://github.com/ckeditor/ckeditor5 3 https://github.com/cisco/node-jose 3 https://github.com/chjj/marked 3 https://github.com/skoranga/node-dns-sync 3 https://github.com/Marak/colors.js 3 https://github.com/manuelstofer/json-pointer 3 https://github.com/socketio/socket.io-parser 3 https://github.com/soketi/soketi 3 https://github.com/hapijs/subtext 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/webpack/loader-utils 3 https://github.com/ua-parser/uap-core 3 https://github.com/adaltas/node-mixme 3 https://github.com/typeorm/typeorm 3 https://github.com/zeit/next.js 3 https://github.com/websockets/ws 3 https://github.com/vriteio/vrite 3 https://github.com/xmldom/xmldom 3 https://github.com/jarofghosts/glance 3 https://github.com/apostrophecms/apostrophe 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/jquery-validation/jquery-validation 3 https://github.com/josdejong/mathjs 3 https://github.com/zestedesavoir/zmarkdown 3 https://github.com/Automattic/mongoose 3 https://github.com/vanessa219/vditor 3 https://github.com/vendure-ecommerce/vendure 3 https://github.com/YMFE/yapi 3 https://github.com/matrix-org/matrix-appservice-bridge 2 https://github.com/jsuites/jsuites 2 https://github.com/mathjax/MathJax 2 https://github.com/codecov/codecov-node 2 https://github.com/cloudhead/node-static 2 https://github.com/jameswlane/status-board 2 https://github.com/shelljs/shelljs 2 https://github.com/commenthol/safer-eval 2 https://github.com/commenthol/serialize-to-js 2 https://github.com/vvakame/fs-git 2 https://github.com/senchalabs/connect 2 https://github.com/semantic-release/semantic-release 2 https://github.com/peerigon/angular-expressions 2 https://github.com/peterbraden/node-opencv 2 https://github.com/ahdinosaur/set-in 2 https://github.com/josdejong/jsoneditor 2 https://github.com/cronvel/tree-kit 2 https://github.com/karma-runner/karma 2 https://github.com/snyk/cli 2 https://github.com/Finastra/ssr-pages 2 https://github.com/manvel-khnkoyan/jpv 2 https://github.com/jonschlinkert/mixin-deep 2 https://github.com/jwadhams/json-logic-js 2 https://github.com/justmoon/node-bignum 2 https://github.com/chocobozzz/peertube 2 https://github.com/chriso/validator.js 2 https://github.com/christian-bromann/rgb2hex 2 https://github.com/sindresorhus/semver-regex 2 https://github.com/sindresorhus/is-svg 2 https://github.com/yahoo/serialize-javascript 2 https://github.com/aFarkas/lazysizes 2 https://github.com/jonschlinkert/set-value 2 https://github.com/markdown-it/markdown-it 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/julianhille/MuhammaraJS 2 https://github.com/marudor/libxmljs2 2 https://github.com/simonh1000/angular-http-server 2 https://github.com/jcubic/jquery.terminal 2 https://github.com/endojs/endo 2 https://github.com/vivaxy/here 2 https://github.com/Agoric/realms-shim 2 https://github.com/payloadcms/payload 2 https://github.com/guardian/html-janitor 2 https://github.com/mysqljs/mysql 2 https://github.com/froala/wysiwyg-editor 2 https://github.com/mithunsatheesh/node-rules 2 https://github.com/dfinity/agent-js 2 https://github.com/mozilla/pdf.js 2