Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm Security Advisories
Loading...
Moderate
Ecosystems: npm
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjdjYtZ3Z4My1tNTRt
Cross-Site Scripting in keystoneEcosystems: npm
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 6 years ago
Moderate
Ecosystems: npm
Packages: pannellum
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01MngtMjlwcS13M3Z2
Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscriptEcosystems: npm
Packages: pannellum
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: @workos-inc/authkit-nextjs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS0zNXczLTZxaGMtNDc0ds4AA6d0
@workos-inc/authkit-nextjs session replay vulnerabilityEcosystems: npm
Packages: @workos-inc/authkit-nextjs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: @builder.io/qwik-city
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 1 year ago
GSA_kwCzR0hTQS1jNTR3LTdqNWYteGc5OM4AAy-0
@builder.io/qwik-city Cross-Site Request Forgery vulnerabilityEcosystems: npm
Packages: @builder.io/qwik-city
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 10 months ago
GSA_kwCzR0hTQS00cWN2LXFmMzgtNWozas4AA04i
Unintentional leakage of private information via cross-origin websocket session hijackingEcosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: @okta/oidc-middleware
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 1 year ago
GSA_kwCzR0hTQS01OGg0LTltN20tajltNM4AAw0w
@okta/oidc-middlewareOpen Redirect vulnerabilityEcosystems: npm
Packages: @okta/oidc-middleware
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1NnAtYzhjZy1xNDM1
Open Redirect in Next.js versionsEcosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS01Z2htLWgyd3EtZzNtaM4AA2bp
Allocation of Resources Without Limits or Throttling in vriteio/vriteEcosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4ODktcm01ai1ocGdn
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionalityEcosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: tarteaucitronjs
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
GSA_kwCzR0hTQS1mNDRtLTY1aDMtOTl2Y84AA0kQ
tarteaucitron.js vulnerable to Cross-site ScriptingEcosystems: npm
Packages: tarteaucitronjs
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: @nextcloud/dialogs
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczZnEtM3YzZy1taDMy
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogsEcosystems: npm
Packages: @nextcloud/dialogs
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: @strapi/strapi
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
GSA_kwCzR0hTQS00dm04LWo5NWYtajZ2Nc4AAtYF
Strapi 4.1.12 Cross-site Scripting via crafted fileEcosystems: npm
Packages: @strapi/strapi
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Moderate
Ecosystems: npm
Packages: hexo
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 2 years ago
GSA_kwCzR0hTQS1xNTRyLXI5cHItdzdxds0Ylg
Hexo Vulnerable to XSSEcosystems: npm
Packages: hexo
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: express-openid-connect
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
GSA_kwCzR0hTQS03cmcyLXF4bWYtaGh4Oc0ahA
Session fixation in express-openid-connectEcosystems: npm
Packages: express-openid-connect
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 1 year ago
GSA_kwCzR0hTQS01cjlnLXFoNm0tanhmZs4AAxq9
CRLF Injection in Nodejs ‘undici’ via hostEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @mittwald/kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 year ago
GSA_kwCzR0hTQS1nMzV4LWo2amotOGc3as4AAzD2
@mittwald/kubernetes's secret contents leaked via debug loggingEcosystems: npm
Packages: @mittwald/kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxNzctN3A3ci04M3Jq
Directory Traversal in Next.jsEcosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 4 years ago
Moderate
Ecosystems: npm
Packages: react-native-mmkv
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 4 months ago
GSA_kwCzR0hTQS00amgzLTZqaHYtMm1ncM4AA4Tj
react-native-mmkv Insertion of Sensitive Information into Log File vulnerabilityEcosystems: npm
Packages: react-native-mmkv
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: cookie-signature
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkydm0td2ZtNS1teHZ2
cookie-signature Timing AttackEcosystems: npm
Packages: cookie-signature
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: semantic-release
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 2 years ago
GSA_kwCzR0hTQS14MnBnLW1qaHItMm01eM4AAreR
Exposure of Sensitive Information to an Unauthorized Actor in semantic-releaseEcosystems: npm
Packages: semantic-release
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 2 years ago
Moderate
Ecosystems: npm
Packages: mongo-express
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 2 years ago
GSA_kwCzR0hTQS1tMnIzLTg0OTItdng1Oc0WMw
Denial of Service (DoS) in mongo-expressEcosystems: npm
Packages: mongo-express
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzZjMtMjNycS1wamZw
npm CLI exposing sensitive information through logsEcosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS13bTR3LTdoMnEtM3BmN84AA67l
Matrix IRC Bridge truncated content of messages can be leakedEcosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1aHctMjl4Ny05eDk1
Arbitrary File Read in Snyk BrokerEcosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: xmldom
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cTYtOWhxdy1yd2Z2
Misinterpretation of malicious XML inputEcosystems: npm
Packages: xmldom
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: gatsby
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 11 months ago
GSA_kwCzR0hTQS1jNmY4LThyMjUtYzRnY84AAzxd
Gatsby develop server has Local File Inclusion vulnerabilityEcosystems: npm
Packages: gatsby
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: @digitalbazaar/zcap
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 month ago
GSA_kwCzR0hTQS1ocDhoLTd4NjktNHdtds4AA63y
zcap has incomplete expiration checks in capability chains.Ecosystems: npm
Packages: @digitalbazaar/zcap
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: vega-util
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZod2gtcnF3Zi1jeHhy
Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-utilEcosystems: npm
Packages: vega-util
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: gatsby-plugin-sharp
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 year ago
GSA_kwCzR0hTQS1oMnBtLTM3OGMtcGN4eM4AAy5Z
Path traversal vulnerability in gatsby-plugin-sharpEcosystems: npm
Packages: gatsby-plugin-sharp
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: swagger-ui
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
GSA_kwCzR0hTQS1jcjNxLXBxZ3EtbThjMs0yWA
Spoofing attack in swagger-uiEcosystems: npm
Packages: swagger-ui
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4bTIteGoycS1xZ3Bq
receiving subscription objects with deleted sessionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 3 years ago
Moderate
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframesEcosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 1 year ago
GSA_kwCzR0hTQS1tdjQ4LWhjdmgtOGpqOM4AAuGt
Vitejs Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's serviceEcosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 1 year ago
Moderate
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elementsEcosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: xo-server, xo-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1ncnZtLWdjcWYtZ2g4cc4AApGy
Xen Orchestra Mishandles AuthorizationEcosystems: npm
Packages: xo-server, xo-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
Ecosystems: npm
Packages: swagger-ui
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg5cDItZnhxNi0ybTVm
Reverse Tabnapping in swagger-uiEcosystems: npm
Packages: swagger-ui
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 5 years ago
Moderate
Ecosystems: npm
Packages: socket.io
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4d2YtNHJxaC12OGcz
CORS misconfiguration in socket.ioEcosystems: npm
Packages: socket.io
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
GSA_kwCzR0hTQS01Z3d4LXdmOWctcjVteM4AAv2W
NodeBB vulnerable to Cross-Site Request ForgeryEcosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: Electron
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 2 years ago
GSA_kwCzR0hTQS02aDk4LWNmOWctdm1nMs4AAR20
Electron vulnerable to URL spoofing via PDFiumEcosystems: npm
Packages: Electron
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 1 year ago
GSA_kwCzR0hTQS1odnY4LTV2ODYtcjQ1eM4AAvHM
Improper beacon events in matrix-js-sdk can result in availability issuesEcosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 9 months ago
GSA_kwCzR0hTQS1jaDNjLXY0N3gtNHBncM4AA1i9
Cleartext Signed Message Signature Spoofing in openpgpEcosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1jcTdxLTVjNjctdzM5d84AAuzx
matrix-appservice-irc vulnerable to IRC mode parameter confusionEcosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 1 year ago
GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98
parse-server's session object properties can be updated by foreign user if object ID is knownEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: about 1 month ago
GSA_kwCzR0hTQS14NTY1LTMycXAtbTN2Zs4AA67m
phin may include sensitive headers in subsequent requests after redirectEcosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: @progfay/scrapbox-parser
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmaHctcjQycC01Yzdy
Regular expression Denial of Service in @progfay/scrapbox-parserEcosystems: npm
Packages: @progfay/scrapbox-parser
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: fastify
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 1 year ago
GSA_kwCzR0hTQS0zZmpqLXA3OWotYzloaM4AAv_I
Fastify: Incorrect Content-Type parsing can lead to CSRF attackEcosystems: npm
Packages: fastify
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: serialize-javascript
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cnYtam1tZi00cGd4
Cross-Site Scripting in serialize-javascriptEcosystems: npm
Packages: serialize-javascript
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: ezseed-transmission
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3ODgtcmozNy0zNTd3
Insecure Defaults Leads to Potential MITM in ezseed-transmissionEcosystems: npm
Packages: ezseed-transmission
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: over 3 years ago
Moderate
Ecosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 9 months ago
GSA_kwCzR0hTQS12eHZtLXF3dzMtMmZoN84AA1jJ
MongoDB Driver may publish events containing authentication-related dataEcosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: plupload
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
GSA_kwCzR0hTQS1ycDJjLWpyZ3AtY3ZyOM0ZGQ
Code injection in pluploadEcosystems: npm
Packages: plupload
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 year ago
GSA_kwCzR0hTQS04dmcyLXdmM3EtbXd2N84AAyQe
directus vulnerable to Insertion of Sensitive Information into Log FileEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: file-upload-with-preview
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 2 years ago
GSA_kwCzR0hTQS05N3B2LTQzMzgtcjV2cM0Vnw
Cross-site Scripting in file-upload-with-previewEcosystems: npm
Packages: file-upload-with-preview
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3OTYtZ2M5ai02M3J2
File upload local preview can run embedded scripts after user interactionEcosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: redbird
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5NDgtZmZjNi1qZzUy
Insecure Default Configuration in redbirdEcosystems: npm
Packages: redbird
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 5 years ago
Moderate
Ecosystems: npm
Packages: paypal-adaptive
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzcjItM2ZwNC1ycDQ2
Prototype pollution in paypal-adaptiveEcosystems: npm
Packages: paypal-adaptive
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 5 months ago
GSA_kwCzR0hTQS1mNmd2LWhoOGotcTh2cc4AA3yc
Named path parameters can be overridden in TrieRouterEcosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnNTctcDY5ci0zbTdw
Improper file handling in matrix-react-sdkEcosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: mermaid
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 2 years ago
GSA_kwCzR0hTQS14M3ZtLTM4aHctNTV3Zs4AAtGz
Possible inject arbitrary `CSS` into the generated graph affecting the container HTMLEcosystems: npm
Packages: mermaid
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 2 years ago
Moderate
Ecosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 6 months ago
GSA_kwCzR0hTQS00ZzZxLTc3ajctdnZqY84AA3hm
Logging of the firestore key within nodejs-firestoreEcosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: hbs
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmNWMtcnBmNC04NnA4
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbsEcosystems: npm
Packages: hbs
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
GSA_kwCzR0hTQS13cXE0LTV3cHYtbXgyZ84AA2eY
Undici's cookie header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 1 month ago
GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipelineEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 1 month ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 3 months ago
GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg
Undici proxy-authorization header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 3 months ago
Low
Ecosystems: npm
Packages: @diez/generation
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjM2YteDVmOS02aDYy
Command injection in @diez/generationEcosystems: npm
Packages: @diez/generation
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 2 years ago
Low
Ecosystems: npm
Packages: limdu
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3cXYtZ2g2Zi1wZ2g0
Command Injection in LimduEcosystems: npm
Packages: limdu
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 4 years ago
Low
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumventedEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 2 years ago
GSA_kwCzR0hTQS1xNzY4LXg5bTYtbTlxcM4AAtkI
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirectEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 2 years ago
Low
Ecosystems: npm
Packages: jquery.terminal
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 2 years ago
GSA_kwCzR0hTQS14OXI1LWp4dnEtNDM4N80g-g
jquery.terminal self XSS on user inputEcosystems: npm
Packages: jquery.terminal
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: striptags
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4ZzUtMnFmZi1wNDly
Passing in a non-string 'html' argument can lead to unsanitized outputEcosystems: npm
Packages: striptags
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 3 years ago
Low
Ecosystems: npm
Packages: webpack-subresource-integrity
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmYzQtY2hnNy1oOGdo
Unprotected dynamically loaded chunksEcosystems: npm
Packages: webpack-subresource-integrity
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: over 3 years ago
Low
Ecosystems: npm
Packages: dijit
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4amMtcjJmcC03bXE2
Cross-site Scripting in dijit editor's LinkDialog pluginEcosystems: npm
Packages: dijit
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 4 years ago
Low
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cGotY3g3Zy04NThj
Regular Expression Denial of Service in debugEcosystems: npm
Packages: debug
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: almost 6 years ago
Low
Ecosystems: npm
Packages: jsx-slack
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 2 years ago
GSA_kwCzR0hTQS01NXh2LWY4NWMtMjQ4cc0c0w
Regular Expression Denial of Service (ReDoS) in jsx-slackEcosystems: npm
Packages: jsx-slack
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 2 years ago
Low
Ecosystems: npm
Packages: @aedart/support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS13d3hoLTc0ZngtMzNjNs4AAzCl
Possible prototype pollution in metadata record, when using meta decoratorEcosystems: npm
Packages: @aedart/support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
Ecosystems: npm
Packages: ircdkit
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cjMtcDg2Ni1xOXFy
ircdkit vulnerable to Denial of Service due to unhandled connection end eventEcosystems: npm
Packages: ircdkit
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 5 years ago
Low
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) VulnerabilityEcosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
Low
Ecosystems: npm
Packages: braces
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5NWYtcDI5cS05eHc0
Regular Expression Denial of Service in bracesEcosystems: npm
Packages: braces
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: almost 5 years ago
Low
Ecosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
GSA_kwCzR0hTQS1ydmdtLTM1anctcTYyOM4AAujy
Improper Control of Generation of Code ('Code Injection') in mdx-mermaidEcosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
Low
Ecosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1tM2Y0LTk1N3gtbTc4Nc4AA5OZ
lambda-middleware Inefficient Regular Expression Complexity vulnerabilityEcosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
Ecosystems: npm
Packages: @actions/core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1md2gtNW0yMy1qNDZ3
Environment Variable Injection in GitHub ActionsEcosystems: npm
Packages: @actions/core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 3 years ago
Low
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1jN2hoLTN2NmMtZmo0cc4AA1De
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged roomsEcosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scriptingEcosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
Low
Ecosystems: npm
Packages: sequelize-cli
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4YzcteGc2Ny1wdzk5
Sensitive Data Exposure in sequelize-cliEcosystems: npm
Packages: sequelize-cli
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 5 years ago
Low
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew
Renderers can obtain access to random bluetooth device without permission in ElectronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Low
Ecosystems: npm
Packages: @zowe/imperative
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
GSA_kwCzR0hTQS02cThtLTQycXEtNjRyN84AAx4s
Imperative CLI vulnerable to Command InjectionEcosystems: npm
Packages: @zowe/imperative
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
Low
Ecosystems: npm
Packages: web3
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3djctcWhmdi1ycXE4
Insecure Credential Storage in web3Ecosystems: npm
Packages: web3
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 5 years ago
Low
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1wNm1tLTI3Z3EtOXYzcM4AAt2a
next-auth before v4.10.2 and v3.29.9 leaks excessive information into logEcosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
Low
Ecosystems: npm
Packages: express-basic-auth
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzNXYtcXdxZy04N2pj
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparisonEcosystems: npm
Packages: express-basic-auth
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 5 years ago
Low
Ecosystems: npm
Packages: showdown
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bXEtM2NqNi1oNzM4
Reverse Tabnabbing in showdownEcosystems: npm
Packages: showdown
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 3 years ago
Low
Ecosystems: npm
Packages: serve-static
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzeDctZ2pteC1yMmZm
Open Redirect in serve-staticEcosystems: npm
Packages: serve-static
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 3 years ago
Low
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
GSA_kwCzR0hTQS0zZzdwLThxaHgtbWM4cs4AAz_2
Shescape potential environment variable exposure on Windows with CMDEcosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Low
Ecosystems: npm
Packages: @liquity/contracts
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoMnAtN3A4Ny1maGdo
Incorrect TCR calculation in batchLiquidateTroves() during Recovery ModeEcosystems: npm
Packages: @liquity/contracts
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: almost 3 years ago
Low
Ecosystems: npm
Packages: bootstrap-table
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 2 years ago
GSA_kwCzR0hTQS1tdzZxLTk4bXAtZzhnOM0W5Q
Cross-site Scripting in bootstrap-tableEcosystems: npm
Packages: bootstrap-table
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 2 years ago
Low
Ecosystems: npm
Packages: serialize-to-js
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmanEtOTN4ai0zZjNm
Cross-Site Scripting in serialize-to-jsEcosystems: npm
Packages: serialize-to-js
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 4 years ago
Low
Ecosystems: pypi, npm
Packages: request-util, fluture-node
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 2 years ago
GSA_kwCzR0hTQS0zMng2LXF2dzYtbXhqNM0vig
Forwarding of confidentials headers to third parties in fluture-nodeEcosystems: pypi, npm
Packages: request-util, fluture-node
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 2 years ago
Low
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUybXEtNmpjdi1qNzl4
User content sandbox can be confused into opening arbitrary documentsEcosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 3 years ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 1 month ago
GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrectEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 1 month ago
Low
Ecosystems: npm
Packages: firebase-tools
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 17 days ago
GSA_kwCzR0hTQS1yY20yLTIyZjMtcHF2M84AA7fu
Firebase vulnerable to CRSF attackEcosystems: npm
Packages: firebase-tools
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 17 days ago
Low
Ecosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cmMtcnd2Zi04cTVy
The `size` option isn't honored after following a redirect in node-fetchEcosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 3 years ago
Low
Ecosystems: npm
Packages: chownr
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2cnEtcmpjMi04NnYy
Time-of-check Time-of-use (TOCTOU) Race Condition in chownrEcosystems: npm
Packages: chownr
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1,400
Ecosystems: 12
Packages: 8,381
Repositories: 1,400
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
29
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
directus
18
sequelize
16
next
15
swagger-ui
14
tinymce
14
ghost
14
strapi
13
joplin
13
ckeditor4
13
undici
12
vm2
12
nodebb
11
handlebars
11
marked
11
angular
11
nocodb
10
@evershop/evershop
9
serve
9
next-auth
9
TinyMCE
9
tinymce/tinymce
9
node-forge
8
urijs
8
jsrsasign
8
express-cart
8
editor.md
8
validator
8
npm
8
@strapi/strapi
8
url-parse
8
tar
8
steal
8
systeminformation
8
bootstrap
8
matrix-js-sdk
8
org.webjars.npm:jquery
8
jquery
8
jquery-rails
8
total.js
7
sanitize-html
7
uptime-kuma
7
jquery-ui
7
jquery-ui-rails
7
matrix-appservice-irc
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
snyk-broker
7
jQuery
7
shescape
7
lodash
7
matrix-react-sdk
7
hermes-engine
7
hapi
7
safe-eval
6
aaptjs
6
rsshub
6
parse-url
6
lodash-es
5
total4
5
openpgp
5
sweetalert2
5
public
5
ejs
5
prismjs
5
vite
5
mongoose
5
dojo
5
yarn
5
vditor
5
ua-parser-js
5
@strapi/plugin-users-permissions
5
rendertron
5
xlsx
5
keystone
5
safer-eval
4
muhammara
4
remarkable
4
convert-svg-core
4
axios
4
hummus
4
simple-git
4
engine.io
4
jsonwebtoken
4
realms-shim
4
ws
4
fastify
4
katex
4
dompurify
4
apostrophe
4
vega
4
auth0-js
4
@keystone-6/core
4
materialize-css
4
moment
4
mongo-express
4
valine
4
mermaid
4
auth0-lock
4
@backstage/plugin-scaffolder-backend
4
qs
4
ecstatic
4
simple-markdown
4
generator-jhipster
4
mysql2
4
meshcentral
4
aws-iot-device-sdk-v2
4
glance
4
apollo-server-core
4
awsiotsdk
4
follow-redirects
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
ses
3
loader-utils
3
org.webjars.npm:xlsx
3
node-red-dashboard
3
notevil
3
object-path
3
passport-wsfed-saml2
3
js-yaml
3
grunt
3
jspdf
3
n8n
3
locutus
3
jointjs
3
codecov
3
feathers-sequelize
3
mysql
3
wrangler
3
yapi-vendor
3
@frangoteam/fuxa
3
ftp-srv
3
renovate
3
blamer
3
bootstrap
3
@ckeditor/ckeditor5-markdown-gfm
3
raneto
3
tough-cookie
3
froala-editor
3
highcharts
3
localhost-now
3
mixme
3
connect
3
jose
3
socket.io-file
3
fast-xml-parser
3
browserify-shim
3
slpjs
3
dns-sync
3
protobufjs
3
http-live-simulator
3
uap-core
3
xmldom
3
m-server
3
keycloak-connect
3
@strapi/utils
3
@cubejs-backend/api-gateway
3
nodemailer
3
slp-validate
3
apollo-server
3
node-opcua
3
postcss
3
jquery-validation
3
socket.io-parser
3
@backstage/techdocs-common
3
node-ipc
3
mathjs
3
node-jose
3
parsel
3
@uppy/companion
3
nadesiko3
3
convict
3
dojox
3
simplehttpserver
3
fuxa-server
3
mxgraph
3
statics-server
3
stimulsoft-dashboards-js
3
express-fileupload
3
node-fetch
3
xdLocalStorage
3
@hapi/subtext
3
subtext
3
@apollo/server
3
json-pointer
3
immer
3
serialize-to-js
3
buttle
3
typeorm
3
lodash.defaultsdeep
3
@vrite/sdk
3
@commercial/subtext
3
json-ptr
3
@sveltejs/kit
3
snyk
3
@soketi/soketi
3
ids-enterprise
3
Filter by Repository
https://github.com/parse-community/parse-server
29
https://github.com/electron/electron
25
https://github.com/strapi/strapi
21
https://github.com/OpenZeppelin/openzeppelin-contracts
20
https://github.com/directus/directus
17
https://github.com/sequelize/sequelize
16
https://github.com/tinymce/tinymce
14
https://github.com/swagger-api/swagger-ui
13
https://github.com/TryGhost/Ghost
12
https://github.com/backstage/backstage
12
https://github.com/laurent22/joplin
12
https://github.com/ckeditor/ckeditor4
12
https://github.com/patriksimek/vm2
12
https://github.com/nodejs/undici
12
https://github.com/NodeBB/NodeBB
11
https://github.com/vercel/next.js
11
https://github.com/jquery/jquery
10
https://github.com/nextauthjs/next-auth
10
https://github.com/keystonejs/keystone
10
https://github.com/nocodb/nocodb
10
https://github.com/evershopcommerce/evershop
9
https://github.com/stealjs/steal
8
https://github.com/kjur/jsrsasign
8
https://github.com/apollographql/apollo-server
8
https://github.com/pandao/editor.md
8
https://github.com/matrix-org/matrix-js-sdk
8
https://github.com/sebhildebrandt/systeminformation
8
https://github.com/digitalbazaar/forge
8
https://github.com/twbs/bootstrap
7
https://github.com/unshiftio/url-parse
7
https://github.com/lodash/lodash
7
https://github.com/louislam/uptime-kuma
7
https://github.com/matrix-org/matrix-appservice-irc
7
https://github.com/matrix-org/matrix-react-sdk
7
https://github.com/ericcornelissen/shescape
7
https://github.com/jquery/jquery-ui
6
https://github.com/facebook/hermes
6
https://github.com/DIYgod/RSSHub
6
https://github.com/npm/node-tar
6
https://github.com/panva/jose
6
https://github.com/totaljs/framework
6
https://github.com/shenzhim/aaptjs
6
https://github.com/ionicabizau/parse-url
6
https://github.com/eclipse-theia/theia
6
https://github.com/vitejs/vite
5
https://github.com/openpgpjs/openpgpjs
5
https://github.com/markedjs/marked
5
https://github.com/BlackFan/client-side-prototype-pollution
5
https://github.com/npm/cli
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/faisalman/ua-parser-js
5
https://github.com/handlebars-lang/handlebars.js
5
https://github.com/GoogleChrome/rendertron
5
https://github.com/apostrophecms/sanitize-html
5
https://github.com/gatsbyjs/gatsby
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/vega/vega
5
https://github.com/follow-redirects/follow-redirects
4
https://github.com/jhipster/generator-jhipster
4
https://github.com/xCss/Valine
4
https://github.com/jonschlinkert/remarkable
4
https://github.com/mrvautin/expressCart
4
https://github.com/hapijs/hapi
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/PrismJS/prism
4
https://github.com/sidorares/node-mysql2
4
https://github.com/steveukx/git-js
4
https://github.com/cloudflare/workers-sdk
4
https://github.com/ofirdagan/cross-domain-local-storage
4
https://github.com/axios/axios
4
https://github.com/KaTeX/KaTeX
4
https://github.com/auth0/lock
4
https://github.com/Ylianst/MeshCentral
4
https://github.com/socketio/engine.io
4
https://github.com/balderdashy/sails
4
https://github.com/medialize/URI.js
4
https://github.com/medialize/uri.js
4
https://github.com/yarnpkg/yarn
4
https://github.com/auth0/node-jsonwebtoken
4
https://github.com/angular/angular.js
4
https://github.com/mde/ejs
4
https://github.com/fastify/fastify
4
https://github.com/npm/npm
4
https://github.com/Dogfalo/materialize
4
https://github.com/nodejs/llhttp
3
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
3
https://github.com/highcharts/highcharts
3
https://github.com/neocotic/convert-svg
3
https://github.com/sveltejs/kit
3
https://github.com/node-fetch/node-fetch
3
https://github.com/libxmljs/libxmljs
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/kujirahand/nadesiko3
3
https://github.com/beerpwn/CVE
3
https://github.com/immerjs/immer
3
https://github.com/node-opcua/node-opcua
3
https://github.com/infor-design/enterprise-ng
3
https://github.com/transloadit/uppy
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/nodemailer/nodemailer
3
https://github.com/n8n-io/n8n
3
https://github.com/postcss/postcss
3
https://github.com/MrRio/jsPDF
3
https://github.com/dwisiswant0/advisory
3
https://github.com/mozilla/node-convict
3
https://github.com/mongo-express/mongo-express
3
https://github.com/dojo/dojox
3
https://github.com/dojo/dojo
3
https://github.com/docsifyjs/docsify
3
https://github.com/mongodb/js-bson
3
https://github.com/facebook/react
3
https://github.com/moment/moment
3
https://github.com/nasa/openmct
3
https://github.com/renovatebot/renovate
3
https://github.com/RIAEvangelist/node-ipc
3
https://github.com/mermaid-js/mermaid
3
https://github.com/salesforce/tough-cookie
3
https://github.com/cure53/DOMPurify
3
https://github.com/gruntjs/grunt
3
https://github.com/NaturalIntelligence/fast-xml-parser
3
https://github.com/clientIO/joint
3
https://github.com/simpleledger/slpjs
3
https://github.com/mariocasciaro/object-path
3
https://github.com/ckeditor/ckeditor5
3
https://github.com/cisco/node-jose
3
https://github.com/chjj/marked
3
https://github.com/skoranga/node-dns-sync
3
https://github.com/Marak/colors.js
3
https://github.com/manuelstofer/json-pointer
3
https://github.com/socketio/socket.io-parser
3
https://github.com/soketi/soketi
3
https://github.com/hapijs/subtext
3
https://github.com/jfhbrook/node-ecstatic
3
https://github.com/webpack/loader-utils
3
https://github.com/ua-parser/uap-core
3
https://github.com/adaltas/node-mixme
3
https://github.com/typeorm/typeorm
3
https://github.com/zeit/next.js
3
https://github.com/websockets/ws
3
https://github.com/vriteio/vrite
3
https://github.com/xmldom/xmldom
3
https://github.com/jarofghosts/glance
3
https://github.com/apostrophecms/apostrophe
3
https://github.com/auth0/passport-wsfed-saml2
3
https://github.com/jquery-validation/jquery-validation
3
https://github.com/josdejong/mathjs
3
https://github.com/zestedesavoir/zmarkdown
3
https://github.com/Automattic/mongoose
3
https://github.com/vanessa219/vditor
3
https://github.com/vendure-ecommerce/vendure
3
https://github.com/YMFE/yapi
3
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/jsuites/jsuites
2
https://github.com/mathjax/MathJax
2
https://github.com/codecov/codecov-node
2
https://github.com/cloudhead/node-static
2
https://github.com/jameswlane/status-board
2
https://github.com/shelljs/shelljs
2
https://github.com/commenthol/safer-eval
2
https://github.com/commenthol/serialize-to-js
2
https://github.com/vvakame/fs-git
2
https://github.com/senchalabs/connect
2
https://github.com/semantic-release/semantic-release
2
https://github.com/peerigon/angular-expressions
2
https://github.com/peterbraden/node-opencv
2
https://github.com/ahdinosaur/set-in
2
https://github.com/josdejong/jsoneditor
2
https://github.com/cronvel/tree-kit
2
https://github.com/karma-runner/karma
2
https://github.com/snyk/cli
2
https://github.com/Finastra/ssr-pages
2
https://github.com/manvel-khnkoyan/jpv
2
https://github.com/jonschlinkert/mixin-deep
2
https://github.com/jwadhams/json-logic-js
2
https://github.com/justmoon/node-bignum
2
https://github.com/chocobozzz/peertube
2
https://github.com/chriso/validator.js
2
https://github.com/christian-bromann/rgb2hex
2
https://github.com/sindresorhus/semver-regex
2
https://github.com/sindresorhus/is-svg
2
https://github.com/yahoo/serialize-javascript
2
https://github.com/aFarkas/lazysizes
2
https://github.com/jonschlinkert/set-value
2
https://github.com/markdown-it/markdown-it
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/julianhille/MuhammaraJS
2
https://github.com/marudor/libxmljs2
2
https://github.com/simonh1000/angular-http-server
2
https://github.com/jcubic/jquery.terminal
2
https://github.com/endojs/endo
2
https://github.com/vivaxy/here
2
https://github.com/Agoric/realms-shim
2
https://github.com/payloadcms/payload
2
https://github.com/guardian/html-janitor
2
https://github.com/mysqljs/mysql
2
https://github.com/froala/wysiwyg-editor
2
https://github.com/mithunsatheesh/node-rules
2
https://github.com/dfinity/agent-js
2
https://github.com/mozilla/pdf.js
2