Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm Security Advisories
Loading...
Moderate
Ecosystems: maven, nuget, npm, pypi, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, django, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 135.8
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjM2otYzY0bS1xaGdx
XSS in jQuery as used in Drupal, Backdrop CMS, and other productsEcosystems: maven, nuget, npm, pypi, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, django, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 135.8
Published: about 5 years ago
High
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTableEcosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
High
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 129.0
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ocHAtODc1dy05Y3B2
Denial of Service in jqueryEcosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 129.0
Published: over 6 years ago
Critical
Ecosystems: rubygems, npm
Packages: uglifier, uglify-js
Source: GitHub Advisory Database
Blast Radius: 119.3
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0cjctcTQ5Zi1oMzdj
Incorrect Handling of Non-Boolean Comparisons During Minification in uglify-jsEcosystems: rubygems, npm
Packages: uglifier, uglify-js
Source: GitHub Advisory Database
Blast Radius: 119.3
Published: over 6 years ago
Moderate
Ecosystems: maven, nuget, rubygems, npm
Packages: org.webjars.npm:jquery, jQuery, jquery-rails, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwY3EtY2d3Ni12NGo2
Potential XSS vulnerability in jQueryEcosystems: maven, nuget, rubygems, npm
Packages: org.webjars.npm:jquery, jQuery, jquery-rails, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
Moderate
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cjQteGpqNS01cHgy
Potential XSS vulnerability in jQueryEcosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
Moderate
Ecosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJteGctNzNnZy00cDk4
Cross-Site Scripting (XSS) in jqueryEcosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 6 years ago
Moderate
Ecosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
GSA_kwCzR0hTQS0yNTdxLXB2ODktdjN4ds4AA0D1
jQuery Cross Site Scripting vulnerabilityEcosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
Moderate
Ecosystems: maven, rubygems, nuget, npm
Packages: org.webjars.npm:jquery, jquery-rails, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0bTMtMmo3aC1mN3h3
Cross-Site Scripting in jqueryEcosystems: maven, rubygems, nuget, npm
Packages: org.webjars.npm:jquery, jquery-rails, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: almost 4 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-rails, jQuery, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwcWotaDN2ai1wcWd3
Cross-Site Scripting in jqueryEcosystems: rubygems, nuget, maven, npm
Packages: jquery-rails, jQuery, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 3 years ago
Moderate
Ecosystems: rubygems, npm, nuget
Packages: twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: GitHub Advisory Database
Blast Radius: 99.3
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2M20tOGZwOC1tajk5
Bootstrap Vulnerable to Cross-Site ScriptingEcosystems: rubygems, npm, nuget
Packages: twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: GitHub Advisory Database
Blast Radius: 99.3
Published: about 5 years ago
Critical
Ecosystems: npm, rubygems
Packages: handlebars, bootstrap-wysihtml5-rails
Source: GitHub Advisory Database
Blast Radius: 87.7
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0NTctNnE2eC1jZ3A5
Prototype Pollution in handlebarsEcosystems: npm, rubygems
Packages: handlebars, bootstrap-wysihtml5-rails
Source: GitHub Advisory Database
Blast Radius: 87.7
Published: over 4 years ago
Moderate
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerabilityEcosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Critical
Ecosystems: maven, npm
Packages: org.webjars.bowergithub.wycats:handlebars.js, org.webjars.npm:handlebars, org.webjars:handlebars, handlebars
Source: GitHub Advisory Database
Blast Radius: 79.2
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanYtcjlyZi03OTg4
Remote code execution in handlebars when compiling templatesEcosystems: maven, npm
Packages: org.webjars.bowergithub.wycats:handlebars.js, org.webjars.npm:handlebars, org.webjars:handlebars, handlebars
Source: GitHub Advisory Database
Blast Radius: 79.2
Published: almost 3 years ago
Critical
Ecosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: 7 months ago
GSA_kwCzR0hTQS04cjZqLXY4cG0tZnF3M84AA2SB
Code injection in fseventsEcosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: 7 months ago
Moderate
Ecosystems: pypi, nuget, packagist, npm
Packages: django-tinymce, TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: over 2 years ago
GSA_kwCzR0hTQS1yOGhtLXc1Zjctd2ozOc0Wzg
Cross-site scripting vulnerability in TinyMCE pluginsEcosystems: pypi, nuget, packagist, npm
Packages: django-tinymce, TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: set-value
Source: GitHub Advisory Database
Blast Radius: 64.5
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnODgtZnBwci01M3Bw
Prototype Pollution in set-valueEcosystems: npm
Packages: set-value
Source: GitHub Advisory Database
Blast Radius: 64.5
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 64.1
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2NGMtcDJqNS0zOGo0
Open Redirect in url-parseEcosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 64.1
Published: over 5 years ago
Moderate
Ecosystems: rubygems, npm
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: almost 2 years ago
GSA_kwCzR0hTQS0zd3FmLTR4ODktOWc3Oc3uvQ
Bootstrap vulnerable to Cross-Site Scripting (XSS)Ecosystems: rubygems, npm
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: almost 2 years ago
Moderate
Ecosystems: npm, rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtdnItNXgyZy13ZmM4
Bootstrap Cross-site Scripting vulnerabilityEcosystems: npm, rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: deep-extend
Source: GitHub Advisory Database
Blast Radius: 63.3
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyMnYtMzk1Mi02MzNx
Prototype Pollution in deep-extendEcosystems: npm
Packages: deep-extend
Source: GitHub Advisory Database
Blast Radius: 63.3
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: eslint-utils
Source: GitHub Advisory Database
Blast Radius: 62.9
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNneDcteGh2Ny01bXgz
Arbitrary Code Execution in eslint-utilsEcosystems: npm
Packages: eslint-utils
Source: GitHub Advisory Database
Blast Radius: 62.9
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: babel-traverse, @babel/traverse
Source: GitHub Advisory Database
Blast Radius: 62.6
Published: 7 months ago
GSA_kwCzR0hTQS02N2h4LTZ4NTMtanc5Ms4AA2eW
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeEcosystems: npm
Packages: babel-traverse, @babel/traverse
Source: GitHub Advisory Database
Blast Radius: 62.6
Published: 7 months ago
Critical
Ecosystems: npm
Packages: shell-quote
Source: GitHub Advisory Database
Blast Radius: 62.4
Published: almost 2 years ago
GSA_kwCzR0hTQS1nNHJnLTk5M3ItbWd4N84AAqZr
Improper Neutralization of Special Elements used in a Command in Shell-quoteEcosystems: npm
Packages: shell-quote
Source: GitHub Advisory Database
Blast Radius: 62.4
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: shell-quote
Source: GitHub Advisory Database
Blast Radius: 62.4
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnOHAtdjlxNC1naDM0
Potential Command Injection in shell-quoteEcosystems: npm
Packages: shell-quote
Source: GitHub Advisory Database
Blast Radius: 62.4
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: minimist
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: about 2 years ago
GSA_kwCzR0hTQS14dmNoLTVndjQtOTg0aM0z6A
Prototype Pollution in minimistEcosystems: npm
Packages: minimist
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 61.1
Published: over 1 year ago
GSA_kwCzR0hTQS03NnAzLThqeDMtanBmcc4AAvTd
Prototype pollution in webpack loader-utilsEcosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 61.1
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: json-schema
Source: GitHub Advisory Database
Blast Radius: 60.7
Published: over 2 years ago
GSA_kwCzR0hTQS04OTZyLWYyN3ItNTVtd80XPA
json-schema is vulnerable to Prototype PollutionEcosystems: npm
Packages: json-schema
Source: GitHub Advisory Database
Blast Radius: 60.7
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Blast Radius: 60.6
Published: about 2 years ago
GSA_kwCzR0hTQS1waHdxLWo5Nm0tMmMycc1A-A
ejs template injection vulnerabilityEcosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Blast Radius: 60.6
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Blast Radius: 60.6
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3NXYtcDU0Yy1mNzR4
ejs is vulnerable to remote code execution due to weak input validationEcosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Blast Radius: 60.6
Published: over 6 years ago
Critical
Ecosystems: npm
Packages: immer
Source: GitHub Advisory Database
Blast Radius: 60.5
Published: over 2 years ago
GSA_kwCzR0hTQS0zM2Y5LWo4MzktcmY4aM0VjA
Prototype Pollution in immerEcosystems: npm
Packages: immer
Source: GitHub Advisory Database
Blast Radius: 60.5
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 60.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2d2YtNDM2bS1oNDI0
Resource Exhaustion Denial of Service in http-proxy-agentEcosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 60.4
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 59.8
Published: over 1 year ago
GSA_kwCzR0hTQS1xbTk1LXBnY2ctcXFmcc4AAvix
Insufficient validation when decoding a Socket.IO packetEcosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 59.8
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 59.8
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2NWgtcWp4di01ZjQ0
Prototype Pollution in handlebarsEcosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 59.8
Published: about 2 years ago
High
Ecosystems: npm
Packages: klona
Source: GitHub Advisory Database
Blast Radius: 59.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmODktMmZ3ai01djVy
Improper Input Validation in klonaEcosystems: npm
Packages: klona
Source: GitHub Advisory Database
Blast Radius: 59.4
Published: about 3 years ago
Critical
Ecosystems: npm
Packages: eventsource
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: almost 2 years ago
GSA_kwCzR0hTQS02aDV4LTdjNW0tN2NyN83l_g
Exposure of Sensitive Information in eventsourceEcosystems: npm
Packages: eventsource
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: almost 2 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
GSA_kwCzR0hTQS1ncHFxLTk1MnEtNTMyN80Wtg
XSS in the `of` option of the `.position()` util in jquery-uiEcosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
GSA_kwCzR0hTQS1qN3F2LXBnZjYtaHZoNM0Wtw
XSS in `*Text` options of the Datepicker widget in jquery-uiEcosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-ui-rails, org.webjars.npm:jquery-ui, jQuery.UI.Combined, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
GSA_kwCzR0hTQS05Z2ozLWh3cDUtcG13Y80WtQ
XSS in the `altField` option of the Datepicker widget in jquery-uiEcosystems: rubygems, maven, nuget, npm
Packages: jquery-ui-rails, org.webjars.npm:jquery-ui, jQuery.UI.Combined, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: 10 months ago
GSA_kwCzR0hTQS05bTkzLXc4dzYtNzZoaM4AA0uj
Mongoose Prototype Pollution vulnerabilityEcosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: 10 months ago
Critical
Ecosystems: npm
Packages: xmlhttprequest-ssl, xmlhttprequest
Source: GitHub Advisory Database
Blast Radius: 59.1
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0ajUtYzdjai03NHhn
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code InjectionEcosystems: npm
Packages: xmlhttprequest-ssl, xmlhttprequest
Source: GitHub Advisory Database
Blast Radius: 59.1
Published: almost 3 years ago
Critical
Ecosystems: npm
Packages: tree-kill
Source: GitHub Advisory Database
Blast Radius: 59.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1qN2ZxLXA5cTctNXdmds4AAjAY
Treekill Enables OS Command InjectionEcosystems: npm
Packages: tree-kill
Source: GitHub Advisory Database
Blast Radius: 59.1
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: morgan
Source: GitHub Advisory Database
Blast Radius: 58.7
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3Zzktcmd2ai00aDVq
Code Injection in morganEcosystems: npm
Packages: morgan
Source: GitHub Advisory Database
Blast Radius: 58.7
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: mixin-deep
Source: GitHub Advisory Database
Blast Radius: 58.7
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZoamYtODN3Zy1yMmo5
Prototype Pollution in mixin-deepEcosystems: npm
Packages: mixin-deep
Source: GitHub Advisory Database
Blast Radius: 58.7
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: merge-deep
Source: GitHub Advisory Database
Blast Radius: 58.5
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2cmotOWNoNi1nMjY0
Prototype pollution in Merge-deepEcosystems: npm
Packages: merge-deep
Source: GitHub Advisory Database
Blast Radius: 58.5
Published: almost 3 years ago
Critical
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 58.4
Published: about 2 years ago
GSA_kwCzR0hTQS1oZ2poLTcyM2gtbXgyas0t5g
Authorization Bypass Through User-Controlled Key in url-parseEcosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 58.4
Published: about 2 years ago
Moderate
Ecosystems: packagist, npm
Packages: typo3/cms, typo3/cms-core, bootstrap
Source: GitHub Advisory Database
Blast Radius: 58.1
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqN20tZzUzbS03NjM4
Bootstrap Cross-site Scripting vulnerabilityEcosystems: packagist, npm
Packages: typo3/cms, typo3/cms-core, bootstrap
Source: GitHub Advisory Database
Blast Radius: 58.1
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 58.0
Published: over 1 year ago
GSA_kwCzR0hTQS1oOGhmLXgzZjQteHdncM4AAugJ
Mongoose Vulnerable to Prototype Pollution in Schema ObjectEcosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 58.0
Published: over 1 year ago
Critical
Ecosystems: maven, npm
Packages: org.webjars.npm:thenify, thenify
Source: GitHub Advisory Database
Blast Radius: 57.8
Published: almost 2 years ago
GSA_kwCzR0hTQS0yOXhyLXY0Mmotcjk1Ns4AAtcx
thenify before 3.3.1 made use of unsafe calls to `eval`.Ecosystems: maven, npm
Packages: org.webjars.npm:thenify, thenify
Source: GitHub Advisory Database
Blast Radius: 57.8
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: bson
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4dzktMjc4OS02aGhy
Deserialization of Untrusted Data in bsonEcosystems: npm
Packages: bson
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: almost 3 years ago
Critical
Ecosystems: npm
Packages: underscore
Source: GitHub Advisory Database
Blast Radius: 57.5
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmNGgtM2poeC14dmhx
Arbitrary Code Execution in underscoreEcosystems: npm
Packages: underscore
Source: GitHub Advisory Database
Blast Radius: 57.5
Published: almost 3 years ago
Critical
Ecosystems: npm
Packages: lodash.defaultsdeep, lodash-amd, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 57.2
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmODUtY3BjcC1qNjk1
Prototype Pollution in lodashEcosystems: npm
Packages: lodash.defaultsdeep, lodash-amd, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 57.2
Published: almost 5 years ago
High
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 57.0
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyeGotbXFwNy12bWNq
Prototype Pollution in node-forgeEcosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 57.0
Published: over 3 years ago
Critical
Ecosystems: npm
Packages: xmlhttprequest-ssl
Source: GitHub Advisory Database
Blast Radius: 56.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcybWgtMjY5eC03bWg1
Improper Certificate Validation in xmlhttprequest-sslEcosystems: npm
Packages: xmlhttprequest-ssl
Source: GitHub Advisory Database
Blast Radius: 56.7
Published: almost 3 years ago
Critical
Ecosystems: npm
Packages: cryptiles
Source: GitHub Advisory Database
Blast Radius: 56.5
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxOGctNXBjNS13cmhy
Insufficient Entropy in cryptilesEcosystems: npm
Packages: cryptiles
Source: GitHub Advisory Database
Blast Radius: 56.5
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: eslint-scope, eslint-config-eslint
Source: GitHub Advisory Database
Blast Radius: 56.4
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4eGYtcTN3OS00eGd3
Malicious Package in eslint-scopeEcosystems: npm
Packages: eslint-scope, eslint-config-eslint
Source: GitHub Advisory Database
Blast Radius: 56.4
Published: almost 6 years ago
Critical
Ecosystems: npm
Packages: https-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 56.4
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThnN3AtNzRoOC1oZzQ4
Denial of Service in https-proxy-agentEcosystems: npm
Packages: https-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 56.4
Published: almost 6 years ago
Critical
Ecosystems: npm
Packages: growl
Source: GitHub Advisory Database
Blast Radius: 56.0
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoMmgtY2hqOS1qZmZx
Growl before 1.10.0 vulnerable to Command InjectionEcosystems: npm
Packages: growl
Source: GitHub Advisory Database
Blast Radius: 56.0
Published: almost 6 years ago
Moderate
Ecosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwY2YtOHZmOS1xNGdq
jQuery-UI vulnerable to Cross-site Scripting in dialog closeTextEcosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Moderate
Ecosystems: nuget, rubygems, maven, npm
Packages: jQuery.UI.Combined, jquery-ui-rails, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
GSA_kwCzR0hTQS1oNmdqLTZqanEtaDhnOc4AAtcw
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text labelEcosystems: nuget, rubygems, maven, npm
Packages: jQuery.UI.Combined, jquery-ui-rails, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjbTItOWM4OS13bWZt
Cross-site Scripting in jquery-uiEcosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Critical
Ecosystems: npm
Packages: flat
Source: GitHub Advisory Database
Blast Radius: 55.3
Published: over 1 year ago
GSA_kwCzR0hTQS0yajJ4LTJncHctZzhmbc4AAwl4
flat vulnerable to Prototype PollutionEcosystems: npm
Packages: flat
Source: GitHub Advisory Database
Blast Radius: 55.3
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: plist
Source: GitHub Advisory Database
Blast Radius: 55.3
Published: about 2 years ago
GSA_kwCzR0hTQS00Y3BnLTN2Z3ctNDg3N80s1Q
Prototype pollution in Plist before 3.0.5 can cause denial of serviceEcosystems: npm
Packages: plist
Source: GitHub Advisory Database
Blast Radius: 55.3
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: atob
Source: GitHub Advisory Database
Blast Radius: 55.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3NGgtM2NtMy0ycG0y
Out-of-bounds Read in atobEcosystems: npm
Packages: atob
Source: GitHub Advisory Database
Blast Radius: 55.2
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 55.2
Published: over 1 year ago
GSA_kwCzR0hTQS1jcmg2LWZwNjctNjg4M84AAvn0
xmldom allows multiple root nodes in a DOMEcosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 55.2
Published: over 1 year ago
High
Ecosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 55.1
Published: over 2 years ago
GSA_kwCzR0hTQS1yNjgzLWoyeDQtdjg3Z80j_w
node-fetch forwards secure headers to untrusted sitesEcosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 55.1
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 54.7
Published: 10 months ago
GSA_kwCzR0hTQS1oNzU1LThxcDktY3E4Nc4AA0Nr
protobufjs Prototype Pollution vulnerabilityEcosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 54.7
Published: 10 months ago
Critical
Ecosystems: npm
Packages: simple-plist
Source: GitHub Advisory Database
Blast Radius: 54.0
Published: about 2 years ago
GSA_kwCzR0hTQS1nZmY3LWc1cjgtbWc4bc01GA
Prototype Pollution in simple-plistEcosystems: npm
Packages: simple-plist
Source: GitHub Advisory Database
Blast Radius: 54.0
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 53.9
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2ODctdnY5ai1oZ3Bo
Improper Input Validation in Automattic MongooseEcosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 53.9
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: gh-pages
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 1 year ago
GSA_kwCzR0hTQS04bW1tLTl2MnEteDNmOc4AAvPk
tschaub gh-pages vulnerable to prototype pollutionEcosystems: npm
Packages: gh-pages
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: flatmap-stream, event-stream
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNmYtOGoyeC00NDgz
Critical severity vulnerability that affects event-stream and flatmap-streamEcosystems: npm
Packages: flatmap-stream, event-stream
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 53.6
Published: about 2 years ago
GSA_kwCzR0hTQS05N20zLXcyY3AtNHh4Ns0zNw
Embedded Malicious Code in node-ipcEcosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 53.6
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: decompress
Source: GitHub Advisory Database
Blast Radius: 53.4
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnZnItNWhxcC12cnc5
Path Traversal in decompressEcosystems: npm
Packages: decompress
Source: GitHub Advisory Database
Blast Radius: 53.4
Published: over 3 years ago
Critical
Ecosystems: npm
Packages: constantinople
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2bW0tbWhjcS00eDlq
Sandbox Bypass Leading to Arbitrary Code Execution in constantinopleEcosystems: npm
Packages: constantinople
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 5 years ago
High
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqZnEtZzQ1OC03cW05
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitizationEcosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
High
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxODktaHEzZi0zOTNw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic linksEcosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
High
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2MjgtbWhtaC1xamh3
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoningEcosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
High
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5NTUtOXdwci0zN2po
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitizationEcosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
High
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyMnctMzk0di01M3Fj
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic linksEcosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: pg
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjOXYtbWo2My1tOWc1
Remote Code Execution in pgEcosystems: npm
Packages: pg
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 6 years ago
High
Ecosystems: npm
Packages: websocket-extensions
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3OG0tMmNobS1yN3F2
Regular Expression Denial of Service in websocket-extensions (NPM package)Ecosystems: npm
Packages: websocket-extensions
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: almost 4 years ago
Critical
Ecosystems: npm
Packages: logkitty
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4djgtNjg1OS1xeG00
Arbitrary shell command execution in logkittyEcosystems: npm
Packages: logkitty
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: almost 4 years ago
Critical
Ecosystems: npm
Packages: sequelize, @sequelize/core
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
GSA_kwCzR0hTQS1mNTk4LW1mcHYtZ21meM4AAxzf
Sequelize - Default support for “raw attributes” when using parenthesesEcosystems: npm
Packages: sequelize, @sequelize/core
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: @sequelize/core, sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
GSA_kwCzR0hTQS12cWZ4LWdqOTYtM3c5Nc4AAxyK
Unsafe fall-through in getWhereConditionsEcosystems: npm
Packages: @sequelize/core, sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
GSA_kwCzR0hTQS13cmg5LWNqdjMtMmhwd84AAxxu
Sequelize vulnerable to SQL Injection via replacementsEcosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
High
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 2 years ago
GSA_kwCzR0hTQS1wandtLXJ2aDItYzg3d80Wrw
Embedded malware in ua-parser-jsEcosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 2 years ago
High
Ecosystems: npm
Packages: mixin-deep
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtcHItaHEzcC00OWg5
Prototype Pollution in mixin-deepEcosystems: npm
Packages: mixin-deep
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: almost 6 years ago
High
Ecosystems: npm
Packages: merge-deep
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnOXctaG12ai01aDU3
Prototype Pollution in merge-deepEcosystems: npm
Packages: merge-deep
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: almost 6 years ago
Critical
Ecosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4d3ctajRmYy00MzVw
Command injection in nodemailerEcosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 3 years ago
Critical
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
GSA_kwCzR0hTQS0zMjdjLXF4M3YtaDY3M84AAmKw
Always-Incorrect Control Flow Implementation in Facebook HermesEcosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
GSA_kwCzR0hTQS1tcGg4LTY3ODctcjhod84AAo3T
Use After Free in HermesEcosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
GSA_kwCzR0hTQS1mNXgyLXh2OTMtNHAyM84AAl0M
Access of Resource Using Incompatible Type in Facebook HermesEcosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: over 2 years ago
GSA_kwCzR0hTQS03bWhjLXByZ3YtcjNxNM0j-w
Access of Resource Using Incompatible Type in HermesEcosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: over 2 years ago
High
Ecosystems: npm, rubygems
Packages: chartkick
Source: GitHub Advisory Database
Blast Radius: 52.1
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwbTgtNDkyYy05MnA1
Prototype Pollution in chartkickEcosystems: npm, rubygems
Packages: chartkick
Source: GitHub Advisory Database
Blast Radius: 52.1
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 52.0
Published: almost 2 years ago
GSA_kwCzR0hTQS03ZjN4LXg0cHItd3Foas4AAtA8
Server-Side Request Forgery in parse-urlEcosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 52.0
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1OTgtMmY1OS1ybWhx
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05anctMjM3ci1ndmZ2
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2OWgtcTNnai1jMzJ4
SQL Injection via GeoJSON in sequelizeEcosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 3 years ago
Critical
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5eHAtOTJ2Yy01NTlq
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 4 years ago
High
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 3 months ago
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtrackingEcosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 3 months ago
Statistics
Advisories: 18,312
Packages: 8,276
Repositories: 1,390
Ecosystems: 12
Packages: 8,276
Repositories: 1,390
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
29
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
sequelize
16
directus
16
tinymce
14
swagger-ui
14
ghost
14
next
13
joplin
13
strapi
13
ckeditor4
13
undici
12
vm2
12
angular
11
marked
11
handlebars
11
nodebb
11
TinyMCE
9
tinymce/tinymce
9
@evershop/evershop
9
serve
9
org.webjars.npm:jquery
9
jquery-rails
9
jquery
9
next-auth
9
node-forge
8
url-parse
8
express-cart
8
bootstrap
8
jsrsasign
8
tar
8
validator
8
steal
8
@strapi/strapi
8
editor.md
8
urijs
8
npm
8
jQuery
8
systeminformation
8
matrix-js-sdk
8
org.webjars.npm:jquery-ui
7
jquery-ui-rails
7
jquery-ui
7
jQuery.UI.Combined
7
hapi
7
matrix-appservice-irc
7
nocodb
7
lodash
7
snyk-broker
7
shescape
7
matrix-react-sdk
7
total.js
7
sanitize-html
7
hermes-engine
7
uptime-kuma
7
parse-url
6
rsshub
6
aaptjs
6
safe-eval
6
ejs
5
prismjs
5
vite
5
keystone
5
xlsx
5
yarn
5
public
5
openpgp
5
@strapi/plugin-users-permissions
5
dojo
5
sweetalert2
5
lodash-es
5
total4
5
ua-parser-js
5
rendertron
5
mongoose
5
moment
4
ws
4
vega
4
apostrophe
4
axios
4
safer-eval
4
dompurify
4
mysql2
4
vditor
4
realms-shim
4
@keystone-6/core
4
fastify
4
@backstage/plugin-scaffolder-backend
4
meshcentral
4
follow-redirects
4
simple-git
4
simple-markdown
4
katex
4
engine.io
4
hummus
4
muhammara
4
remarkable
4
materialize-css
4
auth0-lock
4
apollo-server-core
4
auth0-js
4
convert-svg-core
4
ecstatic
4
generator-jhipster
4
mermaid
4
glance
4
qs
4
awsiotsdk
4
aws-iot-device-sdk-v2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
valine
4
mongo-express
4
jsonwebtoken
4
http-live-simulator
3
code-server
3
node-ipc
3
@backstage/techdocs-common
3
socket.io-parser
3
@strapi/utils
3
@cubejs-backend/api-gateway
3
codecov
3
keycloak-connect
3
postcss
3
uap-core
3
node-opcua
3
mathjs
3
loader-utils
3
grunt
3
@sequelize/core
3
js-yaml
3
jspdf
3
nodemailer
3
notevil
3
ses
3
node-jose
3
node-red-dashboard
3
org.webjars.npm:xlsx
3
passport-wsfed-saml2
3
jointjs
3
object-path
3
dns-sync
3
feathers-sequelize
3
protobufjs
3
m-server
3
n8n
3
jquery-validation
3
xmldom
3
locutus
3
apollo-server
3
slp-validate
3
fast-xml-parser
3
tough-cookie
3
stimulsoft-dashboards-js
3
statics-server
3
@vrite/sdk
3
jose-node-cjs-runtime
3
jose-node-esm-runtime
3
@sveltejs/kit
3
mxgraph
3
ids-enterprise
3
blamer
3
@commercial/subtext
3
@materializecss/materialize
3
jose
3
openmct
3
mixme
3
fuxa-server
3
simplehttpserver
3
dojox
3
bootstrap
3
connect
3
convict
3
json-ptr
3
localhost-now
3
nadesiko3
3
@ckeditor/ckeditor5-markdown-gfm
3
@uppy/companion
3
sails
3
highcharts
3
docsify
3
mysql
3
buttle
3
wrangler
3
serialize-to-js
3
froala-editor
3
slpjs
3
llhttp
3
bson
3
bin-links
3
yapi-vendor
3
@frangoteam/fuxa
3
immer
3
json-pointer
3
subtext
3
express-fileupload
3
@soketi/soketi
3
node-fetch
3
parsel
3
Filter by Repository
https://github.com/parse-community/parse-server
29
https://github.com/electron/electron
25
https://github.com/strapi/strapi
21
https://github.com/OpenZeppelin/openzeppelin-contracts
20
https://github.com/sequelize/sequelize
16
https://github.com/directus/directus
15
https://github.com/tinymce/tinymce
14
https://github.com/swagger-api/swagger-ui
13
https://github.com/nodejs/undici
12
https://github.com/laurent22/joplin
12
https://github.com/TryGhost/Ghost
12
https://github.com/patriksimek/vm2
12
https://github.com/ckeditor/ckeditor4
12
https://github.com/backstage/backstage
12
https://github.com/NodeBB/NodeBB
11
https://github.com/jquery/jquery
11
https://github.com/keystonejs/keystone
10
https://github.com/nextauthjs/next-auth
10
https://github.com/evershopcommerce/evershop
9
https://github.com/vercel/next.js
9
https://github.com/stealjs/steal
8
https://github.com/apollographql/apollo-server
8
https://github.com/digitalbazaar/forge
8
https://github.com/matrix-org/matrix-js-sdk
8
https://github.com/sebhildebrandt/systeminformation
8
https://github.com/pandao/editor.md
8
https://github.com/kjur/jsrsasign
8
https://github.com/matrix-org/matrix-react-sdk
7
https://github.com/matrix-org/matrix-appservice-irc
7
https://github.com/twbs/bootstrap
7
https://github.com/louislam/uptime-kuma
7
https://github.com/nocodb/nocodb
7
https://github.com/lodash/lodash
7
https://github.com/unshiftio/url-parse
7
https://github.com/ericcornelissen/shescape
7
https://github.com/totaljs/framework
6
https://github.com/eclipse-theia/theia
6
https://github.com/jquery/jquery-ui
6
https://github.com/panva/jose
6
https://github.com/ionicabizau/parse-url
6
https://github.com/shenzhim/aaptjs
6
https://github.com/facebook/hermes
6
https://github.com/npm/node-tar
6
https://github.com/DIYgod/RSSHub
6
https://github.com/markedjs/marked
5
https://github.com/npm/cli
5
https://github.com/gatsbyjs/gatsby
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/vitejs/vite
5
https://github.com/apostrophecms/sanitize-html
5
https://github.com/handlebars-lang/handlebars.js
5
https://github.com/BlackFan/client-side-prototype-pollution
5
https://github.com/vega/vega
5
https://github.com/GoogleChrome/rendertron
5
https://github.com/openpgpjs/openpgpjs
5
https://github.com/faisalman/ua-parser-js
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/cloudflare/workers-sdk
4
https://github.com/sidorares/node-mysql2
4
https://github.com/axios/axios
4
https://github.com/KaTeX/KaTeX
4
https://github.com/socketio/engine.io
4
https://github.com/hapijs/hapi
4
https://github.com/auth0/lock
4
https://github.com/balderdashy/sails
4
https://github.com/steveukx/git-js
4
https://github.com/auth0/node-jsonwebtoken
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/mrvautin/expressCart
4
https://github.com/xCss/Valine
4
https://github.com/follow-redirects/follow-redirects
4
https://github.com/PrismJS/prism
4
https://github.com/jonschlinkert/remarkable
4
https://github.com/yarnpkg/yarn
4
https://github.com/Dogfalo/materialize
4
https://github.com/Ylianst/MeshCentral
4
https://github.com/ofirdagan/cross-domain-local-storage
4
https://github.com/npm/npm
4
https://github.com/jhipster/generator-jhipster
4
https://github.com/mde/ejs
4
https://github.com/angular/angular.js
4
https://github.com/fastify/fastify
4
https://github.com/medialize/URI.js
4
https://github.com/medialize/uri.js
4
https://github.com/nodemailer/nodemailer
3
https://github.com/highcharts/highcharts
3
https://github.com/sveltejs/kit
3
https://github.com/n8n-io/n8n
3
https://github.com/node-opcua/node-opcua
3
https://github.com/nasa/openmct
3
https://github.com/NaturalIntelligence/fast-xml-parser
3
https://github.com/neocotic/convert-svg
3
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/kujirahand/nadesiko3
3
https://github.com/beerpwn/CVE
3
https://github.com/immerjs/immer
3
https://github.com/transloadit/uppy
3
https://github.com/nodejs/llhttp
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/infor-design/enterprise-ng
3
https://github.com/node-fetch/node-fetch
3
https://github.com/facebook/react
3
https://github.com/gruntjs/grunt
3
https://github.com/cure53/DOMPurify
3
https://github.com/salesforce/tough-cookie
3
https://github.com/clientIO/joint
3
https://github.com/mermaid-js/mermaid
3
https://github.com/RIAEvangelist/node-ipc
3
https://github.com/renovatebot/renovate
3
https://github.com/simpleledger/slpjs
3
https://github.com/mariocasciaro/object-path
3
https://github.com/moment/moment
3
https://github.com/mongodb/js-bson
3
https://github.com/ckeditor/ckeditor5
3
https://github.com/docsifyjs/docsify
3
https://github.com/cisco/node-jose
3
https://github.com/chjj/marked
3
https://github.com/skoranga/node-dns-sync
3
https://github.com/Marak/colors.js
3
https://github.com/dojo/dojo
3
https://github.com/dojo/dojox
3
https://github.com/manuelstofer/json-pointer
3
https://github.com/mongo-express/mongo-express
3
https://github.com/mozilla/node-convict
3
https://github.com/socketio/socket.io-parser
3
https://github.com/soketi/soketi
3
https://github.com/dwisiswant0/advisory
3
https://github.com/hapijs/subtext
3
https://github.com/MrRio/jsPDF
3
https://github.com/postcss/postcss
3
https://github.com/ua-parser/uap-core
3
https://github.com/adaltas/node-mixme
3
https://github.com/josdejong/mathjs
3
https://github.com/typeorm/typeorm
3
https://github.com/vendure-ecommerce/vendure
3
https://github.com/jfhbrook/node-ecstatic
3
https://github.com/jquery-validation/jquery-validation
3
https://github.com/YMFE/yapi
3
https://github.com/vanessa219/vditor
3
https://github.com/zeit/next.js
3
https://github.com/auth0/passport-wsfed-saml2
3
https://github.com/vriteio/vrite
3
https://github.com/webpack/loader-utils
3
https://github.com/zestedesavoir/zmarkdown
3
https://github.com/xmldom/xmldom
3
https://github.com/websockets/ws
3
https://github.com/Automattic/mongoose
3
https://github.com/jarofghosts/glance
3
https://github.com/apostrophecms/apostrophe
3
https://github.com/richardgirges/express-fileupload
2
https://github.com/rico345100/socket.io-file
2
https://github.com/amitmerchant1990/electron-markdownify
2
https://github.com/getsentry/sentry-javascript
2
https://github.com/gigafied/decal.js
2
https://github.com/mithunsatheesh/node-rules
2
https://github.com/deoxxa/dotty
2
https://github.com/gilbitron/Raneto
2
https://github.com/micromatch/braces
2
https://github.com/DCKT/localhost-now
2
https://github.com/dfinity/agent-js
2
https://github.com/request/request
2
https://github.com/webpack-contrib/webpack-bundle-analyzer
2
https://github.com/dimpu/ngx-md
2
https://github.com/alvarotrigo/fullpage.js
2
https://github.com/moment/moment-timezone
2
https://github.com/wenzhixin/bootstrap-table
2
https://github.com/jaw187/node-traceroute
2
https://github.com/rabobank-blockchain/vp-toolkit
2
https://github.com/Qwerios/madlib-object-utils
2
https://github.com/galkahana/HummusJS
2
https://github.com/quilljs/quill
2
https://github.com/monsterkodi/sds
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/markdown-it/markdown-it
2
https://github.com/jameswlane/status-board
2
https://github.com/julianhille/MuhammaraJS
2
https://github.com/simonh1000/angular-http-server
2
https://github.com/vivaxy/here
2
https://github.com/cloudhead/node-static
2
https://github.com/codecov/codecov-node
2
https://github.com/mathjax/MathJax
2
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/jsuites/jsuites
2
https://github.com/shelljs/shelljs
2
https://github.com/commenthol/safer-eval
2
https://github.com/commenthol/serialize-to-js
2
https://github.com/senchalabs/connect
2
https://github.com/semantic-release/semantic-release
2
https://github.com/guardian/html-janitor
2
https://github.com/vvakame/fs-git
2
https://github.com/cronvel/tree-kit
2
https://github.com/cube-js/cube.js
2
https://github.com/sass/node-sass
2
https://github.com/curveball/a12n-server
2
https://github.com/google/closure-library
2
https://github.com/jaredly/hexo-admin
2
https://github.com/mercurius-js/mercurius
2
https://github.com/js-data/js-data
2