Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1jOXZ2LWZoZ3YtY2pjM84AA5aA
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Ecosystems: npm
Packages: @dfinity/auth-client, @dfinity/identity
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1jcDY4LXFyaHItZzloOM4AA5Zx
MeshCentral cross-site websocket hijacking (CSWSH) vulnerability
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS0zamN2LTVmOXAtMmYycM4AA5YN
Cross-site Scripting in electron-pdf
Ecosystems: npm
Packages: electron-pdf
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01ampxLThjdmotdjZtOc4AA5Xi
Cross-site Scripting in Serenity
Ecosystems: npm, nuget
Packages: @serenity-is/corelib, Serenity.Net.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS13NGh2LXZtdjktaGdjcs4AA5Vm
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`
Ecosystems: npm
Packages: @scrypted/core, @scrypted/server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05ZjI0LWpxaG0tamZjd84AA5Vf
fetch(url) leads to a memory leak in undici
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wbWdtLWgzY2MtbTRoas4AA5Va
React Native Document Picker Directory Traversal vulnerability
Ecosystems: npm
Packages: react-native-document-picker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04bTM2LTYycnctOW14d84AA5Pv
mapshaper Path Traversal vulnerability
Ecosystems: npm
Packages: mapshaper
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 3 months ago
Low
GSA_kwCzR0hTQS1tM2Y0LTk1N3gtbTc4Nc4AA5OZ
lambda-middleware Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issue
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtracking
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yMnIzLTl3NTUtY2o1NM4AA5Lq
Pkg Local Privilege Escalation
Ecosystems: npm
Packages: pkg
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03OHhqLWNnaDUtMmgyMs4AA5Ki
NPM IP package incorrectly identifies some private IP addresses as public
Ecosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13aDV3LTgyZjMtd3J4aM4AA5JM
CKEditor cross-site scripting vulnerability in AJAX sample
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tdzJjLXZ4NmotbWc3Ns4AA5JL
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB
Stimulsoft Dashboard.JS directory traversal vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05bTZtLWM2NHItdzRmNM4AA5Es
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05Y2dmLXB4d3EtMmNwd84AA5ET
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 3 months ago
High
GSA_kwCzR0hTQS1tcHdqLWZjcjYteDM0Y84AA5DS
Yarn untrusted search path vulnerability
Ecosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tZjc0LXFxN3ctNmo3ds4AA5C2
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images
Ecosystems: npm
Packages: remark-images-download
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1tcTZ2LXczNWctM2M5N84AA5C1
Local File Inclusion vulnerability in zmarkdown
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12MjY5LXJycjYtY3g2cs4AA5CF
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01NDd4LTc0OHYtdnA2cM4AA5A9
Dash apps vulnerable to Cross-site Scripting
Ecosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05aDZnLXByMjgtN2NxcM4AA4-p
nodemailer ReDoS when trying to send a specially crafted email
Ecosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1wZjU1LWZqOTYteGYzN84AA499
@lobehub/chat vulnerable to unauthorized access to plugins
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1ydjhwLXJyMmgtZmdwZ84AA484
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @apollo/experimental-nextjs-app-support
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 4 months ago
High
GSA_kwCzR0hTQS1xaGpmLWhtNWotMzM1d84AA483
@urql/next Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @urql/next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS05OTdnLTI3eDgtNDNyZs4AA482
react-query-streamed-hydration Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @tanstack/react-query-next-experimental
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 4 months ago
High
GSA_kwCzR0hTQS12dmgyLTgyYzctcHBmZ84AA48B
network Arbitrary Command Injection vulnerability
Ecosystems: npm
Packages: network
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS04eHc2LTloNzgtYzg5as4AA470
Ylianst MeshCentral Missing SSL Certificate Validation
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS13cHh3LTV4Zm0teDIyds4AA47V
MeshCentral algorithm-downgrade issue
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS03eG04LXdqcTctODhyNc4AA47X
DeviceFarmer stf uses DES-ECB
Ecosystems: npm
Packages: @devicefarmer/stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX
Sending a GET or HEAD request with a body crashes SvelteKit
Ecosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00YzJnLWh4NDktN2gyNc4AA4oQ
Prototype pollution not blocked by object-path related utilities in hoolock
Ecosystems: npm
Packages: hoolock
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yanE1LXc0N3gteDM1Oc4AA4oP
@hono/node-server cannot handle "double dots" in URL
Ecosystems: npm
Packages: @hono/node-server
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG
Cross-site Scripting in Ghost
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 4 months ago
High
GSA_kwCzR0hTQS13ZzJ4LXJ2ODYtbW1weM4AA4lv
SPV Merkle proof malleability allows the maintainer to prove invalid transactions
Ecosystems: npm
Packages: @keep-network/tbtc-v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1jMjR2LThyZmMtdzh2d84AA4lu
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1yaDYzLTlxY2YtODNnZs4AA4kS
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02MmpyLTg0Z2Ytd21nNM4AA4eS
Default swagger-ui configuration exposes all files in the module
Ecosystems: npm
Packages: @fastify/swagger-ui
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 4 months ago
High
GSA_kwCzR0hTQS0zMnIzLTU3aHAtY2dmd84AA4bm
EverShop at risk to unauthorized access via weak HMAC secret
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1nZ3BtLTlxZngtbWh3Z84AA4bk
EverShop vulnerable to improper authorization in GraphQL endpoints
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xNnc1LWpnNXEtNDd2Z84AA4bF
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Ecosystems: npm
Packages: @clerk/nextjs
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00amgzLTZqaHYtMm1ncM4AA4Tj
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability
Ecosystems: npm
Packages: react-native-mmkv
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1nNzc3LWNycDktbTI3Z84AA4SE
Apprite CLI makes Use of Hard-coded Credentials
Ecosystems: pypi, npm
Packages: appwrite, appwrite-cli
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12MnYyLWhwaDgtcTV4cM4AA4PH
@fastify/reply-from JSON Content-Type parsing confusion
Ecosystems: npm
Packages: @fastify/reply-from
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 4 months ago
High
GSA_kwCzR0hTQS04NnJnLXBmNGMtNWdyZ84AA4MQ
@backstage/backend-app-api leaks GitLab access tokens
Ecosystems: npm
Packages: @backstage/backend-app-api
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mOG1wLXg0MzMtNXdwZs4AA4Lh
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jZnBoLTRxcWgtdzgyOM4AA4Lg
Arbitrary remote file read in Wrangler dev server
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 4 months ago
High
GSA_kwCzR0hTQS1mcWg2LTZoNmMtMzY2bc4AA4LR
CouchAuth host header injection vulnerability leaks the password reset token
Ecosystems: npm
Packages: @perfood/couch-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13amM0LTczcTYtZ3Yzbc4AA4Ki
plotly.js prototype pollution vulnerability
Ecosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qY2h3LTI1eHAtand3Y84AA4JD
Follow Redirects improperly handles URLs in the url.parse() function
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1yY3ZyLTh3aHgtM201cM4AA4HM
Layui cross-site scripting (XSS) vulnerability
Ecosystems: npm
Packages: layui
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1md3ZnLTI3MzktMjJ2N84AA4Gz
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
Ecosystems: npm
Packages: miniflare
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS03aHBqLTdoaHgtMmZneM4AA4D7
msgpackr's conversion of property names to strings can trigger infinite recursion
Ecosystems: npm
Packages: msgpackr
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wcWo1LTM3eGYteDVnY84AA39f
blinksocks has weak encryption algorithms
Ecosystems: npm
Packages: blinksocks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1qajkzLTM5cGYtN21jZs4AA39a
bsock uses weak hashing algorithms
Ecosystems: npm
Packages: bsock
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1qeDZxLWZxOWgtNmc3cc4AA35v
Pedroetb TTS-API OS Command Injection
Ecosystems: npm
Packages: tts-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS14M3YzLTh4ZzgtOHY3Ms4AA34P
Sentry's Astro SDK vulnerable to ReDoS
Ecosystems: npm
Packages: @sentry/astro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1wd2ZyLThwcTcteDlxds4AA32_
Unauthenticated Denial of Service in the octokit/webhooks library
Ecosystems: npm
Packages: probot, octokit, @octokit/app, @octokit/webhooks
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1jZnhoLWZyeDQtOWdqZ84AA3yd
Cross-site Scripting in @spscommerce/ds-react
Ecosystems: npm
Packages: @spscommerce/ds-react
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mNmd2LWhoOGotcTh2cc4AA3yc
Named path parameters can be overridden in TrieRouter
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05NzU5LTMyNzYtZzJwbc4AA3v-
Cube API denial of service attack
Ecosystems: npm
Packages: @cubejs-backend/api-gateway
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wMnZ4LXFqNjYtODhxM84AA3rz
Escalation of privileges in @sap/xssec
Ecosystems: npm
Packages: @sap/xssec
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04OGo0LXBjeDgtcTRxM84AA3q_
Password Change Vulnerability
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0zd2ZwLTI1M2otNWp4ds4AA3q8
SSRF & Credentials Leak
Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02OTlnLXE2cWgtcTR2OM4AA3q7
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1xeHJqLWh4MjMteHA4Ms4AA3qz
Overly permissive origin policy
Ecosystems: npm
Packages: @koa/cors
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: 5 months ago
High
GSA_kwCzR0hTQS1xNmh4LTNtNHAtNzQ5aM4AA3qn
DOS by abusing `fetchOptions.retry`.
Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tNnZtLWZmOXYtanAzcs4AA3pZ
Cross Site Scripting in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 5 months ago
High
GSA_kwCzR0hTQS1yd2YzLXc0anEtZjRjbc4AA3pe
Directory Traversal in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01bW1yLTlxeDMtM3BmOc4AA3pb
Code execution in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00d3JtLXFtcTItNWZqeM4AA3pc
Directory Traversal in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0yeGNqLTU1N2MtaGY4cs4AA3pd
Cross-site Scripting in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03NDQzLTU5NjItd3A0cs4AA3pf
Directory Traversal in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1namo4LW04M2MtcXY5aM4AA3pY
Cross-site Scripting in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 5 months ago
High
GSA_kwCzR0hTQS1taDhqLTlqdmgtZ2pmNs4AA3oc
mockjs vulnerable to Prototype Pollution via the Util.extend function
Ecosystems: npm
Packages: mockjs
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jNzlmLXBxZ2YtZmhwM84AA3n1
Directory Traversal in Gladys Assistant
Ecosystems: npm
Packages: gladys
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05MnIzLW0ybWctcGo5N84AA3lD
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00ZzZxLTc3ajctdnZqY84AA3hm
Logging of the firestore key within nodejs-firestore
Ecosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wcnIzLWMzbTUtcDdxMs4AA3d1
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 6 months ago
Low
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oZnhoLXJqdjctMjM2Oc4AA3Xr
Uptime Kuma Authenticated remote code execution via TailscalePing
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS03cHZ4LTQ1ODUtaHF3d84AA3W_
sequelize-typescript Prototype Pollution vulnerability
Ecosystems: npm
Packages: sequelize-typescript
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12NHYyLThoODgtNjVxas4AA3W6
Attribute Injection leading to XSS(Cross-Site-Scripting)
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command execution
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02aDY3LTkzNHItODJnN84AA3RQ
Bypass of field access control in strapi-plugin-protected-populate
Ecosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jMmZmLTg4eDIteDlwZ84AA3RL
JWT Algorithm Confusion
Ecosystems: npm
Packages: fast-jwt
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 6 months ago
High
GSA_kwCzR0hTQS00eHc5LWN4MzktcjM1Nc4AA3P4
json-web-token library is vulnerable to a JWT algorithm confusion attack
Ecosystems: npm
Packages: json-web-token
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13bTYzLTc2MjctY2gzM84AA3P1
@vendure/core's insecure currencyCode handling allows wrong payment amounts
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 6 months ago
High
GSA_kwCzR0hTQS01NHhxLWNncXItcnBtM84AA3N1
sharp vulnerability in libwebp dependency CVE-2023-4863
Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04aGdnLXh4bTUtMzg3M84AA3ID
DOMPurify Open Redirect vulnerability
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tNGNoLTRtNWYtMmdwNs4AA3GR
Bootbox.js Cross Site Scripting vulnerability
Ecosystems: npm
Packages: bootbox
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0ycm1yLXh3OG0tMjJxOc4AA3B6
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint
Ecosystems: npm
Packages: @sentry/nextjs
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 6 months ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 1,401
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
maven 5,573 packagist 3,982 pypi 3,848 npm 3,558 go 1,934 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 directus 18 sequelize 16 next 15 swagger-ui 14 tinymce 14 ghost 14 strapi 13 joplin 13 ckeditor4 13 undici 12 vm2 12 nodebb 11 handlebars 11 marked 11 angular 11 nocodb 10 @evershop/evershop 9 serve 9 next-auth 9 TinyMCE 9 tinymce/tinymce 9 node-forge 8 urijs 8 jsrsasign 8 express-cart 8 editor.md 8 validator 8 npm 8 @strapi/strapi 8 url-parse 8 tar 8 steal 8 systeminformation 8 bootstrap 8 matrix-js-sdk 8 org.webjars.npm:jquery 8 jquery 8 jquery-rails 8 total.js 7 sanitize-html 7 uptime-kuma 7 jquery-ui 7 matrix-appservice-irc 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 snyk-broker 7 jQuery 7 shescape 7 lodash 7 matrix-react-sdk 7 hermes-engine 7 hapi 7 safe-eval 6 aaptjs 6 rsshub 6 parse-url 6 prismjs 5 lodash-es 5 total4 5 openpgp 5 public 5 ejs 5 mongoose 5 vite 5 dojo 5 sweetalert2 5 yarn 5 vditor 5 ua-parser-js 5 rendertron 5 @strapi/plugin-users-permissions 5 xlsx 5 keystone 5 safer-eval 4 muhammara 4 remarkable 4 ecstatic 4 axios 4 convert-svg-core 4 hummus 4 simple-git 4 engine.io 4 jsonwebtoken 4 realms-shim 4 ws 4 fastify 4 katex 4 dompurify 4 apostrophe 4 vega 4 auth0-js 4 materialize-css 4 @keystone-6/core 4 moment 4 mongo-express 4 valine 4 mermaid 4 auth0-lock 4 @backstage/plugin-scaffolder-backend 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 apollo-server-core 4 meshcentral 4 glance 4 mysql2 4 generator-jhipster 4 follow-redirects 4 simple-markdown 4 qs 4 node-red-dashboard 3 notevil 3 org.webjars.npm:xlsx 3 object-path 3 loader-utils 3 ses 3 passport-wsfed-saml2 3 js-yaml 3 n8n 3 grunt 3 jspdf 3 locutus 3 codecov 3 jointjs 3 dns-sync 3 mysql 3 wrangler 3 yapi-vendor 3 @frangoteam/fuxa 3 ftp-srv 3 renovate 3 blamer 3 bootstrap 3 @ckeditor/ckeditor5-markdown-gfm 3 raneto 3 tough-cookie 3 froala-editor 3 highcharts 3 localhost-now 3 mixme 3 connect 3 jose 3 socket.io-file 3 fast-xml-parser 3 browserify-shim 3 slpjs 3 feathers-sequelize 3 protobufjs 3 http-live-simulator 3 uap-core 3 xmldom 3 m-server 3 keycloak-connect 3 @strapi/utils 3 @cubejs-backend/api-gateway 3 nodemailer 3 slp-validate 3 apollo-server 3 node-opcua 3 postcss 3 socket.io-parser 3 jquery-validation 3 @backstage/techdocs-common 3 node-ipc 3 mathjs 3 node-jose 3 parsel 3 @uppy/companion 3 nadesiko3 3 convict 3 dojox 3 simplehttpserver 3 fuxa-server 3 mxgraph 3 statics-server 3 stimulsoft-dashboards-js 3 express-fileupload 3 node-fetch 3 xdLocalStorage 3 @hapi/subtext 3 subtext 3 @apollo/server 3 json-pointer 3 immer 3 serialize-to-js 3 buttle 3 typeorm 3 lodash.defaultsdeep 3 @vrite/sdk 3 @commercial/subtext 3 json-ptr 3 @sveltejs/kit 3 snyk 3 @soketi/soketi 3 ids-enterprise 3
Filter by Repository
https://github.com/parse-community/parse-server 29 https://github.com/electron/electron 25 https://github.com/strapi/strapi 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/directus/directus 17 https://github.com/sequelize/sequelize 16 https://github.com/tinymce/tinymce 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/patriksimek/vm2 12 https://github.com/nodejs/undici 12 https://github.com/NodeBB/NodeBB 11 https://github.com/vercel/next.js 11 https://github.com/jquery/jquery 10 https://github.com/keystonejs/keystone 10 https://github.com/nextauthjs/next-auth 10 https://github.com/nocodb/nocodb 10 https://github.com/evershopcommerce/evershop 9 https://github.com/stealjs/steal 8 https://github.com/kjur/jsrsasign 8 https://github.com/apollographql/apollo-server 8 https://github.com/pandao/editor.md 8 https://github.com/matrix-org/matrix-js-sdk 8 https://github.com/sebhildebrandt/systeminformation 8 https://github.com/digitalbazaar/forge 8 https://github.com/twbs/bootstrap 7 https://github.com/unshiftio/url-parse 7 https://github.com/lodash/lodash 7 https://github.com/louislam/uptime-kuma 7 https://github.com/matrix-org/matrix-appservice-irc 7 https://github.com/matrix-org/matrix-react-sdk 7 https://github.com/ericcornelissen/shescape 7 https://github.com/jquery/jquery-ui 6 https://github.com/eclipse-theia/theia 6 https://github.com/DIYgod/RSSHub 6 https://github.com/ionicabizau/parse-url 6 https://github.com/shenzhim/aaptjs 6 https://github.com/panva/jose 6 https://github.com/totaljs/framework 6 https://github.com/npm/node-tar 6 https://github.com/facebook/hermes 6 https://github.com/apostrophecms/sanitize-html 5 https://github.com/handlebars-lang/handlebars.js 5 https://github.com/GoogleChrome/rendertron 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/npm/cli 5 https://github.com/openpgpjs/openpgpjs 5 https://github.com/vitejs/vite 5 https://github.com/markedjs/marked 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/gatsbyjs/gatsby 5 https://github.com/vega/vega 5 https://github.com/follow-redirects/follow-redirects 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/mrvautin/expressCart 4 https://github.com/npm/npm 4 https://github.com/steveukx/git-js 4 https://github.com/xCss/Valine 4 https://github.com/KaTeX/KaTeX 4 https://github.com/sidorares/node-mysql2 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/cloudflare/workers-sdk 4 https://github.com/PrismJS/prism 4 https://github.com/ofirdagan/cross-domain-local-storage 4 https://github.com/jonschlinkert/remarkable 4 https://github.com/axios/axios 4 https://github.com/yarnpkg/yarn 4 https://github.com/Dogfalo/materialize 4 https://github.com/hapijs/hapi 4 https://github.com/angular/angular.js 4 https://github.com/mde/ejs 4 https://github.com/auth0/node-jsonwebtoken 4 https://github.com/medialize/uri.js 4 https://github.com/medialize/URI.js 4 https://github.com/Ylianst/MeshCentral 4 https://github.com/balderdashy/sails 4 https://github.com/socketio/engine.io 4 https://github.com/fastify/fastify 4 https://github.com/auth0/lock 4 https://github.com/highcharts/highcharts 3 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3 https://github.com/neocotic/convert-svg 3 https://github.com/hapijs/subtext 3 https://github.com/sveltejs/kit 3 https://github.com/libxmljs/libxmljs 3 https://github.com/nodejs/llhttp 3 https://github.com/kujirahand/nadesiko3 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/beerpwn/CVE 3 https://github.com/node-opcua/node-opcua 3 https://github.com/immerjs/immer 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/transloadit/uppy 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/mermaid-js/mermaid 3 https://github.com/RIAEvangelist/node-ipc 3 https://github.com/renovatebot/renovate 3 https://github.com/nasa/openmct 3 https://github.com/n8n-io/n8n 3 https://github.com/facebook/react 3 https://github.com/moment/moment 3 https://github.com/mongodb/js-bson 3 https://github.com/docsifyjs/docsify 3 https://github.com/dojo/dojo 3 https://github.com/dojo/dojox 3 https://github.com/mongo-express/mongo-express 3 https://github.com/mozilla/node-convict 3 https://github.com/dwisiswant0/advisory 3 https://github.com/postcss/postcss 3 https://github.com/MrRio/jsPDF 3 https://github.com/nodemailer/nodemailer 3 https://github.com/soketi/soketi 3 https://github.com/socketio/socket.io-parser 3 https://github.com/manuelstofer/json-pointer 3 https://github.com/Marak/colors.js 3 https://github.com/skoranga/node-dns-sync 3 https://github.com/chjj/marked 3 https://github.com/cisco/node-jose 3 https://github.com/NaturalIntelligence/fast-xml-parser 3 https://github.com/ckeditor/ckeditor5 3 https://github.com/mariocasciaro/object-path 3 https://github.com/simpleledger/slpjs 3 https://github.com/clientIO/joint 3 https://github.com/gruntjs/grunt 3 https://github.com/cure53/DOMPurify 3 https://github.com/salesforce/tough-cookie 3 https://github.com/node-fetch/node-fetch 3 https://github.com/zeit/next.js 3 https://github.com/vriteio/vrite 3 https://github.com/webpack/loader-utils 3 https://github.com/jarofghosts/glance 3 https://github.com/typeorm/typeorm 3 https://github.com/adaltas/node-mixme 3 https://github.com/ua-parser/uap-core 3 https://github.com/websockets/ws 3 https://github.com/xmldom/xmldom 3 https://github.com/apostrophecms/apostrophe 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/josdejong/mathjs 3 https://github.com/jquery-validation/jquery-validation 3 https://github.com/vendure-ecommerce/vendure 3 https://github.com/Automattic/mongoose 3 https://github.com/vanessa219/vditor 3 https://github.com/zestedesavoir/zmarkdown 3 https://github.com/YMFE/yapi 3 https://github.com/shelljs/shelljs 2 https://github.com/matrix-org/matrix-appservice-bridge 2 https://github.com/mathjax/MathJax 2 https://github.com/payloadcms/payload 2 https://github.com/guardian/html-janitor 2 https://github.com/codecov/codecov-node 2 https://github.com/commenthol/safer-eval 2 https://github.com/commenthol/serialize-to-js 2 https://github.com/senchalabs/connect 2 https://github.com/semantic-release/semantic-release 2 https://github.com/vvakame/fs-git 2 https://github.com/peerigon/angular-expressions 2 https://github.com/ahdinosaur/set-in 2 https://github.com/peterbraden/node-opencv 2 https://github.com/jcubic/jquery.terminal 2 https://github.com/cronvel/tree-kit 2 https://github.com/mysqljs/mysql 2 https://github.com/cube-js/cube.js 2 https://github.com/adobe/css-tools 2 https://github.com/snyk/cli 2 https://github.com/Finastra/ssr-pages 2 https://github.com/manvel-khnkoyan/jpv 2 https://github.com/jonschlinkert/merge-deep 2 https://github.com/jwadhams/json-logic-js 2 https://github.com/jonschlinkert/mixin-deep 2 https://github.com/justmoon/node-bignum 2 https://github.com/chocobozzz/peertube 2 https://github.com/chriso/validator.js 2 https://github.com/christian-bromann/rgb2hex 2 https://github.com/sindresorhus/semver-regex 2 https://github.com/sindresorhus/is-svg 2 https://github.com/yahoo/serialize-javascript 2 https://github.com/julianhille/MuhammaraJS 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/markdown-it/markdown-it 2 https://github.com/aFarkas/lazysizes 2 https://github.com/simonh1000/angular-http-server 2 https://github.com/marudor/libxmljs2 2 https://github.com/jonschlinkert/set-value 2 https://github.com/vivaxy/here 2 https://github.com/jameswlane/status-board 2 https://github.com/endojs/endo 2 https://github.com/Agoric/realms-shim 2 https://github.com/jsuites/jsuites 2 https://github.com/webpack-contrib/webpack-bundle-analyzer 2 https://github.com/froala/wysiwyg-editor 2 https://github.com/mithunsatheesh/node-rules 2 https://github.com/dfinity/agent-js 2