Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm undici Security Advisories
Browse all Security Advisories for npm undici
Loading...
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 4 months ago
GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 4 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 7 months ago
GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrectEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 7 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipelineEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 8 months ago
GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg
Undici proxy-authorization header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 8 months ago
GSA_kwCzR0hTQS05ZjI0LWpxaG0tamZjd84AA5Vf
fetch(url) leads to a memory leak in undiciEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 8 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 1 year ago
GSA_kwCzR0hTQS13cXE0LTV3cHYtbXgyZ84AA2eY
Undici's cookie header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 1 year ago
GSA_kwCzR0hTQS01cjlnLXFoNm0tanhmZs4AAxq9
CRLF Injection in Nodejs ‘undici’ via hostEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: over 1 year ago
GSA_kwCzR0hTQS1yNmNoLW1xZjktcWM5d84AAxq-
Regular Expression Denial of Service in HeadersEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
GSA_kwCzR0hTQS1mNzcyLTY2ZzgtcTVoM84AAuFo
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-TypeEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
GSA_kwCzR0hTQS04cXI0LXhndzYtd21yM84AAuFj
`undici.request` vulnerable to SSRF using absolute URL on `pathname`Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: over 2 years ago
GSA_kwCzR0hTQS1xNzY4LXg5bTYtbTlxcM4AAtkI
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirectEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 2 years ago
GSA_kwCzR0hTQS0zY3ZyLTgyMnItcnFjY84AAtkH
undici before v5.8.0 vulnerable to CRLF injection in request headersEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 2 years ago
High
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 2 years ago
GSA_kwCzR0hTQS1wZ3c3LXd4N3ctMnczM84AArtC
ProxyAgent vulnerable to MITMEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 2 years ago
Statistics
Advisories: 20,359
Packages: 8,934
Repositories: 1
Ecosystems: 12
Packages: 8,934
Repositories: 1
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
31
directus
26
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
next
18
sequelize
16
tinymce
16
ckeditor4
15
ghost
15
swagger-ui
14
strapi
13
joplin
13
undici
13
angular
13
vm2
12
handlebars
11
marked
11
tinymce/tinymce
11
TinyMCE
11
nodebb
11
bootstrap
10
matrix-js-sdk
10
flowise
10
nocodb
10
@evershop/evershop
9
matrix-react-sdk
9
next-auth
9
twbs/bootstrap
9
bootstrap
9
org.webjars:bootstrap
9
bootstrap
9
@strapi/strapi
9
serve
9
systeminformation
8
editor.md
8
jsrsasign
8
tar
8
steal
8
validator
8
url-parse
8
jquery-rails
8
urijs
8
express-cart
8
org.webjars.npm:jquery
8
node-forge
8
npm
8
jquery
8
matrix-appservice-irc
8
jQuery
7
lunary
7
sanitize-html
7
jQuery.UI.Combined
7
org.webjars.npm:jquery-ui
7
elliptic
7
jquery-ui-rails
7
vite
7
jquery-ui
7
snyk-broker
7
hermes-engine
7
shescape
7
uptime-kuma
7
total.js
7
bootstrap-sass
7
hapi
7
lodash
7
bootstrap.sass
7
dompurify
6
@strapi/plugin-users-permissions
6
safe-eval
6
rsshub
6
aaptjs
6
parse-url
6
bootstrap-sass
6
mysql2
5
lodash-es
5
ejs
5
mermaid
5
@saltcorn/server
5
vditor
5
axios
5
xlsx
5
openpgp
5
total4
5
public
5
rendertron
5
mongoose
5
ua-parser-js
5
ws
5
sweetalert2
5
dojo
5
mattermost-desktop
5
prismjs
5
keystone
5
yarn
5
convert-svg-core
4
apostrophe
4
remarkable
4
mongo-express
4
simple-markdown
4
auth0-js
4
fast-xml-parser
4
meshcentral
4
katex
4
@backstage/plugin-scaffolder-backend
4
ecstatic
4
apollo-server-core
4
valine
4
moment
4
hono
4
muhammara
4
hummus
4
glance
4
generator-jhipster
4
engine.io
4
realms-shim
4
materialize-css
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
aws-iot-device-sdk-v2
4
@lobehub/chat
4
awsiotsdk
4
safer-eval
4
fastify
4
simple-git
4
follow-redirects
4
@keystone-6/core
4
qs
4
jsonwebtoken
4
auth0-lock
4
vega
4
express
4
jquery-validation
3
node-ipc
3
feathers-sequelize
3
jspdf
3
mathjs
3
apollo-server
3
slp-validate
3
@cubejs-backend/api-gateway
3
m-server
3
@directus/api
3
dns-sync
3
uap-core
3
http-live-simulator
3
protobufjs
3
js-yaml
3
object-path
3
loader-utils
3
serialize-to-js
3
tough-cookie
3
@vrite/sdk
3
json-ptr
3
@sveltejs/kit
3
ids-enterprise
3
typeorm
3
@materializecss/materialize
3
sails
3
nadesiko3
3
dojox
3
simplehttpserver
3
snyk
3
@soketi/soketi
3
django-tinymce
3
node-fetch
3
llhttp
3
libxmljs
3
passport-wsfed-saml2
3
node-red-dashboard
3
codecov
3
@janhq/core
3
@jmondi/url-to-png
3
nuxt
3
raneto
3
org.webjars.npm:xlsx
3
jointjs
3
n8n
3
locutus
3
socket.io
3
openmct
3
@sequelize/core
3
bson
3
immer
3
json-pointer
3
@apollo/server
3
xdLocalStorage
3
layui
3
stimulsoft-dashboards-js
3
statics-server
3
mxgraph
3
fuxa-server
3
convict
3
@uppy/companion
3
parsel
3
jose-node-esm-runtime
3
jose-node-cjs-runtime
3
lodash.defaultsdeep
3
buttle
3
@builder.io/qwik
3
highcharts
3
localhost-now
3
Filter by Repository