Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm url-parse Security Advisories

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2YzQtOHdycC1qOTl2

Improper Validation and Sanitization in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Published: over 1 year ago

Critical

GSA_kwCzR0hTQS1oZ2poLTcyM2gtbXgyas0t5g

Authorization Bypass Through User-Controlled Key in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1ycWZmLTgzN2gtbW01Ms0rxw

Authorization bypass in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Published: over 1 year ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2NGMtcDJqNS0zOGo0

Open Redirect in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Published: almost 5 years ago

Moderate

GSA_kwCzR0hTQS1qZjVyLThobTItZjg3Ms0uHQ

Incorrect hostname / protocol due to unstripped leading control characters.
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS04djM4LXB3NjItOWN3Ms0s1g

Incorrect returned href via an '@' sign but no user info and hostname
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Published: over 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoMjctZmZyMi1mMmpj

Open redirect in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Published: almost 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltNmotZmNnNS0yNDQy

Path traversal in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Published: about 2 years ago

Filter by Severity

Moderate 5,145 High 4,556 Critical 2,099 Low 676

Filter by Ecosystem

maven 3,859 npm 3,126 pypi 2,605 packagist 1,696 go 1,243 nuget 939 rubygems 711 cargo 640 hex 21 actions 10 pub 5

Filter by Package

parse-server 24 electron 19 sequelize 17 @openzeppelin/contracts-upgradeable 16 marked 16 @openzeppelin/contracts 15 swagger-ui 14 strapi 14 handlebars 13 next 12 vm2 10 ghost 10 angular 10 ckeditor4 10 tinymce 10 directus 9 jquery 9 validator 9 serve 9 nodebb 8 url-parse 8 matrix-js-sdk 8 urijs 8 steal 8 jquery-ui 8 next-auth 8 npm 8 node-forge 8 editor.md 8 tar 7 total.js 7 systeminformation 7 jsrsasign 7 keystone 7 snyk-broker 7 hapi 7 bootstrap 7 hermes-engine 7 jQuery 7 undici 7 lodash 7 express-cart 6 parse-url 6 joplin 6 @strapi/strapi 6 safe-eval 6 aaptjs 6 matrix-react-sdk 6 shescape 5 ua-parser-js 5 rendertron 5 dojo 5 dns-sync 5 ecstatic 5 safer-eval 5 moment 5 qs 5 public 5 @sequelize/core 5 jsonwebtoken 5 lodash-es 5 prismjs 5 sanitize-html 5 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 simple-git 4 rsshub 4 simple-markdown 4 glance 4 sweetalert2 4 engine.io 4 matrix-appservice-irc 4 yarn 4 hummus 4 muhammara 4 nocodb 4 apostrophe 4 generator-jhipster 4 valine 4 highcharts 4 is-my-json-valid 4 mermaid 4 auth0-js 4 vditor 4 xmldom 4 materialize-css 4 ejs 4 tinymce/tinymce 4 TinyMCE 4 realms-shim 4 fastify 4 xlsx 4 ws 4 openpgp 4 remarkable 4 vega 4 auth0-lock 4 xdLocalStorage 3 jwt-simple 3 @strapi/plugin-users-permissions 3 mixme 3 static-eval 3 nadesiko3 3 jspdf 3 bson 3 immer 3 jointjs 3 axios 3 ftp-srv 3 aedes 3 subtext 3 @hapi/subtext 3 bin-links 3 node-red-dashboard 3 node-fetch 3 mongoose 3 lodash.merge 3 apollo-server 3 harp 3 minimist 3 dompurify 3 node-opcua 3 apollo-server-core 3 raneto 3 protobufjs 3 hekto 3 object-path 3 jquery-validation 3 json-pointer 3 @uppy/companion 3 slpjs 3 froala-editor 3 convert-svg-core 3 yapi-vendor 3 node-ipc 3 grunt 3 code-server 3 mathjs 3 keycloak-connect 3 send 3 notevil 3 sails 3 feathers-sequelize 3 json-ptr 3 mongo-express 3 convict 3 @backstage/plugin-scaffolder-backend 3 socket.io-parser 3 loader-utils 3 org.webjars.npm:xlsx 3 simplehttpserver 3 socket.io-file 3 locutus 3 @backstage/techdocs-common 3 n8n 3 codecov 3 @ckeditor/ckeditor5-markdown-gfm 3 uap-core 3 @commercial/subtext 3 parsel 3 http-live-simulator 3 lodash.mergewith 3 lodash.defaultsdeep 3 buttle 3 serialize-to-js 3 m-server 3 slp-validate 3 dojox 3 https-proxy-agent 3 ids-enterprise 3 localhost-now 3 js-yaml 3 uglify-js 3 macaddress 2 node-rules 2 lazysizes 2 decal 2 http-proxy-agent 2 waterline-sequel 2 @claviska/jquery-minicolors 2 whereis 2 merge 2 fastify-static 2 canvas 2 sshpk 2 jsuites 2 docsify 2 @node-red/runtime 2 node-jose 2 nunjucks 2 sockjs 2 papaparse 2 highlight.js 2 electron-markdownify 2 async-git 2 multi-ini 2 request 2 braces 2 @hapi/hoek 2 isolated-vm 2 netmask 2 ses 2 saml2-js 2 yeoman-genrator 2 json-serializer 2 ibm_db 2 node-saml 2 quill 2 debug 2 snyk 2 set-in 2 loopback 2 defaults-deep 2 elliptic 2 eslint-config-eslint 2 @fastify/passport 2 flatmap-stream 2 angular-expressions 2 minimatch 2 dotty 2 fs-path 2 jose-node-esm-runtime 2 jose 2 jose-node-cjs-runtime 2 jose-browser-runtime 2 google-closure-library 2 knockout 2 moment-timezone 2 vite 2 @actions/core 2 constantinople 2 list-n-stream 2 tough-cookie 2 node-simple-router 2 renovate 2 @finastra/nestjs-proxy 2 mysql 2 @builder.io/qwik 2 tomato 2 jQuery.Validation 2 serialize-javascript 2 serve-lite 2 bootstrap-table 2 pullit 2 node-static 2 blamer 2 payload 2 deep-get-set 2 deap 2 detect-character-encoding 2 querymen 2 fast-string-search 2 crud-file-server 2 dot 2 set-value 2 giting 2 jpeg-js 2 semver-regex 2 ungit 2 mout 2 @keystone-6/core 2 @xmldom/xmldom 2 sds 2 shell-quote 2 fastify-csrf 2 node-sass 2 html-janitor 2 mapbox-rails 2 mapbox.js 2 @npmcli/arborist 2 jszip 2 ms 2 madlib-object-utils 2 express-openid-connect 2 css-what 2 passport-saml 2 bodymen 2 rgb2hex 2 libnested 2 acorn 2 connect 2 assign-deep 2 merge-deep 2 status-board 2 http-file-server 2 jquery-rails 2 typeorm 2 jquery.terminal 2 angular-http-server 2 @cubejs-backend/api-gateway 2 mqtt-packet 2 bootstrap-sass 2 bootstrap 2 st 2 i18next 2 mustache 2 ssri 2 http-proxy 2 express-fileupload 2