Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm Security Advisories
Loading...
High
Ecosystems: npm
Packages: @conform-to/yup, @conform-to/zod, @conform-to/dom
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 days ago
GSA_kwCzR0hTQS02MjRnLThxamctOHF4Zs4AA7QR
Conform contains a Prototype Pollution Vulnerability in `parseWith...` functionEcosystems: npm
Packages: @conform-to/yup, @conform-to/zod, @conform-to/dom
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 days ago
Moderate
Ecosystems: npm
Packages: renovate
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 days ago
GSA_kwCzR0hTQS1ycWd2LTI5MnYtNXFncs4AA7QK
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliasesEcosystems: npm
Packages: renovate
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 days ago
Moderate
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 3 days ago
GSA_kwCzR0hTQS0zbXBmLXJjYzctNTM0N84AA7QJ
Hono vulnerable to Restricted Directory Traversal in serveStatic with denoEcosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 3 days ago
Critical
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 4 days ago
GSA_kwCzR0hTQS00cmNoLTJmaDgtOTR2d84AA7Pp
MySQL2 for Node Arbitrary Code InjectionEcosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 4 days ago
High
Ecosystems: npm
Packages: @hoppscotch/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
GSA_kwCzR0hTQS1xbW1tLTczcjItZjh4cs4AA7PR
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCEEcosystems: npm
Packages: @hoppscotch/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
Ecosystems: npm
Packages: @hono/node-server
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 7 days ago
GSA_kwCzR0hTQS1oZ3h3LTV4ZzMtNjlqeM4AA7Nw
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsedEcosystems: npm
Packages: @hono/node-server
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 7 days ago
Low
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
GSA_kwCzR0hTQS0yM3EyLTVnZjgtZ2pwcM4AA7NN
Enabling Authentication does not close all logged in socket connections immediatelyEcosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
Ecosystems: npm
Packages: @andrei-tatar/nora-firebase-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
GSA_kwCzR0hTQS1qamZmLXEzcTQtNWhoOM4AA7Lu
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerabilityEcosystems: npm
Packages: @andrei-tatar/nora-firebase-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Low
Ecosystems: npm
Packages: derby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
GSA_kwCzR0hTQS04Mmp2LTl3anctcHFoNs4AA7KU
Prototype pollution in emit functionEcosystems: npm
Packages: derby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
Ecosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 9 days ago
GSA_kwCzR0hTQS1tNjRxLTRqcWgtZjcyZs4AA7KT
Stored Cross-site Scripting (XSS) in excalidraw's web embed componentEcosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 9 days ago
High
Ecosystems: npm
Packages: @solana/web3.js
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 9 days ago
GSA_kwCzR0hTQS04bTQ1LTJyam0tajM0N84AA7I8
Handling untrusted input can result in a crash, leading to loss of availability / denial of serviceEcosystems: npm
Packages: @solana/web3.js
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 9 days ago
High
Ecosystems: npm
Packages: @aws-amplify/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
GSA_kwCzR0hTQS04NDZnLXA3aG0tZjU0cs4AA7Ba
AWS Amplify CLI has incorrect trust policy managementEcosystems: npm
Packages: @aws-amplify/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
Moderate
Ecosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 15 days ago
GSA_kwCzR0hTQS14NTY1LTMycXAtbTN2Zs4AA67m
phin may include sensitive headers in subsequent requests after redirectEcosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 15 days ago
Moderate
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
GSA_kwCzR0hTQS13bTR3LTdoMnEtM3BmN84AA67l
Matrix IRC Bridge truncated content of messages can be leakedEcosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 16 days ago
GSA_kwCzR0hTQS1mcHc3LWoyaGctNjl2Nc4AA66u
mysql2 Remote Code Execution (RCE) via the readCodeFor functionEcosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 16 days ago
Moderate
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 16 days ago
GSA_kwCzR0hTQS00d2gzLTN3ZjItMzltOc4AA66A
Summernote vulnerable to cross-site scriptingEcosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 16 days ago
Moderate
Ecosystems: npm
Packages: @digitalbazaar/zcap
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 16 days ago
GSA_kwCzR0hTQS1ocDhoLTd4NjktNHdtds4AA63y
zcap has incomplete expiration checks in capability chains.Ecosystems: npm
Packages: @digitalbazaar/zcap
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 16 days ago
High
Ecosystems: npm
Packages: @fastify/secure-session
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 16 days ago
GSA_kwCzR0hTQS05d3dwLXE3d3EtangzNc4AA63x
@fastify/secure-session: Reuse of destroyed secure session cookieEcosystems: npm
Packages: @fastify/secure-session
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 16 days ago
Moderate
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 16 days ago
GSA_kwCzR0hTQS1tcXIyLXc3d2otampncs4AA62q
mysql2 cache poisoning vulnerabilityEcosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 16 days ago
Moderate
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 16 days ago
GSA_kwCzR0hTQS00OWo0LTg2bTgtcTJqd84AA62p
mysql2 vulnerable to Prototype PoisoningEcosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 16 days ago
Moderate
Ecosystems: npm
Packages: @kyivstarteam/react-native-sms-user-consent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
GSA_kwCzR0hTQS1yOTU2LTI1NTMtdnZocs4AA6sD
React Native Sms User Consent Intent Redirection VulnerabilityEcosystems: npm
Packages: @kyivstarteam/react-native-sms-user-consent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
Moderate
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
GSA_kwCzR0hTQS0ycDJ4LXA3d2otajVoMs4AA6qU
PsiTransfer: File integrity violationEcosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
GSA_kwCzR0hTQS14Zzh2LW0ybWgtNDVtNs4AA6qV
PsiTransfer: Violation of the integrity of file distributionEcosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
Ecosystems: npm
Packages: xlsx
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 22 days ago
GSA_kwCzR0hTQS01cGdnLTJnOHYtcDR4Oc4AA6pz
SheetJS Regular Expression Denial of Service (ReDoS)Ecosystems: npm
Packages: xlsx
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 22 days ago
Critical
Ecosystems: npm
Packages: maildev
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 22 days ago
GSA_kwCzR0hTQS12YzZxLWNjajktOXI4Oc4AA6py
MailDev Remote Code ExecutionEcosystems: npm
Packages: maildev
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 22 days ago
High
Ecosystems: npm
Packages: dectalk-tts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
GSA_kwCzR0hTQS02Y2Y2LThodnItcjY4d84AA6o3
dectalk-tts Uses Unencrypted HTTP RequestEcosystems: npm
Packages: dectalk-tts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 22 days ago
GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrectEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 22 days ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 22 days ago
GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipelineEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 22 days ago
Moderate
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 23 days ago
GSA_kwCzR0hTQS04amh3LTI4OWgtamgyZ84AA6l1
Vite's `server.fs.deny` did not deny requests for patterns with directories.Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 23 days ago
High
Ecosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
GSA_kwCzR0hTQS1jNGdyLXE5N2ctcHB3Y84AA6gY
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-listsEcosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
High
Ecosystems: npm
Packages: @electron/packager
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 28 days ago
GSA_kwCzR0hTQS0zNGgzLThtdzQtcXc1N84AA6d1
@electron/packager's build process memory potentially leaked into final executableEcosystems: npm
Packages: @electron/packager
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 28 days ago
Moderate
Ecosystems: npm
Packages: @workos-inc/authkit-nextjs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
GSA_kwCzR0hTQS0zNXczLTZxaGMtNDc0ds4AA6d0
@workos-inc/authkit-nextjs session replay vulnerabilityEcosystems: npm
Packages: @workos-inc/authkit-nextjs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
High
Ecosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
GSA_kwCzR0hTQS13Mzg3LTVxcXctN2c4bc4AA6dw
Content-Security-Policy header generation in middleware could be compromised by malicious injectionsEcosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
High
Ecosystems: npm
Packages: web3-utils
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: about 1 month ago
GSA_kwCzR0hTQS0yZzRjLThmcG0tYzQ2ds4AA6YV
web3-utils Prototype Pollution vulnerabilityEcosystems: npm
Packages: web3-utils
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: about 1 month ago
Moderate
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 1 month ago
GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframesEcosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 1 month ago
Moderate
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 1 month ago
GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elementsEcosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 1 month ago
GSA_kwCzR0hTQS1ydjk1LTg5NmgtYzJ2Y84AA6Rd
Express.js Open Redirect in malformed URLsEcosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: about 1 month ago
GSA_kwCzR0hTQS0zd2M1LWZjdzItMjMyOc4AA6Rb
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocolsEcosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 1 month ago
GSA_kwCzR0hTQS1mOTh3LTdjeHItZmYyaM4AA6Ra
KaTeX's `\includegraphics` does not escape filenameEcosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 month ago
GSA_kwCzR0hTQS1jdnI2LTM3Z3gtdjh3Y84AA6RZ
KaTeX's maxExpand bypassed by Unicode sub/superscriptsEcosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 month ago
GSA_kwCzR0hTQS02NGZtLThodzItdjcyd84AA6RY
KaTeX's maxExpand bypassed by `\edef`Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 month ago
High
Ecosystems: npm
Packages: @oneuptime/common-server, @oneuptime/model
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
GSA_kwCzR0hTQS0yNDZwLXhtZzgtd21jcc4AA6RW
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key ManipulationEcosystems: npm
Packages: @oneuptime/common-server, @oneuptime/model
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
Ecosystems: npm
Packages: @thi.ng/paths
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS04cHByLXd3dzgtaGZqeM4AA6RK
@thi.ng/paths Prototype Pollution vulnerabilityEcosystems: npm
Packages: @thi.ng/paths
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: translate
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 month ago
GSA_kwCzR0hTQS04ODJqLTR2ajUtN3Ztas4AA6O1
Cache Poisoning VulnerabilityEcosystems: npm
Packages: translate
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: tar, node-tar
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 1 month ago
GSA_kwCzR0hTQS1mNXgzLTMyZzYteHEzNs4AA6O0
Denial of service while parsing a tar file due to lack of folders count validationEcosystems: npm
Packages: tar, node-tar
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 1 month ago
High
Ecosystems: npm
Packages: webpack-dev-middleware
Source: GitHub Advisory Database
Blast Radius: 48.0
Published: about 1 month ago
GSA_kwCzR0hTQS13cjNqLXB3ajktaHFxNs4AA6Nc
Path traversal in webpack-dev-middlewareEcosystems: npm
Packages: webpack-dev-middleware
Source: GitHub Advisory Database
Blast Radius: 48.0
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: survey-creator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS14Z2o0LTJocmYtajR4Z84AA6Mj
Cross-site scripting in Survey CreatorEcosystems: npm
Packages: survey-creator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 1 month ago
GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job nameEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 1 month ago
High
Ecosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 1 month ago
GSA_kwCzR0hTQS1tcDc2LTd3NXYtcHI3Nc4AA6CN
TurboBoost Commands vulnerable to arbitrary method invocationEcosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 1 month ago
GSA_kwCzR0hTQS1jeGpoLXBxd3AtOG1mcM4AA6AJ
follow-redirects' Proxy-Authorization header kept across hostsEcosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 2 months ago
GSA_kwCzR0hTQS1mcjN3LTJwMjItNnc3cM4AA572
URL Redirection to Untrusted Site in OAuth2/OpenID in directusEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 2 months ago
Low
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 months ago
GSA_kwCzR0hTQS0yY2NyLWcycnYtaDY3N84AA571
Session Token in URL in directusEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 months ago
High
Ecosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 2 months ago
GSA_kwCzR0hTQS1mNzhqLTR3M2ctNHE2Nc4AA56t
StimulusReflex arbitrary method callEcosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: jose, jose-node-esm-runtime, jose-node-cjs-runtime
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: about 2 months ago
GSA_kwCzR0hTQS1oaGh2LXE1N2ctODgycc4AA502
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintextEcosystems: npm
Packages: jose, jose-node-esm-runtime, jose-node-cjs-runtime
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 2 months ago
GSA_kwCzR0hTQS0zcDNwLWNnajctdmd3M84AA5zO
RSSHub vulnerable to Server-Side Request ForgeryEcosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 months ago
GSA_kwCzR0hTQS0yd3F3LWhyNGYteHJoaM4AA5zN
RSSHub Cross-site Scripting vulnerability caused by internal media proxyEcosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @tomphttp/bare-server-node
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 2 months ago
GSA_kwCzR0hTQS04NmZjLWY5Z3ItdjUzM84AA5xc
HTTP Handling Vulnerability in the Bare serverEcosystems: npm
Packages: @tomphttp/bare-server-node
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: jsonata
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 months ago
GSA_kwCzR0hTQS1mcWc4LXZmdjctOGZqOM4AA5wD
JSONata expression can pollute the "Object" prototypeEcosystems: npm
Packages: jsonata
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 months ago
High
Ecosystems: npm
Packages: app-builder-lib
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 months ago
GSA_kwCzR0hTQS1yNHBmLTN2N3ItaGg1Nc4AA5wC
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)Ecosystems: npm
Packages: app-builder-lib
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: hexo-theme-anzhiyu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS04MmpmLThmMjQteHE5bc4AA5t8
hexo-theme-anzhiyu Cross-site Scripting vulnerabilityEcosystems: npm
Packages: hexo-theme-anzhiyu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 months ago
GSA_kwCzR0hTQS01bWhnLXd2OHctcDU5as4AA5sN
Directus version number disclosureEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @budibase/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS00ZzJ4LXZxNXAtNXZqNs4AA5sL
Budibase affected by VM2 Constructor Escape VulnerabilityEcosystems: npm
Packages: @budibase/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL InjectionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 months ago
GSA_kwCzR0hTQS1xdzlnLTc1NDktN3dnNc4AA5r0
Directus has MySQL accent insensitive email matchingEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 months ago
Low
Ecosystems: npm
Packages: @sentry/react-native
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS02OGMyLTRtcHgtcWg5Nc4AA5rz
Potential leakage of Sentry auth tokens by React Native SDK with Expo pluginEcosystems: npm
Packages: @sentry/react-native
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: mongo-express
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1mZmZnLWN3YzkteHZqN84AA5rI
mongo-express Cross-site Request Forgery vulnerabilityEcosystems: npm
Packages: mongo-express
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: nteract
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS02anZnLWhwMjUtNDJmNs4AA5rD
Nteract Remote Code Execution vulnerabilityEcosystems: npm
Packages: nteract
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR
OpenZeppelin Contracts base64 encoding may read from potentially dirty memoryEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @nfid/embed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS04NGMzLWo4cjItbWNtOM4AA5gp
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keysEcosystems: npm
Packages: @nfid/embed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
Ecosystems: npm
Packages: es5-ext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS00Z21qLTNwM2gtZ204aM4AA5gl
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`Ecosystems: npm
Packages: es5-ext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 2 months ago
GSA_kwCzR0hTQS1ybTk3LXg1NTYtcTM2aM4AA5fD
sanitize-html Information Exposure vulnerabilityEcosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 2 months ago
High
Ecosystems: npm
Packages: @backstage/backend-common
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 2 months ago
GSA_kwCzR0hTQS0yZmM5LXhwcDgtMmc5aM4AA5ef
`@backstage/backend-common` vulnerable to path traversal through symlinksEcosystems: npm
Packages: @backstage/backend-common
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 2 months ago
Critical
Ecosystems: npm
Packages: @dfinity/auth-client, @dfinity/identity
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 2 months ago
GSA_kwCzR0hTQS1jOXZ2LWZoZ3YtY2pjM84AA5aA
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`Ecosystems: npm
Packages: @dfinity/auth-client, @dfinity/identity
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 2 months ago
High
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1jcDY4LXFyaHItZzloOM4AA5Zx
MeshCentral cross-site websocket hijacking (CSWSH) vulnerabilityEcosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
Ecosystems: npm
Packages: electron-pdf
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
GSA_kwCzR0hTQS0zamN2LTVmOXAtMmYycM4AA5YN
Cross-site Scripting in electron-pdfEcosystems: npm
Packages: electron-pdf
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
Ecosystems: npm, nuget
Packages: @serenity-is/corelib, Serenity.Net.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS01ampxLThjdmotdjZtOc4AA5Xi
Cross-site Scripting in SerenityEcosystems: npm, nuget
Packages: @serenity-is/corelib, Serenity.Net.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
Ecosystems: npm
Packages: @scrypted/core, @scrypted/server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
GSA_kwCzR0hTQS13NGh2LXZtdjktaGdjcs4AA5Vm
GitHub Security Lab (GHSL) Vulnerability Report, scrypted: `GHSL-2023-218`, `GHSL-2023-219`Ecosystems: npm
Packages: @scrypted/core, @scrypted/server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 2 months ago
GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg
Undici proxy-authorization header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 2 months ago
GSA_kwCzR0hTQS05ZjI0LWpxaG0tamZjd84AA5Vf
fetch(url) leads to a memory leak in undiciEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: react-native-document-picker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
GSA_kwCzR0hTQS1wbWdtLWgzY2MtbTRoas4AA5Va
React Native Document Picker Directory Traversal vulnerabilityEcosystems: npm
Packages: react-native-document-picker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: mapshaper
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 2 months ago
GSA_kwCzR0hTQS04bTM2LTYycnctOW14d84AA5Pv
mapshaper Path Traversal vulnerabilityEcosystems: npm
Packages: mapshaper
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 2 months ago
Low
Ecosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS1tM2Y0LTk1N3gtbTc4Nc4AA5OZ
lambda-middleware Inefficient Regular Expression Complexity vulnerabilityEcosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issueEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 3 months ago
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtrackingEcosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: pkg
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 3 months ago
GSA_kwCzR0hTQS0yMnIzLTl3NTUtY2o1NM4AA5Lq
Pkg Local Privilege EscalationEcosystems: npm
Packages: pkg
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS03OHhqLWNnaDUtMmgyMs4AA5Ki
NPM IP package incorrectly identifies some private IP addresses as publicEcosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
GSA_kwCzR0hTQS13aDV3LTgyZjMtd3J4aM4AA5JM
CKEditor cross-site scripting vulnerability in AJAX sampleEcosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
GSA_kwCzR0hTQS1tdzJjLXZ4NmotbWc3Ns4AA5JL
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview featureEcosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detectionEcosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Critical
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 3 months ago
GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB
Stimulsoft Dashboard.JS directory traversal vulnerabilityEcosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 3 months ago
GSA_kwCzR0hTQS05bTZtLWM2NHItdzRmNM4AA5Es
Stimulsoft Dashboard.JS Cross Site Scripting vulnerabilityEcosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 3 months ago
GSA_kwCzR0hTQS05Y2dmLXB4d3EtMmNwd84AA5ET
Stimulsoft Dashboard.JS Cross Site Scripting vulnerabilityEcosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 3 months ago
High
Ecosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 3 months ago
GSA_kwCzR0hTQS1tcHdqLWZjcjYteDM0Y84AA5DS
Yarn untrusted search path vulnerabilityEcosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1tZjc0LXFxN3ctNmo3ds4AA5C2
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-imagesEcosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1tcTZ2LXczNWctM2M5N84AA5C1
Local File Inclusion vulnerability in zmarkdownEcosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS12MjY5LXJycjYtY3g2cs4AA5CF
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
Ecosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 3 months ago
GSA_kwCzR0hTQS01NDd4LTc0OHYtdnA2cM4AA5A9
Dash apps vulnerable to Cross-site ScriptingEcosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: 3 months ago
GSA_kwCzR0hTQS05aDZnLXByMjgtN2NxcM4AA4-p
nodemailer ReDoS when trying to send a specially crafted emailEcosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1wZjU1LWZqOTYteGYzN84AA499
@lobehub/chat vulnerable to unauthorized access to pluginsEcosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: npm
Packages: @apollo/experimental-nextjs-app-support
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 3 months ago
GSA_kwCzR0hTQS1ydjhwLXJyMmgtZmdwZ84AA484
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerabilityEcosystems: npm
Packages: @apollo/experimental-nextjs-app-support
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 3 months ago
Statistics
Advisories: 18,151
Packages: 8,242
Repositories: 1,389
Ecosystems: 12
Packages: 8,242
Repositories: 1,389
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
29
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
directus
16
sequelize
16
ghost
14
tinymce
14
swagger-ui
14
next
13
joplin
13
strapi
13
ckeditor4
13
vm2
12
undici
12
handlebars
11
nodebb
11
angular
11
marked
11
@evershop/evershop
9
serve
9
tinymce/tinymce
9
TinyMCE
9
jquery-rails
9
org.webjars.npm:jquery
9
jquery
9
next-auth
9
npm
8
urijs
8
node-forge
8
jsrsasign
8
bootstrap
8
express-cart
8
systeminformation
8
@strapi/strapi
8
tar
8
matrix-js-sdk
8
jQuery
8
validator
8
editor.md
8
steal
8
url-parse
8
total.js
7
lodash
7
hermes-engine
7
jQuery.UI.Combined
7
sanitize-html
7
org.webjars.npm:jquery-ui
7
jquery-ui-rails
7
matrix-react-sdk
7
matrix-appservice-irc
7
jquery-ui
7
nocodb
7
hapi
7
shescape
7
snyk-broker
7
safe-eval
6
parse-url
6
aaptjs
6
rsshub
6
lodash-es
5
sweetalert2
5
public
5
keystone
5
total4
5
openpgp
5
yarn
5
xlsx
5
mongoose
5
ua-parser-js
5
@strapi/plugin-users-permissions
5
rendertron
5
vite
5
dojo
5
prismjs
5
uptime-kuma
5
qs
4
jsonwebtoken
4
ws
4
safer-eval
4
generator-jhipster
4
realms-shim
4
engine.io
4
simple-git
4
ejs
4
apollo-server-core
4
convert-svg-core
4
hummus
4
muhammara
4
auth0-lock
4
auth0-js
4
moment
4
vditor
4
vega
4
mermaid
4
@keystone-6/core
4
valine
4
katex
4
awsiotsdk
4
fastify
4
aws-iot-device-sdk-v2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
dompurify
4
follow-redirects
4
axios
4
apostrophe
4
remarkable
4
mongo-express
4
simple-markdown
4
meshcentral
4
@backstage/plugin-scaffolder-backend
4
materialize-css
4
glance
4
ecstatic
4
mysql2
4
sails
3
jose-node-esm-runtime
3
tough-cookie
3
highcharts
3
localhost-now
3
mixme
3
socket.io-file
3
slpjs
3
parsel
3
browserify-shim
3
fast-xml-parser
3
@uppy/companion
3
jose
3
nadesiko3
3
connect
3
froala-editor
3
convict
3
raneto
3
serialize-to-js
3
buttle
3
grunt
3
lodash.defaultsdeep
3
xmldom
3
keycloak-connect
3
@strapi/utils
3
nodemailer
3
@vrite/sdk
3
node-opcua
3
postcss
3
json-ptr
3
typeorm
3
@sveltejs/kit
3
socket.io-parser
3
ids-enterprise
3
@backstage/techdocs-common
3
jose-node-cjs-runtime
3
@materializecss/materialize
3
mysql
3
@ckeditor/ckeditor5-markdown-gfm
3
immer
3
n8n
3
jointjs
3
passport-wsfed-saml2
3
mathjs
3
node-ipc
3
jquery-validation
3
node-red-dashboard
3
apollo-server
3
slp-validate
3
@cubejs-backend/api-gateway
3
m-server
3
org.webjars.npm:xlsx
3
uap-core
3
http-live-simulator
3
jspdf
3
protobufjs
3
feathers-sequelize
3
dns-sync
3
object-path
3
loader-utils
3
js-yaml
3
bootstrap
3
dojox
3
blamer
3
simplehttpserver
3
fuxa-server
3
mxgraph
3
renovate
3
ftp-srv
3
stimulsoft-dashboards-js
3
@frangoteam/fuxa
3
yapi-vendor
3
node-fetch
3
xdLocalStorage
3
@apollo/server
3
json-pointer
3
bson
3
llhttp
3
wrangler
3
@sequelize/core
3
code-server
3
node-jose
3
locutus
3
codecov
3
notevil
3
Filter by Repository
https://github.com/parse-community/parse-server
29
https://github.com/electron/electron
25
https://github.com/strapi/strapi
21
https://github.com/OpenZeppelin/openzeppelin-contracts
20
https://github.com/sequelize/sequelize
16
https://github.com/directus/directus
15
https://github.com/tinymce/tinymce
14
https://github.com/swagger-api/swagger-ui
13
https://github.com/nodejs/undici
12
https://github.com/laurent22/joplin
12
https://github.com/TryGhost/Ghost
12
https://github.com/ckeditor/ckeditor4
12
https://github.com/patriksimek/vm2
12
https://github.com/backstage/backstage
12
https://github.com/NodeBB/NodeBB
11
https://github.com/jquery/jquery
11
https://github.com/keystonejs/keystone
10
https://github.com/nextauthjs/next-auth
10
https://github.com/evershopcommerce/evershop
9
https://github.com/vercel/next.js
9
https://github.com/stealjs/steal
8
https://github.com/apollographql/apollo-server
8
https://github.com/digitalbazaar/forge
8
https://github.com/matrix-org/matrix-js-sdk
8
https://github.com/sebhildebrandt/systeminformation
8
https://github.com/pandao/editor.md
8
https://github.com/kjur/jsrsasign
8
https://github.com/matrix-org/matrix-react-sdk
7
https://github.com/matrix-org/matrix-appservice-irc
7
https://github.com/twbs/bootstrap
7
https://github.com/nocodb/nocodb
7
https://github.com/lodash/lodash
7
https://github.com/unshiftio/url-parse
7
https://github.com/ericcornelissen/shescape
7
https://github.com/ionicabizau/parse-url
6
https://github.com/panva/jose
6
https://github.com/shenzhim/aaptjs
6
https://github.com/jquery/jquery-ui
6
https://github.com/totaljs/framework
6
https://github.com/facebook/hermes
6
https://github.com/npm/node-tar
6
https://github.com/DIYgod/RSSHub
6
https://github.com/eclipse-theia/theia
6
https://github.com/sweetalert2/sweetalert2
5
https://github.com/faisalman/ua-parser-js
5
https://github.com/GoogleChrome/rendertron
5
https://github.com/vitejs/vite
5
https://github.com/markedjs/marked
5
https://github.com/npm/cli
5
https://github.com/gatsbyjs/gatsby
5
https://github.com/openpgpjs/openpgpjs
5
https://github.com/vega/vega
5
https://github.com/louislam/uptime-kuma
5
https://github.com/apostrophecms/sanitize-html
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/BlackFan/client-side-prototype-pollution
5
https://github.com/handlebars-lang/handlebars.js
5
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/balderdashy/sails
4
https://github.com/socketio/engine.io
4
https://github.com/KaTeX/KaTeX
4
https://github.com/auth0/node-jsonwebtoken
4
https://github.com/steveukx/git-js
4
https://github.com/cloudflare/workers-sdk
4
https://github.com/sidorares/node-mysql2
4
https://github.com/hapijs/hapi
4
https://github.com/axios/axios
4
https://github.com/auth0/lock
4
https://github.com/mrvautin/expressCart
4
https://github.com/xCss/Valine
4
https://github.com/follow-redirects/follow-redirects
4
https://github.com/PrismJS/prism
4
https://github.com/jonschlinkert/remarkable
4
https://github.com/yarnpkg/yarn
4
https://github.com/Dogfalo/materialize
4
https://github.com/Ylianst/MeshCentral
4
https://github.com/ofirdagan/cross-domain-local-storage
4
https://github.com/npm/npm
4
https://github.com/jhipster/generator-jhipster
4
https://github.com/angular/angular.js
4
https://github.com/fastify/fastify
4
https://github.com/medialize/URI.js
4
https://github.com/medialize/uri.js
4
https://github.com/nodemailer/nodemailer
3
https://github.com/node-opcua/node-opcua
3
https://github.com/highcharts/highcharts
3
https://github.com/sveltejs/kit
3
https://github.com/transloadit/uppy
3
https://github.com/n8n-io/n8n
3
https://github.com/nasa/openmct
3
https://github.com/NaturalIntelligence/fast-xml-parser
3
https://github.com/neocotic/convert-svg
3
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/kujirahand/nadesiko3
3
https://github.com/beerpwn/CVE
3
https://github.com/nodejs/llhttp
3
https://github.com/immerjs/immer
3
https://github.com/facebook/react
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/node-fetch/node-fetch
3
https://github.com/infor-design/enterprise-ng
3
https://github.com/gruntjs/grunt
3
https://github.com/mde/ejs
3
https://github.com/cure53/DOMPurify
3
https://github.com/salesforce/tough-cookie
3
https://github.com/clientIO/joint
3
https://github.com/mermaid-js/mermaid
3
https://github.com/RIAEvangelist/node-ipc
3
https://github.com/renovatebot/renovate
3
https://github.com/simpleledger/slpjs
3
https://github.com/mariocasciaro/object-path
3
https://github.com/moment/moment
3
https://github.com/ckeditor/ckeditor5
3
https://github.com/mongodb/js-bson
3
https://github.com/docsifyjs/docsify
3
https://github.com/cisco/node-jose
3
https://github.com/chjj/marked
3
https://github.com/skoranga/node-dns-sync
3
https://github.com/Marak/colors.js
3
https://github.com/manuelstofer/json-pointer
3
https://github.com/dojo/dojo
3
https://github.com/dojo/dojox
3
https://github.com/mongo-express/mongo-express
3
https://github.com/mozilla/node-convict
3
https://github.com/socketio/socket.io-parser
3
https://github.com/soketi/soketi
3
https://github.com/dwisiswant0/advisory
3
https://github.com/hapijs/subtext
3
https://github.com/MrRio/jsPDF
3
https://github.com/postcss/postcss
3
https://github.com/vanessa219/vditor
3
https://github.com/zestedesavoir/zmarkdown
3
https://github.com/YMFE/yapi
3
https://github.com/ua-parser/uap-core
3
https://github.com/xmldom/xmldom
3
https://github.com/typeorm/typeorm
3
https://github.com/zeit/next.js
3
https://github.com/jquery-validation/jquery-validation
3
https://github.com/adaltas/node-mixme
3
https://github.com/webpack/loader-utils
3
https://github.com/apostrophecms/apostrophe
3
https://github.com/jfhbrook/node-ecstatic
3
https://github.com/vriteio/vrite
3
https://github.com/auth0/passport-wsfed-saml2
3
https://github.com/websockets/ws
3
https://github.com/vendure-ecommerce/vendure
3
https://github.com/jarofghosts/glance
3
https://github.com/Automattic/mongoose
3
https://github.com/josdejong/mathjs
3
https://github.com/peerigon/angular-expressions
2
https://github.com/cronvel/tree-kit
2
https://github.com/cloudhead/node-static
2
https://github.com/codecov/codecov-node
2
https://github.com/mathjax/MathJax
2
https://github.com/mysqljs/mysql
2
https://github.com/pillys/fs-path
2
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/jsuites/jsuites
2
https://github.com/ahdinosaur/set-in
2
https://github.com/shelljs/shelljs
2
https://github.com/vvakame/fs-git
2
https://github.com/semantic-release/semantic-release
2
https://github.com/senchalabs/connect
2
https://github.com/peterbraden/node-opencv
2
https://github.com/commenthol/serialize-to-js
2
https://github.com/commenthol/safer-eval
2
https://github.com/Finastra/ssr-pages
2
https://github.com/snyk/cli
2
https://github.com/karma-runner/karma
2
https://github.com/manvel-khnkoyan/jpv
2
https://github.com/jonschlinkert/set-value
2
https://github.com/yahoo/serialize-javascript
2
https://github.com/aFarkas/lazysizes
2
https://github.com/chocobozzz/peertube
2
https://github.com/chriso/validator.js
2
https://github.com/christian-bromann/rgb2hex
2
https://github.com/sindresorhus/semver-regex
2
https://github.com/jwadhams/json-logic-js
2
https://github.com/justmoon/node-bignum
2
https://github.com/sindresorhus/is-svg
2
https://github.com/josdejong/jsoneditor
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/markdown-it/markdown-it
2
https://github.com/julianhille/MuhammaraJS
2
https://github.com/simonh1000/angular-http-server
2
https://github.com/Agoric/realms-shim
2
https://github.com/payloadcms/payload
2
https://github.com/endojs/endo
2
https://github.com/jameswlane/status-board
2
https://github.com/vivaxy/here
2
https://github.com/guardian/html-janitor
2
https://github.com/richardgirges/express-fileupload
2
https://github.com/amitmerchant1990/electron-markdownify
2
https://github.com/mithunsatheesh/node-rules
2
https://github.com/dfinity/agent-js
2
https://github.com/protobufjs/protobuf.js
2
https://github.com/psi-4ward/psitransfer
2
https://github.com/request/request
2