Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm Security Advisories
Loading...
Critical
Ecosystems: npm
Packages: @devicefarmer/stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS03eG04LXdqcTctODhyNc4AA47X
DeviceFarmer stf uses DES-ECBEcosystems: npm
Packages: @devicefarmer/stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
Ecosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 3 months ago
GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX
Sending a GET or HEAD request with a body crashes SvelteKitEcosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: hoolock
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS00YzJnLWh4NDktN2gyNc4AA4oQ
Prototype pollution not blocked by object-path related utilities in hoolockEcosystems: npm
Packages: hoolock
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @hono/node-server
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 3 months ago
GSA_kwCzR0hTQS1yanE1LXc0N3gteDM1Oc4AA4oP
@hono/node-server cannot handle "double dots" in URLEcosystems: npm
Packages: @hono/node-server
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 3 months ago
GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG
Cross-site Scripting in GhostEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 3 months ago
High
Ecosystems: npm
Packages: @keep-network/tbtc-v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS13ZzJ4LXJ2ODYtbW1weM4AA4lv
SPV Merkle proof malleability allows the maintainer to prove invalid transactionsEcosystems: npm
Packages: @keep-network/tbtc-v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 3 months ago
GSA_kwCzR0hTQS1jMjR2LThyZmMtdzh2d84AA4lu
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystemEcosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 3 months ago
High
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 3 months ago
GSA_kwCzR0hTQS1yaDYzLTlxY2YtODNnZs4AA4kS
Marvin Attack of RSA and RSAOAEP decryption in jsrsasignEcosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @fastify/swagger-ui
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 3 months ago
GSA_kwCzR0hTQS02MmpyLTg0Z2Ytd21nNM4AA4eS
Default swagger-ui configuration exposes all files in the moduleEcosystems: npm
Packages: @fastify/swagger-ui
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 3 months ago
High
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 3 months ago
GSA_kwCzR0hTQS0zMnIzLTU3aHAtY2dmd84AA4bm
EverShop at risk to unauthorized access via weak HMAC secretEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 3 months ago
High
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
GSA_kwCzR0hTQS1nZ3BtLTlxZngtbWh3Z84AA4bk
EverShop vulnerable to improper authorization in GraphQL endpointsEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
Critical
Ecosystems: npm
Packages: @clerk/nextjs
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 3 months ago
GSA_kwCzR0hTQS1xNnc1LWpnNXEtNDd2Z84AA4bF
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)Ecosystems: npm
Packages: @clerk/nextjs
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: react-native-mmkv
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
GSA_kwCzR0hTQS00amgzLTZqaHYtMm1ncM4AA4Tj
react-native-mmkv Insertion of Sensitive Information into Log File vulnerabilityEcosystems: npm
Packages: react-native-mmkv
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
Moderate
Ecosystems: pypi, npm
Packages: appwrite, appwrite-cli
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 3 months ago
GSA_kwCzR0hTQS1nNzc3LWNycDktbTI3Z84AA4SE
Apprite CLI makes Use of Hard-coded CredentialsEcosystems: pypi, npm
Packages: appwrite, appwrite-cli
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: @fastify/reply-from
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 3 months ago
GSA_kwCzR0hTQS12MnYyLWhwaDgtcTV4cM4AA4PH
@fastify/reply-from JSON Content-Type parsing confusionEcosystems: npm
Packages: @fastify/reply-from
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 3 months ago
High
Ecosystems: npm
Packages: @backstage/backend-app-api
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 4 months ago
GSA_kwCzR0hTQS04NnJnLXBmNGMtNWdyZ84AA4MQ
@backstage/backend-app-api leaks GitLab access tokensEcosystems: npm
Packages: @backstage/backend-app-api
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 4 months ago
Critical
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 4 months ago
GSA_kwCzR0hTQS1mOG1wLXg0MzMtNXdwZs4AA4Lh
Arbitrary remote code execution within `wrangler dev` Workers sandboxEcosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 4 months ago
GSA_kwCzR0hTQS1jZnBoLTRxcWgtdzgyOM4AA4Lg
Arbitrary remote file read in Wrangler dev serverEcosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 4 months ago
High
Ecosystems: npm
Packages: @perfood/couch-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1mcWg2LTZoNmMtMzY2bc4AA4LR
CouchAuth host header injection vulnerability leaks the password reset tokenEcosystems: npm
Packages: @perfood/couch-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
Ecosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 4 months ago
GSA_kwCzR0hTQS13amM0LTczcTYtZ3Yzbc4AA4Ki
plotly.js prototype pollution vulnerabilityEcosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: 4 months ago
GSA_kwCzR0hTQS1qY2h3LTI1eHAtand3Y84AA4JD
Follow Redirects improperly handles URLs in the url.parse() functionEcosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: layui
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 4 months ago
GSA_kwCzR0hTQS1yY3ZyLTh3aHgtM201cM4AA4HM
Layui cross-site scripting (XSS) vulnerabilityEcosystems: npm
Packages: layui
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 4 months ago
High
Ecosystems: npm
Packages: miniflare
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 4 months ago
GSA_kwCzR0hTQS1md3ZnLTI3MzktMjJ2N84AA4Gz
Miniflare vulnerable to Server-Side Request Forgery (SSRF)Ecosystems: npm
Packages: miniflare
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 4 months ago
High
Ecosystems: npm
Packages: msgpackr
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 4 months ago
GSA_kwCzR0hTQS03aHBqLTdoaHgtMmZneM4AA4D7
msgpackr's conversion of property names to strings can trigger infinite recursionEcosystems: npm
Packages: msgpackr
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: blinksocks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS1wcWo1LTM3eGYteDVnY84AA39f
blinksocks has weak encryption algorithmsEcosystems: npm
Packages: blinksocks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
Ecosystems: npm
Packages: bsock
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 4 months ago
GSA_kwCzR0hTQS1qajkzLTM5cGYtN21jZs4AA39a
bsock uses weak hashing algorithmsEcosystems: npm
Packages: bsock
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 4 months ago
Critical
Ecosystems: npm
Packages: tts-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS1qeDZxLWZxOWgtNmc3cc4AA35v
Pedroetb TTS-API OS Command InjectionEcosystems: npm
Packages: tts-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
Ecosystems: npm
Packages: @sentry/astro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS14M3YzLTh4ZzgtOHY3Ms4AA34P
Sentry's Astro SDK vulnerable to ReDoSEcosystems: npm
Packages: @sentry/astro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
Ecosystems: npm
Packages: probot, octokit, @octokit/app, @octokit/webhooks
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 4 months ago
GSA_kwCzR0hTQS1wd2ZyLThwcTcteDlxds4AA32_
Unauthenticated Denial of Service in the octokit/webhooks libraryEcosystems: npm
Packages: probot, octokit, @octokit/app, @octokit/webhooks
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 4 months ago
Critical
Ecosystems: npm
Packages: @spscommerce/ds-react
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS1jZnhoLWZyeDQtOWdqZ84AA3yd
Cross-site Scripting in @spscommerce/ds-reactEcosystems: npm
Packages: @spscommerce/ds-react
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 4 months ago
GSA_kwCzR0hTQS1mNmd2LWhoOGotcTh2cc4AA3yc
Named path parameters can be overridden in TrieRouterEcosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @cubejs-backend/api-gateway
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 4 months ago
GSA_kwCzR0hTQS05NzU5LTMyNzYtZzJwbc4AA3v-
Cube API denial of service attackEcosystems: npm
Packages: @cubejs-backend/api-gateway
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 4 months ago
Critical
Ecosystems: npm
Packages: @sap/xssec
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 4 months ago
GSA_kwCzR0hTQS1wMnZ4LXFqNjYtODhxM84AA3rz
Escalation of privileges in @sap/xssecEcosystems: npm
Packages: @sap/xssec
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS04OGo0LXBjeDgtcTRxM84AA3q_
Password Change VulnerabilityEcosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
GSA_kwCzR0hTQS0zd2ZwLTI1M2otNWp4ds4AA3q8
SSRF & Credentials LeakEcosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 4 months ago
GSA_kwCzR0hTQS02OTlnLXE2cWgtcTR2OM4AA3q7
OpenZeppelin Contracts and Contracts Upgradeable duplicated execution of subcalls in v4.9.4Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 4 months ago
High
Ecosystems: npm
Packages: @koa/cors
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: 4 months ago
GSA_kwCzR0hTQS1xeHJqLWh4MjMteHA4Ms4AA3qz
Overly permissive origin policyEcosystems: npm
Packages: @koa/cors
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: 4 months ago
High
Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
GSA_kwCzR0hTQS1xNmh4LTNtNHAtNzQ5aM4AA3qn
DOS by abusing `fetchOptions.retry`.Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
Critical
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 4 months ago
GSA_kwCzR0hTQS01bW1yLTlxeDMtM3BmOc4AA3pb
Code execution in evershopEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 4 months ago
GSA_kwCzR0hTQS1tNnZtLWZmOXYtanAzcs4AA3pZ
Cross Site Scripting in evershopEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 4 months ago
GSA_kwCzR0hTQS1namo4LW04M2MtcXY5aM4AA3pY
Cross-site Scripting in evershopEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 4 months ago
High
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 4 months ago
GSA_kwCzR0hTQS1yd2YzLXc0anEtZjRjbc4AA3pe
Directory Traversal in evershopEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 4 months ago
GSA_kwCzR0hTQS00d3JtLXFtcTItNWZqeM4AA3pc
Directory Traversal in evershopEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 4 months ago
GSA_kwCzR0hTQS03NDQzLTU5NjItd3A0cs4AA3pf
Directory Traversal in evershopEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 4 months ago
GSA_kwCzR0hTQS0yeGNqLTU1N2MtaGY4cs4AA3pd
Cross-site Scripting in evershopEcosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 4 months ago
High
Ecosystems: npm
Packages: mockjs
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 4 months ago
GSA_kwCzR0hTQS1taDhqLTlqdmgtZ2pmNs4AA3oc
mockjs vulnerable to Prototype Pollution via the Util.extend functionEcosystems: npm
Packages: mockjs
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 4 months ago
Moderate
Ecosystems: npm
Packages: gladys
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS1jNzlmLXBxZ2YtZmhwM84AA3n1
Directory Traversal in Gladys AssistantEcosystems: npm
Packages: gladys
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerabilityEcosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: 5 months ago
GSA_kwCzR0hTQS05MnIzLW0ybWctcGo5N84AA3lD
Vite XSS vulnerability in `server.transformIndexHtml` via URL payloadEcosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 5 months ago
GSA_kwCzR0hTQS00ZzZxLTc3ajctdnZqY84AA3hm
Logging of the firestore key within nodejs-firestoreEcosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 5 months ago
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 5 months ago
GSA_kwCzR0hTQS1wcnIzLWMzbTUtcDdxMs4AA3d1
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression ComplexityEcosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 5 months ago
Low
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 5 months ago
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) VulnerabilityEcosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS1oZnhoLXJqdjctMjM2Oc4AA3Xr
Uptime Kuma Authenticated remote code execution via TailscalePingEcosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
Ecosystems: npm
Packages: sequelize-typescript
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 5 months ago
GSA_kwCzR0hTQS03cHZ4LTQ1ODUtaHF3d84AA3W_
sequelize-typescript Prototype Pollution vulnerabilityEcosystems: npm
Packages: sequelize-typescript
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS12NHYyLThoODgtNjVxas4AA3W6
Attribute Injection leading to XSS(Cross-Site-Scripting)Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 5 months ago
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command executionEcosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 5 months ago
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authenticationEcosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS02aDY3LTkzNHItODJnN84AA3RQ
Bypass of field access control in strapi-plugin-protected-populateEcosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: fast-jwt
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 5 months ago
GSA_kwCzR0hTQS1jMmZmLTg4eDIteDlwZ84AA3RL
JWT Algorithm ConfusionEcosystems: npm
Packages: fast-jwt
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 5 months ago
High
Ecosystems: npm
Packages: json-web-token
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 5 months ago
GSA_kwCzR0hTQS00eHc5LWN4MzktcjM1Nc4AA3P4
json-web-token library is vulnerable to a JWT algorithm confusion attackEcosystems: npm
Packages: json-web-token
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 5 months ago
GSA_kwCzR0hTQS13bTYzLTc2MjctY2gzM84AA3P1
@vendure/core's insecure currencyCode handling allows wrong payment amountsEcosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 5 months ago
High
Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: 5 months ago
GSA_kwCzR0hTQS01NHhxLWNncXItcnBtM84AA3N1
sharp vulnerability in libwebp dependency CVE-2023-4863Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: 5 months ago
Moderate
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 5 months ago
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodesEcosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 5 months ago
GSA_kwCzR0hTQS04aGdnLXh4bTUtMzg3M84AA3ID
DOMPurify Open Redirect vulnerabilityEcosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: bootbox
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 5 months ago
GSA_kwCzR0hTQS1tNGNoLTRtNWYtMmdwNs4AA3GR
Bootbox.js Cross Site Scripting vulnerabilityEcosystems: npm
Packages: bootbox
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: @sentry/nextjs
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 5 months ago
GSA_kwCzR0hTQS0ycm1yLXh3OG0tMjJxOc4AA3B6
Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpointEcosystems: npm
Packages: @sentry/nextjs
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 5 months ago
GSA_kwCzR0hTQS00Zzg4LTRoZ20tbTk5eM4AA3BK
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerabilityEcosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 5 months ago
GSA_kwCzR0hTQS12OGZjLXF4dmotZjNtZ84AA3BP
NASA Open MCT Cross Site Scripting vulnerabilityEcosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 5 months ago
GSA_kwCzR0hTQS1obTkyLXZnbXctcWZteM4AA3Ah
chromedriver Command Injection vulnerabilityEcosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 5 months ago
Moderate
Ecosystems: npm
Packages: axios
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: 5 months ago
GSA_kwCzR0hTQS13ZjVwLWc2dnctcmh4eM4AA2_y
Axios Cross-Site Request Forgery VulnerabilityEcosystems: npm
Packages: axios
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: 5 months ago
High
Ecosystems: npm
Packages: @clickbar/dot-diver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS05dzVmLW13M3AtcGo0N84AA26p
Prototype Pollution(PP) vulnerability in setByPathEcosystems: npm
Packages: @clickbar/dot-diver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: npm
Packages: @strapi/strapi, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 6 months ago
GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o
Unauthorized Access to Private Fields in User Registration APIEcosystems: npm
Packages: @strapi/strapi, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: cordova-plugin-fingerprint-aio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 6 months ago
GSA_kwCzR0hTQS03dmZ4LWhmdm0tcmhyOM4AA24s
cordova-plugin-fingerprint-aio DoS vulnerabilityEcosystems: npm
Packages: cordova-plugin-fingerprint-aio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 6 months ago
High
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 6 months ago
GSA_kwCzR0hTQS00Z3BtLXIyM2gtZ3Byd84AA2zp
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first characterEcosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 6 months ago
High
Ecosystems: npm
Packages: browserify-sign
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: 6 months ago
GSA_kwCzR0hTQS14OXc1LXYzcTItM3Jod84AA2uZ
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attackEcosystems: npm
Packages: browserify-sign
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: 6 months ago
Critical
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 6 months ago
GSA_kwCzR0hTQS14d2NxLXBtOG0tYzR2Zs4AA2sP
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standardEcosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 6 months ago
Critical
Ecosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
GSA_kwCzR0hTQS1tcGo4LXEzOXgtd3E1aM4AA2sN
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standardEcosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
High
Ecosystems: npm
Packages: node-email-check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS05MjQyLTZwMzYtNjI1Ns4AA2pR
Inefficient Regular Expression Complexity in node-email-checkEcosystems: npm
Packages: node-email-check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: 6 months ago
GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK
Parse Server may crash when uploading file without extensionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: 6 months ago
Low
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1jNTloLXI2cDgtcTl3Y84AA2m9
Next.js missing cache-control header may lead to CDN caching empty replyEcosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: cargo, npm
Packages: tauri-cli, @tauri-apps/cli
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 6 months ago
GSA_kwCzR0hTQS0ycmNwLWp2cjQtcjI1Oc4AA2mV
Tauri's Updater Private Keys Possibly Leaked via Vite Environment VariablesEcosystems: cargo, npm
Packages: tauri-cli, @tauri-apps/cli
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 6 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 6 months ago
GSA_kwCzR0hTQS1obWd3LTlqcmctaGYybc4AA2kX
Directus crashes on invalid WebSocket messageEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 6 months ago
Moderate
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open APIEcosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
Moderate
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
GSA_kwCzR0hTQS12NjVyLXAzdnYtampmds4AA2kF
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave pluginEcosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: react-devtools-core
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 6 months ago
GSA_kwCzR0hTQS1yeHJjLXJndjQtanB2eM4AA2j_
React Developer Tools extension Improper Authorization vulnerabilityEcosystems: npm
Packages: react-devtools-core
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 6 months ago
High
Ecosystems: npm
Packages: deobfuscator
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 6 months ago
GSA_kwCzR0hTQS1qZzgyLXhoM3ctcmh4eM4AA2jA
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code executionEcosystems: npm
Packages: deobfuscator
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 6 months ago
Critical
Ecosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1yYzR2LTk5Y3ItcGpjbc4AA2gY
Prototype Pollution in ali-security/mongooseEcosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 6 months ago
GSA_kwCzR0hTQS0zbTVxLXEzOXYteGY4Zs4AA2gV
nocodb SQL Injection vulnerabilityEcosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 6 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 6 months ago
GSA_kwCzR0hTQS13cXE0LTV3cHYtbXgyZ84AA2eY
Undici's cookie header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 6 months ago
Critical
Ecosystems: npm
Packages: babel-traverse, @babel/traverse
Source: GitHub Advisory Database
Blast Radius: 62.6
Published: 6 months ago
GSA_kwCzR0hTQS02N2h4LTZ4NTMtanc5Ms4AA2eW
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious codeEcosystems: npm
Packages: babel-traverse, @babel/traverse
Source: GitHub Advisory Database
Blast Radius: 62.6
Published: 6 months ago
High
Ecosystems: npm
Packages: node-qpdf
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 6 months ago
GSA_kwCzR0hTQS1mcHI4LTR3dngtajlxM84AA2cb
node-qpdf vulnerable to command injectionEcosystems: npm
Packages: node-qpdf
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS01Z2htLWgyd3EtZzNtaM4AA2bp
Allocation of Resources Without Limits or Throttling in vriteio/vriteEcosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS13MzVwLXd4d2otcmNtOc4AA2bq
Server-Side Request Forgery (SSRF) in vriteio/vriteEcosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS00NGZmLTl3NGYtOTl3Ns4AA2bn
Improper Input Validation in vriteio/vriteEcosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: npm
Packages: @graphql-mesh/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1ycjR4LWNyaGYtODg4Ns4AA2X5
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operationEcosystems: npm
Packages: @graphql-mesh/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1nOXYyLXdxY2otajk5Z84AA2X4
Uptime Kuma has Persistentent User SessionsEcosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: 7 months ago
GSA_kwCzR0hTQS04cjZqLXY4cG0tZnF3M84AA2SB
Code injection in fseventsEcosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: 7 months ago
High
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 7 months ago
GSA_kwCzR0hTQS00eGN4LWN3cnEtdzc5Ms4AA2SA
Prototype Pollution in NASA Open MCTEcosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 7 months ago
High
Ecosystems: npm
Packages: express-zod-api
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
GSA_kwCzR0hTQS1tdnJwLTNjdngtYzMyNc4AA2PO
Zod denial of service vulnerability during email validationEcosystems: npm
Packages: express-zod-api
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
Statistics
Advisories: 17,470
Packages: 8,115
Repositories: 1,376
Ecosystems: 12
Packages: 8,115
Repositories: 1,376
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
29
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
sequelize
16
directus
16
tinymce
14
swagger-ui
14
ghost
13
strapi
13
next
13
ckeditor4
13
undici
12
vm2
12
marked
11
handlebars
11
angular
11
nodebb
11
tinymce/tinymce
9
TinyMCE
9
next-auth
9
@evershop/evershop
9
serve
9
jquery
9
jquery-rails
9
org.webjars.npm:jquery
9
validator
8
editor.md
8
steal
8
express-cart
8
urijs
8
tar
8
node-forge
8
@strapi/strapi
8
jQuery
8
joplin
8
jsrsasign
8
url-parse
8
bootstrap
8
matrix-js-sdk
8
systeminformation
8
npm
8
total.js
7
matrix-appservice-irc
7
snyk-broker
7
lodash
7
hapi
7
jquery-ui
7
shescape
7
hermes-engine
7
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
matrix-react-sdk
7
nocodb
7
aaptjs
6
parse-url
6
sanitize-html
6
safe-eval
6
rsshub
6
vite
5
dojo
5
prismjs
5
openpgp
5
public
5
yarn
5
lodash-es
5
keystone
5
sweetalert2
5
total4
5
@strapi/plugin-users-permissions
5
rendertron
5
xlsx
5
uptime-kuma
5
ua-parser-js
5
moment
4
dompurify
4
engine.io
4
@keystone-6/core
4
realms-shim
4
apostrophe
4
vega
4
vditor
4
mongo-express
4
safer-eval
4
simple-git
4
auth0-js
4
jsonwebtoken
4
katex
4
mongoose
4
follow-redirects
4
fastify
4
ecstatic
4
generator-jhipster
4
hummus
4
muhammara
4
glance
4
remarkable
4
apollo-server-core
4
qs
4
simple-markdown
4
meshcentral
4
auth0-lock
4
mermaid
4
valine
4
ejs
4
awsiotsdk
4
aws-iot-device-sdk-v2
4
ws
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
@backstage/plugin-scaffolder-backend
4
axios
4
materialize-css
4
n8n
3
org.webjars.npm:xlsx
3
froala-editor
3
socket.io-file
3
slpjs
3
passport-wsfed-saml2
3
dns-sync
3
connect
3
highcharts
3
jointjs
3
fast-xml-parser
3
localhost-now
3
codecov
3
node-red-dashboard
3
ses
3
mixme
3
feathers-sequelize
3
notevil
3
tough-cookie
3
convert-svg-core
3
jose
3
jspdf
3
xmldom
3
m-server
3
keycloak-connect
3
code-server
3
@cubejs-backend/api-gateway
3
@strapi/utils
3
node-jose
3
nodemailer
3
@backstage/techdocs-common
3
mathjs
3
slp-validate
3
apollo-server
3
node-opcua
3
postcss
3
socket.io-parser
3
jquery-validation
3
node-ipc
3
raneto
3
@ckeditor/ckeditor5-markdown-gfm
3
bootstrap
3
js-yaml
3
loader-utils
3
blamer
3
grunt
3
object-path
3
ftp-srv
3
protobufjs
3
@frangoteam/fuxa
3
yapi-vendor
3
immer
3
http-live-simulator
3
uap-core
3
mysql
3
wrangler
3
nadesiko3
3
docsify
3
dojox
3
simplehttpserver
3
parsel
3
@uppy/companion
3
convict
3
fuxa-server
3
mxgraph
3
node-fetch
3
stimulsoft-dashboards-js
3
xdLocalStorage
3
express-fileupload
3
@apollo/server
3
llhttp
3
json-pointer
3
@hapi/subtext
3
serialize-to-js
3
buttle
3
typeorm
3
lodash.defaultsdeep
3
mysql2
3
@vrite/sdk
3
@commercial/subtext
3
json-ptr
3
@sveltejs/kit
3
snyk
3
ids-enterprise
3
@materializecss/materialize
3
@soketi/soketi
3
sails
3
Filter by Repository
https://github.com/parse-community/parse-server
29
https://github.com/electron/electron
25
https://github.com/strapi/strapi
21
https://github.com/OpenZeppelin/openzeppelin-contracts
20
https://github.com/sequelize/sequelize
16
https://github.com/directus/directus
15
https://github.com/tinymce/tinymce
14
https://github.com/swagger-api/swagger-ui
13
https://github.com/nodejs/undici
12
https://github.com/patriksimek/vm2
12
https://github.com/backstage/backstage
12
https://github.com/ckeditor/ckeditor4
11
https://github.com/jquery/jquery
11
https://github.com/TryGhost/Ghost
11
https://github.com/NodeBB/NodeBB
11
https://github.com/nextauthjs/next-auth
10
https://github.com/keystonejs/keystone
10
https://github.com/vercel/next.js
9
https://github.com/evershopcommerce/evershop
9
https://github.com/laurent22/joplin
8
https://github.com/apollographql/apollo-server
8
https://github.com/stealjs/steal
8
https://github.com/kjur/jsrsasign
8
https://github.com/matrix-org/matrix-js-sdk
8
https://github.com/sebhildebrandt/systeminformation
8
https://github.com/digitalbazaar/forge
8
https://github.com/pandao/editor.md
8
https://github.com/matrix-org/matrix-react-sdk
7
https://github.com/matrix-org/matrix-appservice-irc
7
https://github.com/unshiftio/url-parse
7
https://github.com/nocodb/nocodb
7
https://github.com/twbs/bootstrap
7
https://github.com/lodash/lodash
7
https://github.com/ericcornelissen/shescape
7
https://github.com/jquery/jquery-ui
6
https://github.com/facebook/hermes
6
https://github.com/npm/node-tar
6
https://github.com/totaljs/framework
6
https://github.com/ionicabizau/parse-url
6
https://github.com/panva/jose
6
https://github.com/eclipse-theia/theia
6
https://github.com/DIYgod/RSSHub
6
https://github.com/shenzhim/aaptjs
6
https://github.com/sweetalert2/sweetalert2
5
https://github.com/louislam/uptime-kuma
5
https://github.com/openpgpjs/openpgpjs
5
https://github.com/handlebars-lang/handlebars.js
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/gatsbyjs/gatsby
5
https://github.com/markedjs/marked
5
https://github.com/vega/vega
5
https://github.com/faisalman/ua-parser-js
5
https://github.com/npm/cli
5
https://github.com/GoogleChrome/rendertron
5
https://github.com/vitejs/vite
5
https://github.com/follow-redirects/follow-redirects
4
https://github.com/medialize/uri.js
4
https://github.com/socketio/engine.io
4
https://github.com/Ylianst/MeshCentral
4
https://github.com/npm/npm
4
https://github.com/mrvautin/expressCart
4
https://github.com/jhipster/generator-jhipster
4
https://github.com/balderdashy/sails
4
https://github.com/steveukx/git-js
4
https://github.com/xCss/Valine
4
https://github.com/hapijs/hapi
4
https://github.com/apostrophecms/sanitize-html
4
https://github.com/axios/axios
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/PrismJS/prism
4
https://github.com/ofirdagan/cross-domain-local-storage
4
https://github.com/yarnpkg/yarn
4
https://github.com/auth0/lock
4
https://github.com/BlackFan/client-side-prototype-pollution
4
https://github.com/auth0/node-jsonwebtoken
4
https://github.com/cloudflare/workers-sdk
4
https://github.com/angular/angular.js
4
https://github.com/medialize/URI.js
4
https://github.com/fastify/fastify
4
https://github.com/Dogfalo/materialize
4
https://github.com/jonschlinkert/remarkable
4
https://github.com/KaTeX/KaTeX
4
https://github.com/n8n-io/n8n
3
https://github.com/postcss/postcss
3
https://github.com/auth0/passport-wsfed-saml2
3
https://github.com/YMFE/yapi
3
https://github.com/MrRio/jsPDF
3
https://github.com/transloadit/uppy
3
https://github.com/typeorm/typeorm
3
https://github.com/gruntjs/grunt
3
https://github.com/nasa/openmct
3
https://github.com/ua-parser/uap-core
3
https://github.com/sveltejs/kit
3
https://github.com/RIAEvangelist/node-ipc
3
https://github.com/mermaid-js/mermaid
3
https://github.com/moment/moment
3
https://github.com/salesforce/tough-cookie
3
https://github.com/highcharts/highcharts
3
https://github.com/adaltas/node-mixme
3
https://github.com/mongodb/js-bson
3
https://github.com/docsifyjs/docsify
3
https://github.com/mongo-express/mongo-express
3
https://github.com/immerjs/immer
3
https://github.com/beerpwn/CVE
3
https://github.com/kujirahand/nadesiko3
3
https://github.com/dojo/dojo
3
https://github.com/dojo/dojox
3
https://github.com/cure53/DOMPurify
3
https://github.com/infor-design/enterprise-ng
3
https://github.com/mde/ejs
3
https://github.com/mozilla/node-convict
3
https://github.com/josdejong/mathjs
3
https://github.com/dwisiswant0/advisory
3
https://github.com/simpleledger/slpjs
3
https://github.com/ckeditor/ckeditor5
3
https://github.com/soketi/soketi
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/apostrophecms/apostrophe
3
https://github.com/zestedesavoir/zmarkdown
3
https://github.com/socketio/socket.io-parser
3
https://github.com/node-fetch/node-fetch
3
https://github.com/cisco/node-jose
3
https://github.com/webpack/loader-utils
3
https://github.com/facebook/react
3
https://github.com/vriteio/vrite
3
https://github.com/nodejs/llhttp
3
https://github.com/manuelstofer/json-pointer
3
https://github.com/Marak/colors.js
3
https://github.com/chjj/marked
3
https://github.com/skoranga/node-dns-sync
3
https://github.com/jarofghosts/glance
3
https://github.com/node-opcua/node-opcua
3
https://github.com/nodemailer/nodemailer
3
https://github.com/mariocasciaro/object-path
3
https://github.com/jquery-validation/jquery-validation
3
https://github.com/hapijs/subtext
3
https://github.com/NaturalIntelligence/fast-xml-parser
3
https://github.com/jfhbrook/node-ecstatic
3
https://github.com/clientIO/joint
3
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
3
https://github.com/zeit/next.js
3
https://github.com/vanessa219/vditor
3
https://github.com/sidorares/node-mysql2
3
https://github.com/websockets/ws
3
https://github.com/xmldom/xmldom
3
https://github.com/vendure-ecommerce/vendure
3
https://github.com/sindresorhus/semver-regex
2
https://github.com/mercurius-js/mercurius
2
https://github.com/chocobozzz/peertube
2
https://github.com/aFarkas/lazysizes
2
https://github.com/cloudhead/node-static
2
https://github.com/semantic-release/semantic-release
2
https://github.com/shelljs/shelljs
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/jonschlinkert/set-value
2
https://github.com/rvagg/bl
2
https://github.com/rs/node-netmask
2
https://github.com/mholt/PapaParse
2
https://github.com/DCKT/localhost-now
2
https://github.com/codecov/codecov-node
2
https://github.com/micromatch/braces
2
https://github.com/gilbitron/Raneto
2
https://github.com/gigafied/decal.js
2
https://github.com/yahoo/serialize-javascript
2
https://github.com/josdejong/jsoneditor
2
https://github.com/simonh1000/angular-http-server
2
https://github.com/markdown-it/markdown-it
2
https://github.com/commenthol/safer-eval
2
https://github.com/google/closure-library
2
https://github.com/cube-js/cube.js
2
https://github.com/cronvel/tree-kit
2
https://github.com/sass/node-sass
2
https://github.com/jonschlinkert/mixin-deep
2
https://github.com/mathjax/MathJax
2
https://github.com/sindresorhus/is-svg
2
https://github.com/adobe/css-tools
2
https://github.com/curveball/a12n-server
2
https://github.com/senchalabs/connect
2
https://github.com/christian-bromann/rgb2hex
2
https://github.com/chriso/validator.js
2
https://github.com/guardian/html-janitor
2
https://github.com/commenthol/serialize-to-js
2
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/johannschopplich/nuxt-api-party
2
https://github.com/oauthjs/node-oauth2-server
2
https://github.com/evangelion1204/multi-ini
2
https://github.com/ethereum/web3.js
2
https://github.com/omphalos/crud-file-server
2
https://github.com/omrilotan/async-git
2
https://github.com/eta-dev/eta
2
https://github.com/jgraph/mxgraph
2
https://github.com/Finastra/finastra-nodejs-libs
2
https://github.com/Finastra/ssr-pages
2
https://github.com/neocotic/convert-svg
2
https://github.com/jonschlinkert/assign-deep
2
https://github.com/actions/toolkit
2
https://github.com/payloadcms/payload
2
https://github.com/endojs/endo
2
https://github.com/peerigon/angular-expressions
2