Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm Security Advisories
Loading...
High
Ecosystems: npm
Packages: @graphql-mesh/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS1ycjR4LWNyaGYtODg4Ns4AA2X5
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operationEcosystems: npm
Packages: @graphql-mesh/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1nOXYyLXdxY2otajk5Z84AA2X4
Uptime Kuma has Persistentent User SessionsEcosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
Ecosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: 7 months ago
GSA_kwCzR0hTQS04cjZqLXY4cG0tZnF3M84AA2SB
Code injection in fseventsEcosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: 7 months ago
High
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 7 months ago
GSA_kwCzR0hTQS00eGN4LWN3cnEtdzc5Ms4AA2SA
Prototype Pollution in NASA Open MCTEcosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 7 months ago
High
Ecosystems: npm
Packages: express-zod-api
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
GSA_kwCzR0hTQS1tdnJwLTNjdngtYzMyNc4AA2PO
Zod denial of service vulnerability during email validationEcosystems: npm
Packages: express-zod-api
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
High
Ecosystems: npm
Packages: static-server
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 7 months ago
GSA_kwCzR0hTQS12ODM0LXJodjQtNjVtM84AA2Mj
static-server Path Traversal vulnerabilityEcosystems: npm
Packages: static-server
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: postcss
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 7 months ago
GSA_kwCzR0hTQS03Zmg1LTY0cDItM3Yyas4AA2Js
PostCSS line return parsing errorEcosystems: npm
Packages: postcss
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 7 months ago
Low
Ecosystems: npm
Packages: zod
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS1tOTVxLTdxcDMteHY0Ms4AA2IO
Zod denial of service vulnerabilityEcosystems: npm
Packages: zod
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: 7 months ago
GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC
Electron affected by libvpx's heap buffer overflow in vp8 encodingEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: quill-mention
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 7 months ago
GSA_kwCzR0hTQS1qZ3c1LXJwNHAtcWhwNs4AA2Hm
quill-mention Cross-site Scripting vulnerabilityEcosystems: npm
Packages: quill-mention
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 7 months ago
High
Ecosystems: npm
Packages: @napi-rs/image
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 7 months ago
GSA_kwCzR0hTQS00dmpyLWNydmgtMzgzaM4AA2HD
@napi-rs/image affected by libwebp CVEEcosystems: npm
Packages: @napi-rs/image
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 7 months ago
High
Ecosystems: npm
Packages: get-func-name
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: 7 months ago
GSA_kwCzR0hTQS00cTZwLXI2djItanZjNc4AA2HC
Chaijs/get-func-name vulnerable to ReDoSEcosystems: npm
Packages: get-func-name
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: 7 months ago
Critical
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1wNDZnLThjM3EtODlwMs4AA2AM
FUXA SQL Injection vulnerabilityEcosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS12OXE1LTljcnAtOTJmOc4AA2AH
FUXA SQL Injection vulnerabilityEcosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS00NWMzLWM0YzMtOHJxZ84AA2AN
FUXA vulnerable to Local File InclusionEcosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS13d2ZqLWg4NDMtM2hycc4AA2AL
FUXA local file inclusion vulnerabilityEcosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 41.2
Published: 7 months ago
GSA_kwCzR0hTQS1neDZyLXFjMnYtM3Azds4AA1_3
systeminformation SSID Command Injection VulnerabilityEcosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 41.2
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 7 months ago
GSA_kwCzR0hTQS14cnBtLWhjY2ctMjh4N84AA1_d
Improper Input Validation in nocodbEcosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: graphql
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 7 months ago
GSA_kwCzR0hTQS05cHY3LXZmdm0tNnZyN84AA19X
graphql Uncontrolled Resource Consumption vulnerabilityEcosystems: npm
Packages: graphql
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: jodit
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 7 months ago
GSA_kwCzR0hTQS05NXhyLWNxNmgtdndyM84AA18A
Jodit Editor vulnerable to cross-site scriptingEcosystems: npm
Packages: jodit
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: blamer
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 7 months ago
GSA_kwCzR0hTQS02ZjlwLWc0NjYtZjh2OM4AA17_
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() APIEcosystems: npm
Packages: blamer
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 7 months ago
Critical
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1yODdxLWZxMzctcHZyNs4AA17X
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXAEcosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 7 months ago
GSA_kwCzR0hTQS0yMnJyLWYzcDgtNWdmOM4AA15b
Directus affected by VM2 sandbox escape vulnerabilityEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 7 months ago
High
Ecosystems: npm
Packages: @strapi/plugin-users-permissions, @strapi/admin
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: 7 months ago
GSA_kwCzR0hTQS0yNHEyLTU5aG0tcmg5cs4AA12t
Strapi Improper Rate Limiting vulnerabilityEcosystems: npm
Packages: @strapi/plugin-users-permissions, @strapi/admin
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 7 months ago
GSA_kwCzR0hTQS1tMjg0LTg1bWYtY2dyY84AA12s
Strapi's field level permissions not being respected in relationship titleEcosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 7 months ago
Moderate
Ecosystems: npm
Packages: @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 7 months ago
GSA_kwCzR0hTQS12OGdnLTRtcTItODhxNM4AA12r
Strapi may leak sensitive user information, user reset password, tokens via content-manager viewsEcosystems: npm
Packages: @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 7 months ago
High
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTableEcosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: buttercup
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 8 months ago
GSA_kwCzR0hTQS03Y3dxLXA4Y3ItaDlxZ84AA1wt
Buttercup allows attackers to obtain the hash of the master passwordEcosystems: npm
Packages: buttercup
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 8 months ago
GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg
Electron vulnerable to out-of-package code execution when launched with arbitrary cwdEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf
Electron context isolation bypass via nested unserializable return valueEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
High
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: 8 months ago
GSA_kwCzR0hTQS1neGg3LXd2OXEtZndmcs4AA1vc
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabledEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: 8 months ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: 8 months ago
GSA_kwCzR0hTQS1mY3Y2LWZnNXItam05cc4AA1rK
Trigger `beforeFind` not invoked in internal query pipeline when fetching pointerEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: 8 months ago
High
Ecosystems: npm
Packages: @dcl/single-sign-on-client
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 8 months ago
GSA_kwCzR0hTQS12cDRmLXd4Z3ctN3g4eM4AA1rC
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-clientEcosystems: npm
Packages: @dcl/single-sign-on-client
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 8 months ago
Low
Ecosystems: npm
Packages: apollo-server-core, @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1qNWczLTVjOHItN3FmeM4AA1lN
Prevent logging invalid header valuesEcosystems: npm
Packages: apollo-server-core, @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
Ecosystems: npm
Packages: find-exec
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 8 months ago
GSA_kwCzR0hTQS05NXJwLTZncXAtNjYyMs4AA1lI
Command Injection Vulnerability in find-execEcosystems: npm
Packages: find-exec
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: @goauthentik/api
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 8 months ago
GSA_kwCzR0hTQS12bWY5LTZwY3YteHI4N84AA1ja
Username enumeration attack in goauthentikEcosystems: npm
Packages: @goauthentik/api
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 8 months ago
GSA_kwCzR0hTQS1ocHg0LXI4NmctNWpyZ84AA1jW
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSSEcosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 8 months ago
High
Ecosystems: npm
Packages: mathjax
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 8 months ago
GSA_kwCzR0hTQS12NjM4LXE4NTYtZ3JnOM4AA1jV
MathJax Regular expression Denial of Service (ReDoS)Ecosystems: npm
Packages: mathjax
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 8 months ago
Moderate
Ecosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 8 months ago
GSA_kwCzR0hTQS12eHZtLXF3dzMtMmZoN84AA1jJ
MongoDB Driver may publish events containing authentication-related dataEcosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 8 months ago
GSA_kwCzR0hTQS1jaDNjLXY0N3gtNHBncM4AA1i9
Cleartext Signed Message Signature Spoofing in openpgpEcosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: @webiny/react-rich-text-renderer
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 8 months ago
GSA_kwCzR0hTQS0zeDU5LXZybWMtNW14Ns4AA1fb
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text contentEcosystems: npm
Packages: @webiny/react-rich-text-renderer
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 8 months ago
Low
Ecosystems: npm
Packages: basti-cdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1xNHBwLWozNmgtM2dxZ84AA1e3
Minimal `basti` IAM Policy Allows Shell AccessEcosystems: npm
Packages: basti-cdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
Ecosystems: npm
Packages: webui-aria2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1jcnY4LXI1d3EtZ3Yyd84AA1bg
webui-aria2 Path Traversal vulnerabilityEcosystems: npm
Packages: webui-aria2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 8 months ago
GSA_kwCzR0hTQS1qNTVyLTc4N3AtbTU0Oc4AA1aq
Shescape on Windows escaping may be bypassed in threaded contextEcosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: @node-saml/node-saml
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
GSA_kwCzR0hTQS12eDhtLTZmaHctcGNjd84AA1aW
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityErrorEcosystems: npm
Packages: @node-saml/node-saml
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
Critical
Ecosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 8 months ago
GSA_kwCzR0hTQS01cDQyLW02ZjMtaHBtas4AA1Wh
tree-kit Prototype Pollution vulnerabilityEcosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 8 months ago
GSA_kwCzR0hTQS12N3Y4LWdqdjctZmZtcs4AA1WK
@excalidraw/excalidraw Cross-site Scripting vulnerabilityEcosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 8 months ago
GSA_kwCzR0hTQS05Yzl2LXcyMjUtdjVyZ84AA1Uk
Ghost vulnerable to arbitrary file read via symlinks in content importEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 8 months ago
GSA_kwCzR0hTQS05Y3ZjLXY3d20tOTkyY84AA1Uh
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessibleEcosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 8 months ago
Critical
Ecosystems: npm
Packages: external-svg-loader
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 8 months ago
GSA_kwCzR0hTQS14YzJyLWpmMngtZ2pyOM4AA1Sy
external-svg-loader Cross-site Scripting vulnerabilityEcosystems: npm
Packages: external-svg-loader
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: svelecte
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
GSA_kwCzR0hTQS03aDQ1LWdyYzUtODl3cc4AA1SS
Svelecte item names vulnerable to execution of arbitrary JavaScriptEcosystems: npm
Packages: svelecte
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 9 months ago
GSA_kwCzR0hTQS1nNHZwLW02ODItcXFtcM4AA1Qt
OpenZeppelin Contracts vulnerable to Improper Escaping of OutputEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: critters
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: 9 months ago
GSA_kwCzR0hTQS1jeDNqLXFxeGotOTU5N84AA1Qs
Critters Cross-site Scripting VulnerabilityEcosystems: npm
Packages: critters
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: braft-editor
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 9 months ago
GSA_kwCzR0hTQS1qZnJmLXZ2NTQtajJqZ84AA1QU
Margox Braft-Editor Cross-site Scripting VulnerabilityEcosystems: npm
Packages: braft-editor
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: node-worker-threads-pool
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 9 months ago
GSA_kwCzR0hTQS03dnhjLXE3cnYtcWZqOM4AA1Qn
SUCHMOKUO node-worker-threads-pool denial of service VulnerabilityEcosystems: npm
Packages: node-worker-threads-pool
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 9 months ago
Critical
Ecosystems: npm
Packages: hellojs
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 9 months ago
GSA_kwCzR0hTQS1nM3ZmLTQ3ZnYtOGYzY84AA1QP
MrSwitch hello.js vulnerable to prototype pollutionEcosystems: npm
Packages: hellojs
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 9 months ago
High
Ecosystems: npm
Packages: @opentelemetry/instrumentation
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 9 months ago
GSA_kwCzR0hTQS1mOHBxLTM5MjYtOGd4Nc4AA1Lv
Unsanitized user controlled input in module generationEcosystems: npm
Packages: @opentelemetry/instrumentation
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 9 months ago
Critical
Ecosystems: npm
Packages: ses
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: 9 months ago
GSA_kwCzR0hTQS05YzRoLTNmN2gtMzIycs4AA1Lc
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and executionEcosystems: npm
Packages: ses
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: 9 months ago
High
Ecosystems: npm
Packages: @nguniversal/common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS1yM2hmLXE4cTctZnYycM4AA1LN
Angular critical CSS inlining Cross-site Scripting Vulnerability AdvisoryEcosystems: npm
Packages: @nguniversal/common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
Ecosystems: npm
Packages: import-in-the-middle
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 9 months ago
GSA_kwCzR0hTQS01cjI3LXJ3OHItNzk2N84AA1KN
import-in-the-middle has unsanitized user controlled input in module generationEcosystems: npm
Packages: import-in-the-middle
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS0zcG1qLWpxcXAtMm1qM84AA1Dg
matrix-appservice-irc IRC command injection via admin commands containing newlinesEcosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: matrix-appservice-bridge
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 9 months ago
GSA_kwCzR0hTQS12YzdqLWg4eGctZnY1eM4AA1Df
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIsEcosystems: npm
Packages: matrix-appservice-bridge
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 9 months ago
Low
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS1jN2hoLTN2NmMtZmo0cc4AA1De
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged roomsEcosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
Ecosystems: npm
Packages: @soketi/soketi
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 9 months ago
GSA_kwCzR0hTQS1nNnc2LWg5MzMtNHJjNc4AA1Cn
Soketi was exposed to Sandbox Escape vulnerability via vm2Ecosystems: npm
Packages: @soketi/soketi
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: 9 months ago
GSA_kwCzR0hTQS04YzkzLTRoY2gteGd4cM4AA1CK
Cloudflare Wrangler directory traversal vulnerabilityEcosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: @ensdomains/ens-contracts
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 9 months ago
GSA_kwCzR0hTQS1ycnh2LXE4bTQtd2NoM84AA0_N
.eth registrar controller can shorten the duration of registered namesEcosystems: npm
Packages: @ensdomains/ens-contracts
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 9 months ago
High
Ecosystems: npm
Packages: @pnpm/win-x64, @pnpm/macos-x64, @pnpm/macos-arm64, @pnpm/linuxstatic-arm64, @pnpm/linux-x64, @pnpm/linux-arm64, @pnpm/exe, pnpm, @pnpm/cafs
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: 9 months ago
GSA_kwCzR0hTQS01cjk4LWYzM2otZzhoN84AA0-_
pnpm incorrectly parses tar archives relative to specificationEcosystems: npm
Packages: @pnpm/win-x64, @pnpm/macos-x64, @pnpm/macos-arm64, @pnpm/linuxstatic-arm64, @pnpm/linux-x64, @pnpm/linux-arm64, @pnpm/exe, pnpm, @pnpm/cafs
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: @simonsmith/cypress-image-snapshot
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 9 months ago
GSA_kwCzR0hTQS12eGpnLWhjaHgtY2M0Z84AA0--
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file namesEcosystems: npm
Packages: @simonsmith/cypress-image-snapshot
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 9 months ago
High
Ecosystems: npm
Packages: underscore-keypath
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 9 months ago
GSA_kwCzR0hTQS1ncHZjLW14NmctY2Nods4AA0-r
underscore-keypath vulnerable to Prototype PollutionEcosystems: npm
Packages: underscore-keypath
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 9 months ago
Critical
Ecosystems: npm
Packages: umami
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS04d3d3LWNmZmgtNHE5OM4AA08I
Anyone with a share link can RESET all website data in UmamiEcosystems: npm
Packages: umami
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
Ecosystems: npm
Packages: @saltcorn/cli
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 9 months ago
GSA_kwCzR0hTQS13eGYzLTRmdmotdnFxeM4AA067
Unsafe plugins can be installed via pack import by tenant adminsEcosystems: npm
Packages: @saltcorn/cli
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 9 months ago
High
Ecosystems: npm
Packages: sails
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 9 months ago
GSA_kwCzR0hTQS1ncHc5LWZ3bTgtN3J4N84AA064
DoS vulnerability for apps with sockets enabledEcosystems: npm
Packages: sails
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 9 months ago
GSA_kwCzR0hTQS1nZ2dtLTY2cmgtcHA5OM4AA046
Incorrect Permission Checking for GraphQL SubscriptionsEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 9 months ago
GSA_kwCzR0hTQS00cWN2LXFmMzgtNWozas4AA04i
Unintentional leakage of private information via cross-origin websocket session hijackingEcosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 9 months ago
High
Ecosystems: npm
Packages: @strapi/utils, @strapi/database
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 9 months ago
GSA_kwCzR0hTQS05eGc0LTNxZm0tOXc4Zs4AA04c
Leaking sensitive user information still possible by filtering on private with prefix fieldsEcosystems: npm
Packages: @strapi/utils, @strapi/database
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: @strapi/database, @strapi/utils, @strapi/strapi
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 9 months ago
GSA_kwCzR0hTQS1jaG1yLXJnMmYtOWptZs4AA04b
Making all attributes on a content-type public without noticing itEcosystems: npm
Packages: @strapi/database, @strapi/utils, @strapi/strapi
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 9 months ago
Critical
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 9 months ago
GSA_kwCzR0hTQS12aDJnLTZjNHgtNWhtcM4AA04I
Path traversal and code execution via prototype vulnerabilityEcosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 9 months ago
High
Ecosystems: npm
Packages: @feathersjs/transport-commons, @feathersjs/socketio
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 9 months ago
GSA_kwCzR0hTQS1oaHI5LXJoMjUtaHZmOc4AA00L
Feathers socket handler allows abusing implicit toStringEcosystems: npm
Packages: @feathersjs/transport-commons, @feathersjs/socketio
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 9 months ago
GSA_kwCzR0hTQS1jOXZ4LTJnN3ctcnA2Nc4AA0xY
matrix-react-sdk vulnerable to XSS in Export Chat featureEcosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 9 months ago
Critical
Ecosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: 9 months ago
GSA_kwCzR0hTQS05bTkzLXc4dzYtNzZoaM4AA0uj
Mongoose Prototype Pollution vulnerabilityEcosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: 9 months ago
Moderate
Ecosystems: npm
Packages: layui
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 9 months ago
GSA_kwCzR0hTQS1oeDRoLTY3NnItajNxcM4AA0ub
layui vulnerable to cross-site scriptingEcosystems: npm
Packages: layui
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 9 months ago
Critical
Ecosystems: npm
Packages: clevertap-cordova
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 9 months ago
GSA_kwCzR0hTQS14MnBoLXFxd20tOWNjNs4AA0uL
CleverTap Cordova plugin vulnerable to Cross-site ScriptingEcosystems: npm
Packages: clevertap-cordova
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 9 months ago
High
Ecosystems: npm
Packages: webmention.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1yNTRnLTRxcTYtY2h4Z84AA0tV
webmention.js Cross-site Scripting vulnerabilityEcosystems: npm
Packages: webmention.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
GSA_kwCzR0hTQS1jY2hxLWZyZ3YtcmpoNc4AA0sM
vm2 Sandbox Escape vulnerabilityEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
GSA_kwCzR0hTQS1nNjQ0LTlnZngtcTRxNM4AA0sL
vm2 Sandbox Escape vulnerabilityEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
Low
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1oOXdxLXhjcXgtbXF4bc4AA0m0
Vendure Cross Site Request Forgery vulnerability impacting all API requestsEcosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: tarteaucitronjs
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
GSA_kwCzR0hTQS1mNDRtLTY1aDMtOTl2Y84AA0kQ
tarteaucitron.js vulnerable to Cross-site ScriptingEcosystems: npm
Packages: tarteaucitronjs
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: ckeditor-wordcount-plugin
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 10 months ago
GSA_kwCzR0hTQS1xOXc0LXc2NjctcXFqNM4AA0if
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of EditorEcosystems: npm
Packages: ckeditor-wordcount-plugin
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 10 months ago
Low
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1tcnI4LXY0OXctMzMzM84AA0iP
sweetalert2 v11.6.14 and above contains potentially undesirable behaviorEcosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
Ecosystems: npm
Packages: is_js
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: 10 months ago
GSA_kwCzR0hTQS1wdnJ3LWc2ZngtbWN4Ms4AA0Tj
is_js vulnerable to Regular Expression Denial of ServiceEcosystems: npm
Packages: is_js
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: 10 months ago
High
Ecosystems: npm
Packages: snyk
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 10 months ago
GSA_kwCzR0hTQS00dnJ2LTkzYzctbTkyas4AA0TJ
snyk Code Injection vulnerabilityEcosystems: npm
Packages: snyk
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: @vendure/admin-ui-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1nbTY4LTU3MnAtcTI4cs4AA0Q9
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerabilityEcosystems: npm
Packages: @vendure/admin-ui-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
Ecosystems: npm
Packages: @fastify/oauth2
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 10 months ago
GSA_kwCzR0hTQS1nOHg1LXA5cWMtY2Y5Nc4AA0OQ
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 stateEcosystems: npm
Packages: @fastify/oauth2
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 10 months ago
Critical
Ecosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 54.7
Published: 10 months ago
GSA_kwCzR0hTQS1oNzU1LThxcDktY3E4Nc4AA0Nr
protobufjs Prototype Pollution vulnerabilityEcosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 54.7
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: tough-cookie
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 10 months ago
GSA_kwCzR0hTQS03MnhmLWcydjQtcXZmM84AA0LC
tough-cookie Prototype Pollution vulnerabilityEcosystems: npm
Packages: tough-cookie
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 10 months ago
High
Ecosystems: npm
Packages: llhttp
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 months ago
GSA_kwCzR0hTQS1jZ2doLXBxNDUtNmg5eM4AA0Ks
llhttp vulnerable to HTTP request smugglingEcosystems: npm
Packages: llhttp
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 10 months ago
GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: angular-ui-notification
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
GSA_kwCzR0hTQS1tcmNqLTVxeHItdmhwMs4AA0Jz
angular-ui-notification Cross-site Scripting vulnerabilityEcosystems: npm
Packages: angular-ui-notification
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
GSA_kwCzR0hTQS00amp2LXA4eDktcnJmN84AA0Jy
Joplin Cross-site Scripting vulnerabilityEcosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
GSA_kwCzR0hTQS03Z3J3LXhmeDYtcWh4Ns4AA0Jx
Joplin Cross-site Scripting vulnerabilityEcosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
Statistics
Advisories: 17,986
Packages: 8,213
Repositories: 1,389
Ecosystems: 12
Packages: 8,213
Repositories: 1,389
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
29
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
directus
16
sequelize
16
ghost
14
tinymce
14
swagger-ui
14
ckeditor4
13
next
13
joplin
13
strapi
13
vm2
12
undici
12
marked
11
nodebb
11
angular
11
handlebars
11
tinymce/tinymce
9
TinyMCE
9
serve
9
@evershop/evershop
9
org.webjars.npm:jquery
9
jquery-rails
9
next-auth
9
jquery
9
node-forge
8
bootstrap
8
editor.md
8
steal
8
jsrsasign
8
validator
8
tar
8
url-parse
8
@strapi/strapi
8
express-cart
8
npm
8
matrix-js-sdk
8
urijs
8
jQuery
8
systeminformation
8
hermes-engine
7
lodash
7
hapi
7
matrix-react-sdk
7
shescape
7
jQuery.UI.Combined
7
org.webjars.npm:jquery-ui
7
jquery-ui-rails
7
total.js
7
jquery-ui
7
matrix-appservice-irc
7
snyk-broker
7
nocodb
7
sanitize-html
7
aaptjs
6
parse-url
6
safe-eval
6
rsshub
6
dojo
5
mongoose
5
prismjs
5
xlsx
5
sweetalert2
5
openpgp
5
keystone
5
total4
5
yarn
5
uptime-kuma
5
public
5
ua-parser-js
5
@strapi/plugin-users-permissions
5
rendertron
5
vite
5
lodash-es
5
follow-redirects
4
mysql2
4
generator-jhipster
4
@backstage/plugin-scaffolder-backend
4
axios
4
meshcentral
4
simple-markdown
4
@keystone-6/core
4
safer-eval
4
moment
4
vditor
4
convert-svg-core
4
ecstatic
4
mermaid
4
dompurify
4
apostrophe
4
vega
4
valine
4
muhammara
4
mongo-express
4
hummus
4
remarkable
4
jsonwebtoken
4
fastify
4
ejs
4
glance
4
materialize-css
4
qs
4
simple-git
4
ws
4
awsiotsdk
4
aws-iot-device-sdk-v2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
auth0-lock
4
katex
4
auth0-js
4
realms-shim
4
apollo-server-core
4
engine.io
4
m-server
3
jointjs
3
passport-wsfed-saml2
3
node-red-dashboard
3
buttle
3
n8n
3
browserify-shim
3
code-server
3
locutus
3
xmldom
3
postcss
3
@cubejs-backend/api-gateway
3
node-opcua
3
jquery-validation
3
keycloak-connect
3
serialize-to-js
3
@strapi/utils
3
slp-validate
3
nodemailer
3
lodash.defaultsdeep
3
socket.io-file
3
codecov
3
typeorm
3
@backstage/techdocs-common
3
js-yaml
3
loader-utils
3
slpjs
3
grunt
3
mathjs
3
dns-sync
3
node-ipc
3
feathers-sequelize
3
node-jose
3
object-path
3
jspdf
3
protobufjs
3
http-live-simulator
3
uap-core
3
socket.io-parser
3
notevil
3
ses
3
org.webjars.npm:xlsx
3
apollo-server
3
xdLocalStorage
3
raneto
3
renovate
3
@soketi/soketi
3
ids-enterprise
3
@materializecss/materialize
3
node-fetch
3
express-fileupload
3
highcharts
3
openmct
3
jose-node-cjs-runtime
3
stimulsoft-dashboards-js
3
jose-node-esm-runtime
3
sails
3
mxgraph
3
@commercial/subtext
3
mixme
3
docsify
3
blamer
3
jose
3
localhost-now
3
fuxa-server
3
simplehttpserver
3
bootstrap
3
parsel
3
convict
3
dojox
3
nadesiko3
3
@uppy/companion
3
json-ptr
3
connect
3
tough-cookie
3
@sequelize/core
3
fast-xml-parser
3
@sveltejs/kit
3
wrangler
3
mysql
3
immer
3
bson
3
bin-links
3
snyk
3
llhttp
3
Filter by Repository
https://github.com/parse-community/parse-server
29
https://github.com/electron/electron
25
https://github.com/strapi/strapi
21
https://github.com/OpenZeppelin/openzeppelin-contracts
20
https://github.com/sequelize/sequelize
16
https://github.com/directus/directus
15
https://github.com/tinymce/tinymce
14
https://github.com/swagger-api/swagger-ui
13
https://github.com/laurent22/joplin
12
https://github.com/backstage/backstage
12
https://github.com/nodejs/undici
12
https://github.com/TryGhost/Ghost
12
https://github.com/ckeditor/ckeditor4
12
https://github.com/patriksimek/vm2
12
https://github.com/NodeBB/NodeBB
11
https://github.com/jquery/jquery
11
https://github.com/keystonejs/keystone
10
https://github.com/nextauthjs/next-auth
10
https://github.com/evershopcommerce/evershop
9
https://github.com/vercel/next.js
9
https://github.com/matrix-org/matrix-js-sdk
8
https://github.com/stealjs/steal
8
https://github.com/pandao/editor.md
8
https://github.com/apollographql/apollo-server
8
https://github.com/kjur/jsrsasign
8
https://github.com/digitalbazaar/forge
8
https://github.com/sebhildebrandt/systeminformation
8
https://github.com/matrix-org/matrix-react-sdk
7
https://github.com/matrix-org/matrix-appservice-irc
7
https://github.com/twbs/bootstrap
7
https://github.com/unshiftio/url-parse
7
https://github.com/ericcornelissen/shescape
7
https://github.com/lodash/lodash
7
https://github.com/nocodb/nocodb
7
https://github.com/jquery/jquery-ui
6
https://github.com/DIYgod/RSSHub
6
https://github.com/totaljs/framework
6
https://github.com/ionicabizau/parse-url
6
https://github.com/shenzhim/aaptjs
6
https://github.com/panva/jose
6
https://github.com/eclipse-theia/theia
6
https://github.com/npm/node-tar
6
https://github.com/facebook/hermes
6
https://github.com/faisalman/ua-parser-js
5
https://github.com/vega/vega
5
https://github.com/apostrophecms/sanitize-html
5
https://github.com/npm/cli
5
https://github.com/vitejs/vite
5
https://github.com/gatsbyjs/gatsby
5
https://github.com/openpgpjs/openpgpjs
5
https://github.com/handlebars-lang/handlebars.js
5
https://github.com/BlackFan/client-side-prototype-pollution
5
https://github.com/GoogleChrome/rendertron
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/markedjs/marked
5
https://github.com/louislam/uptime-kuma
5
https://github.com/socketio/engine.io
4
https://github.com/Ylianst/MeshCentral
4
https://github.com/follow-redirects/follow-redirects
4
https://github.com/hapijs/hapi
4
https://github.com/mrvautin/expressCart
4
https://github.com/KaTeX/KaTeX
4
https://github.com/PrismJS/prism
4
https://github.com/fastify/fastify
4
https://github.com/sidorares/node-mysql2
4
https://github.com/auth0/lock
4
https://github.com/cloudflare/workers-sdk
4
https://github.com/auth0/node-jsonwebtoken
4
https://github.com/steveukx/git-js
4
https://github.com/Dogfalo/materialize
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/medialize/uri.js
4
https://github.com/medialize/URI.js
4
https://github.com/axios/axios
4
https://github.com/jhipster/generator-jhipster
4
https://github.com/balderdashy/sails
4
https://github.com/jonschlinkert/remarkable
4
https://github.com/yarnpkg/yarn
4
https://github.com/npm/npm
4
https://github.com/ofirdagan/cross-domain-local-storage
4
https://github.com/xCss/Valine
4
https://github.com/angular/angular.js
4
https://github.com/nodemailer/nodemailer
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/dojo/dojo
3
https://github.com/dojo/dojox
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/node-fetch/node-fetch
3
https://github.com/Automattic/mongoose
3
https://github.com/jarofghosts/glance
3
https://github.com/mongo-express/mongo-express
3
https://github.com/auth0/passport-wsfed-saml2
3
https://github.com/simpleledger/slpjs
3
https://github.com/gruntjs/grunt
3
https://github.com/typeorm/typeorm
3
https://github.com/mermaid-js/mermaid
3
https://github.com/neocotic/convert-svg
3
https://github.com/highcharts/highcharts
3
https://github.com/RIAEvangelist/node-ipc
3
https://github.com/renovatebot/renovate
3
https://github.com/zeit/next.js
3
https://github.com/infor-design/enterprise-ng
3
https://github.com/websockets/ws
3
https://github.com/facebook/react
3
https://github.com/moment/moment
3
https://github.com/jfhbrook/node-ecstatic
3
https://github.com/immerjs/immer
3
https://github.com/mongodb/js-bson
3
https://github.com/jquery-validation/jquery-validation
3
https://github.com/webpack/loader-utils
3
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
3
https://github.com/transloadit/uppy
3
https://github.com/docsifyjs/docsify
3
https://github.com/clientIO/joint
3
https://github.com/nodejs/llhttp
3
https://github.com/skoranga/node-dns-sync
3
https://github.com/vendure-ecommerce/vendure
3
https://github.com/MrRio/jsPDF
3
https://github.com/adaltas/node-mixme
3
https://github.com/Marak/colors.js
3
https://github.com/vriteio/vrite
3
https://github.com/postcss/postcss
3
https://github.com/josdejong/mathjs
3
https://github.com/mde/ejs
3
https://github.com/soketi/soketi
3
https://github.com/nasa/openmct
3
https://github.com/apostrophecms/apostrophe
3
https://github.com/manuelstofer/json-pointer
3
https://github.com/YMFE/yapi
3
https://github.com/kujirahand/nadesiko3
3
https://github.com/socketio/socket.io-parser
3
https://github.com/ua-parser/uap-core
3
https://github.com/salesforce/tough-cookie
3
https://github.com/mariocasciaro/object-path
3
https://github.com/ckeditor/ckeditor5
3
https://github.com/zestedesavoir/zmarkdown
3
https://github.com/node-opcua/node-opcua
3
https://github.com/hapijs/subtext
3
https://github.com/xmldom/xmldom
3
https://github.com/cisco/node-jose
3
https://github.com/mozilla/node-convict
3
https://github.com/sveltejs/kit
3
https://github.com/beerpwn/CVE
3
https://github.com/cure53/DOMPurify
3
https://github.com/vanessa219/vditor
3
https://github.com/chjj/marked
3
https://github.com/NaturalIntelligence/fast-xml-parser
3
https://github.com/dwisiswant0/advisory
3
https://github.com/n8n-io/n8n
3
https://github.com/fastify/fastify-static
2
https://github.com/shelljs/shelljs
2
https://github.com/commenthol/safer-eval
2
https://github.com/commenthol/serialize-to-js
2
https://github.com/node-red/node-red
2
https://github.com/guardian/html-janitor
2
https://github.com/senchalabs/connect
2
https://github.com/semantic-release/semantic-release
2
https://github.com/cronvel/tree-kit
2
https://github.com/cube-js/cube.js
2
https://github.com/node-red/node-red-dashboard
2
https://github.com/facebook/create-react-app
2
https://github.com/snyk/cli
2
https://github.com/manvel-khnkoyan/jpv
2
https://github.com/chocobozzz/peertube
2
https://github.com/chriso/validator.js
2
https://github.com/christian-bromann/rgb2hex
2
https://github.com/sindresorhus/semver-regex
2
https://github.com/sindresorhus/is-svg
2
https://github.com/fastify/fastify-passport
2
https://github.com/markdown-it/markdown-it
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/npm/npm-user-validate
2
https://github.com/simonh1000/angular-http-server
2
https://github.com/nodeca/js-yaml
2
https://github.com/mathjax/MathJax
2
https://github.com/fb55/css-what
2
https://github.com/cloudhead/node-static
2
https://github.com/codecov/codecov-node
2
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/excalidraw/excalidraw
2
https://github.com/fastify/fastify-multipart
2
https://github.com/galkahana/HummusJS
2
https://github.com/fastify/fastify-csrf
2
https://github.com/rabobank-blockchain/vp-toolkit
2
https://github.com/Qwerios/madlib-object-utils
2
https://github.com/Finastra/ssr-pages
2
https://github.com/fastify/fastify-reply-from
2
https://github.com/monsterkodi/sds
2
https://github.com/quilljs/quill
2
https://github.com/dominictarr/event-stream
2
https://github.com/dominictarr/libnested
2
https://github.com/moscajs/aedes
2
https://github.com/mout/mout
2
https://github.com/punkave/sanitize-html
2
https://github.com/moxiecode/plupload
2
https://github.com/npm/arborist
2
https://github.com/mozilla/nunjucks
2
https://github.com/psi-4ward/psitransfer
2