Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Browse all Security Advisories for npm

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1ZngtOHI3My12ODZj
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnOTctd3c3aC01bWpy
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Ecosystems: npm
Packages: dojox
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcycGYtZzZyOC1wZzIy
auth0-lock vulnerable to XSS via unsanitized placeholder property
Ecosystems: npm
Packages: auth0-lock
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmOWYtcGM1di05cjVo
Malicious takeover of previously owned ENS names
Ecosystems: npm
Packages: @ensdomains/ens
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3Z20tZ2hyOS00djk1
Cross-site scripting vulnerability in TinyMCE
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3NjUteGpjNS05dzc5
Cross-Site Scripting in node-red
Ecosystems: npm
Packages: node-red
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4aG0tOTZwcC0ybTQz
Remote Code Execution in Angular Expressions
Ecosystems: npm
Packages: angular-expressions
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkydm0td2ZtNS1teHZ2
cookie-signature Timing Attack
Ecosystems: npm
Packages: cookie-signature
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0N2otaGM2eC1oM3Fx
Remote Code Execution Vulnerability in NPM mongo-express
Ecosystems: npm
Packages: mongo-express
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0NTctNnE2eC1jZ3A5
Prototype Pollution in handlebars
Ecosystems: npm, rubygems
Packages: handlebars, bootstrap-wysihtml5-rails
Source: GitHub Advisory Database
Blast Radius: 87.7
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtNnEtcjJqYy1jcHFo
lodahs is malware
Ecosystems: npm
Packages: lodahs
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzMjgtOGhnZi03d2py
npm Vulnerable to Global node_modules Binary Overwrite
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg4cWMtcnJjdy00cjQ2
npm symlink reference outside of node_modules
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02Y3gtZzZxbS1wMmN4
Arbitrary File Write in npm
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2M3gteGM5ai1oaHZx
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Ecosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmanEtOTN4ai0zZjNm
Cross-Site Scripting in serialize-to-js
Ecosystems: npm
Packages: serialize-to-js
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cnYtam1tZi00cGd4
Cross-Site Scripting in serialize-javascript
Ecosystems: npm
Packages: serialize-javascript
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJoNDYtM2ZnYy1tdnJm
Validation bypass is possible in Json Pattern Validator
Ecosystems: npm
Packages: jpv
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4YzItbWozOS1xNTk5
Strapi allows unauthenticated attacker to reset admin password without valid reset token
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4NnYtcndoNC01NWp3
Pomelo allows external control of critical state data
Ecosystems: npm
Packages: pomelo
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyamMtNHB3ci0zdnA3
Cross-Site Scripting in iobroker.web
Ecosystems: npm
Packages: iobroker.web
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtY2gtMjk2ai13ZnZ3
Arbitrary File Write in iobroker.js-controller
Ecosystems: npm
Packages: iobroker.js-controller
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwbTgtNDkyYy05MnA1
Prototype Pollution in chartkick
Ecosystems: npm, rubygems
Packages: chartkick
Source: GitHub Advisory Database
Blast Radius: 52.1
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01MngtMjlwcS13M3Z2
Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscript
Ecosystems: npm
Packages: pannellum
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4cjgtOGhtYy0zODlm
Cross-Site Scripting in vant
Ecosystems: npm
Packages: vant
Source: GitHub Advisory Database
Blast Radius: 37.8
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5bXEtNHg0Ny01djgz
Prototype Pollution in angular
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyNWMtY2NmMy0zanJy
Critical severity vulnerability that affects slpjs
Ecosystems: npm
Packages: slpjs
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdteDYtdnhjZi1jM2dy
Validation Bypass in slp-validate
Ecosystems: npm
Packages: slp-validate
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqNngtdzQyNi02cmM2
Default Express middleware security check is ignored in production
Ecosystems: npm
Packages: @cubejs-backend/api-gateway
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1OTgtMmY1OS1ybWhx
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5eHAtOTJ2Yy01NTlq
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05anctMjM3ci1ndmZ2
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnNTktbTd3eC04NTNx
Cross-site Scripting in node-red-dashboard
Ecosystems: npm
Packages: node-red-dashboard
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2ODctdnY5ai1oZ3Bo
Improper Input Validation in Automattic Mongoose
Ecosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 53.9
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjZzgtcHE5di14OThx
Sandbox Breakout in realms-shim
Ecosystems: npm
Packages: realms-shim
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzeDQtd3I0aC1wdzMz
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Ecosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4djQtcXd4NS03ZjU5
SQL Injection in knex
Ecosystems: npm
Packages: knex
Source: GitHub Advisory Database
Blast Radius: 48.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3eDMtN2h3Ny1wY2pn
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Ecosystems: npm
Packages: renovate
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnY2gtamptci1ncDd3
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Ecosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4MmYtcDRwZy14Yzc0
Regular Expression Denial of Service in csv-parse
Ecosystems: npm
Packages: csv-parse
Source: GitHub Advisory Database
Blast Radius: 39.7
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM0MjctaGpjMy13cmZ3
Cross-site scripting in Swagger-UI
Ecosystems: maven, npm
Packages: io.springfox:springfox-swagger-ui, org.webjars.npm:swagger-ui, org.webjars:swagger-ui, swagger-ui
Source: GitHub Advisory Database
Blast Radius: 87.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0dzUtcjU0Ni14OXFo
Arbitrary File Read in html-pdf
Ecosystems: npm
Packages: html-pdf
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ndjItNTd2ai05OXhj
Low severity vulnerability that affects eye.js
Ecosystems: npm
Packages: eye.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqZzgtNzMzMy01NTR3
Sandbox Breakout in realms-shim
Ecosystems: npm
Packages: ses, realms-shim
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2Y2otcjg4cC05MnJt
Buffer Overflow in centra
Ecosystems: npm
Packages: centra
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtNHItY2dtMy02cTdx
Cross-Site Scripting in status-board
Ecosystems: npm
Packages: status-board
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NjQtcmhtdy01bTZm
Status Board vulnerable to Cross-Site Scripting before v1.1.82
Ecosystems: npm
Packages: status-board
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1jODQteHI5cC05Mzhy
High severity vulnerability that affects generator-jhipster
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2bXItcHhnNC02OGh4
Symlink Arbitrary File Overwrite in bower
Ecosystems: npm
Packages: bower
Source: GitHub Advisory Database
Blast Radius: 39.2
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0OWYtNzNoaC1tajM4
Command Injection in gitlabhook
Ecosystems: npm
Packages: gitlabhook
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcnEtY2pnaC0zMmcy
Low severity vulnerability that affects smartbanner.js
Ecosystems: npm
Packages: smartbanner.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4d3YtM2NjOS1mcDdj
Sensitive Data Exposure in seneca
Ecosystems: npm
Packages: seneca
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmMjctanF3di1nZjNy
Unintended Require in larvitbase-api
Ecosystems: npm
Packages: larvitbase-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzNnEtOGd4eC1tNzgy
Cross-Site Scripting in dojo
Ecosystems: npm
Packages: dojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3NjUtNjg3NS1yaHE4
Undefined Behavior in sailsjs-cacheman
Ecosystems: npm
Packages: sailsjs-cacheman
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnanYtcmdocS1xaGdw
Path Traversal in algo-httpserv
Ecosystems: npm
Packages: algo-httpserv
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqaDQtZmN2My13aHBx
Cross-Site Scripting in webtorrent
Ecosystems: npm
Packages: webtorrent
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqNXgtNTZwNi1oajZ4
Path Traversal in statichttpserver
Ecosystems: npm
Packages: statichttpserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqNHctNWZ3NC1ybTI3
Prototype Pollution in deeply
Ecosystems: npm
Packages: deeply
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnODgtZnBwci01M3Bw
Prototype Pollution in set-value
Ecosystems: npm
Packages: set-value
Source: GitHub Advisory Database
Blast Radius: 64.5
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZoamYtODN3Zy1yMmo5
Prototype Pollution in mixin-deep
Ecosystems: npm
Packages: mixin-deep
Source: GitHub Advisory Database
Blast Radius: 58.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjcHctNzNmMi13NTht
Cross-Site Scripting in selectize-plugin-a11y
Ecosystems: npm
Packages: selectize-plugin-a11y
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNnIteGNqai01aDdy
Cross-Site Scripting in cyberchef
Ecosystems: npm
Packages: cyberchef
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNneDcteGh2Ny01bXgz
Arbitrary Code Execution in eslint-utils
Ecosystems: npm
Packages: eslint-utils
Source: GitHub Advisory Database
Blast Radius: 62.9
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxaDgtNWozNi00NTU2
SQL Injection in connect-pg-simple
Ecosystems: npm
Packages: connect-pg-simple
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3amYtZmpqZi14Y3d3
Invalid Curve Attack in openpgp
Ecosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3cWMtMjh3My1md3c2
Message Signature Bypass in openpgp
Ecosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmbWYtcTQzdi0yZmZq
Improper Key Verification in openpgp
Ecosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTQtOHA5ai14NzRq
Cross-site Scripting in pandao editor.md
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2NWMtNGZnai01ZmMz
Cross-site Scripting in pandao
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjaDctZjRoNS14OXJq
Identity Spoofing in libp2p-secio
Ecosystems: npm
Packages: libp2p-secio
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1cDgtM2htNC1oOWg4
Denial of Service in rgb2hex
Ecosystems: npm
Packages: rgb2hex
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2cmgtOGZ3Ni01OXE2
assign-deep Vulnerable to Prototype Pollution
Ecosystems: npm
Packages: assign-deep
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdqOTMtMmg2ci1obTQ5
Cross-Site Scripting in http-file-server
Ecosystems: npm
Packages: http-file-server
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2NTctNTlydi1xd202
Cross-Site Scripting in min-http-server
Ecosystems: npm
Packages: min-http-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxZmMtY3I1OS1oNjRw
Missing Encryption of Sensitive Data in yarn
Ecosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1cnEtajJ4Zy1oN3Ft
Regular Expression Denial of Service (ReDoS) in lodash
Ecosystems: npm
Packages: lodash-amd, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2NzctODNwcC1mODYy
Cross-Site Scripting in @nuxt/devalue
Ecosystems: npm
Packages: @nuxt/devalue
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtcDUtbTk2OC1nd3Iy
Path Traversal in http-file-server
Ecosystems: npm
Packages: http-file-server
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1
Sensitive Data Exposure in parse-server
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmODUtY3BjcC1qNjk1
Prototype Pollution in lodash
Ecosystems: npm
Packages: lodash.defaultsdeep, lodash-amd, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 57.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwNXctajNnNy13NHd2
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
Ecosystems: npm
Packages: saml2-js
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4Y3YtOWpqeC1nZmoz
Denial of Service in mem
Ecosystems: npm
Packages: mem
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4bTctcWh2Ny05aDV4
Path Traversal in serve-here.js
Ecosystems: npm
Packages: serve-here
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4aHAtZmdjci0ycjRo
Cross-Site Scripting via JSONP
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14anIteG1jZy1mZzd3
Arbitrary Code Injection in mobile-icon-resizer
Ecosystems: npm
Packages: mobile-icon-resizer
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1mNngtN21tNC14Mmc3
Out-of-bounds Read in stringstream
Ecosystems: npm
Packages: stringstream
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4eGgtd3Bnci03Zm04
Command Injection in open
Ecosystems: npm
Packages: open
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg5cDItZnhxNi0ybTVm
Reverse Tabnapping in swagger-ui
Ecosystems: npm
Packages: swagger-ui
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4NHYtNmdjNS1mMnZ2
Regular Expression Denial of Service
Ecosystems: npm
Packages: esm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4Z3ItY21jcC1nM21q
Directory Traversal in lactate
Ecosystems: npm
Packages: lactate
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycDYtNG1wNy0zcjl2
Regular Expression Denial of Service in underscore.string
Ecosystems: npm
Packages: underscore.string
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2bW0tbWhjcS00eDlq
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Ecosystems: npm
Packages: constantinople
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxaHgtZzl3cC1nOW02
Failure to sanitize quotes which can lead to sql injection in squel
Ecosystems: npm
Packages: squel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4aHctdmZoNy14dmc4
Forced Logout in keycloak-connect
Ecosystems: npm
Packages: keycloak-connect
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3ItNzd4Yy04ZzZy
Prototype Pollution in @apollo/gateway
Ecosystems: npm
Packages: @apollo/gateway
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cjMtM2g5Ni1yd2o2
Cross-Site Scripting in ids-enterprise
Ecosystems: npm
Packages: ids-enterprise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwZnEtOHd4OC1jZ3F3
Cross-Site Scripting in ids-enterprise
Ecosystems: npm
Packages: ids-enterprise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyZngtNXBoZy1obXc5
Cross-Site Scripting in ids-enterprise
Ecosystems: npm
Packages: ids-enterprise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtNTItd3dydy1jMjgy
Command Injection in wiki-plugin-datalog
Ecosystems: npm
Packages: wiki-plugin-datalog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Statistics
Advisories: 20,468
Packages: 8,969
Repositories: 1,483
Ecosystems: 12
Filter by Package
parse-server 31 directus 26 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 next 18 sequelize 16 tinymce 16 ghost 15 ckeditor4 15 swagger-ui 14 undici 13 strapi 13 joplin 13 angular 13 vm2 12 nodebb 11 tinymce/tinymce 11 TinyMCE 11 handlebars 11 marked 11 bootstrap 10 flowise 10 matrix-js-sdk 10 nocodb 10 org.webjars:bootstrap 9 bootstrap 9 @evershop/evershop 9 matrix-react-sdk 9 serve 9 bootstrap 9 twbs/bootstrap 9 next-auth 9 @strapi/strapi 9 node-forge 8 jquery 8 jsrsasign 8 tar 8 org.webjars.npm:jquery 8 editor.md 8 jquery-rails 8 express-cart 8 systeminformation 8 steal 8 matrix-appservice-irc 8 url-parse 8 validator 8 npm 8 urijs 8 jQuery 7 bootstrap.sass 7 jquery-ui-rails 7 bootstrap-sass 7 org.webjars.npm:jquery-ui 7 jquery-ui 7 vite 7 dompurify 7 sanitize-html 7 hapi 7 lodash 7 shescape 7 hermes-engine 7 snyk-broker 7 elliptic 7 total.js 7 jQuery.UI.Combined 7 lunary 7 uptime-kuma 7 bootstrap-sass 6 @strapi/plugin-users-permissions 6 aaptjs 6 safe-eval 6 parse-url 6 rsshub 6 mattermost-desktop 5 ejs 5 public 5 @saltcorn/server 5 keystone 5 lodash-es 5 yarn 5 mysql2 5 mongoose 5 prismjs 5 openpgp 5 ws 5 xlsx 5 axios 5 rendertron 5 vditor 5 mermaid 5 sweetalert2 5 dojo 5 total4 5 ua-parser-js 5 express 4 remarkable 4 meshcentral 4 katex 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 follow-redirects 4 aws-iot-device-sdk-v2 4 awsiotsdk 4 convert-svg-core 4 hono 4 @backstage/plugin-scaffolder-backend 4 simple-git 4 muhammara 4 glance 4 vega 4 ecstatic 4 realms-shim 4 mongo-express 4 valine 4 auth0-lock 4 apostrophe 4 apollo-server-core 4 hummus 4 materialize-css 4 engine.io 4 fastify 4 simple-markdown 4 @keystone-6/core 4 fast-xml-parser 4 qs 4 moment 4 auth0-js 4 generator-jhipster 4 safer-eval 4 @lobehub/chat 4 jsonwebtoken 4 json-ptr 3 libxmljs 3 slp-validate 3 postcss 3 jose-node-esm-runtime 3 @ckeditor/ckeditor5-markdown-gfm 3 jose-node-cjs-runtime 3 jose 3 node-jose 3 @soketi/soketi 3 tough-cookie 3 jquery-validation 3 js-yaml 3 statics-server 3 socket.io 3 simplehttpserver 3 @apollo/server 3 mxgraph 3 org.webjars.npm:xlsx 3 http-live-simulator 3 passport-wsfed-saml2 3 sails 3 @sequelize/core 3 dojox 3 protobufjs 3 convict 3 ses 3 localhost-now 3 docsify 3 lodash.defaultsdeep 3 dset 3 nadesiko3 3 jointjs 3 yapi-vendor 3 blamer 3 @directus/api 3 code-server 3 bson 3 braces 3 @sveltejs/kit 3 nodemailer 3 layui 3 dns-sync 3 snyk 3 uap-core 3 express-fileupload 3 @backstage/techdocs-common 3 mathjs 3 ids-enterprise 3 node-red-dashboard 3 typeorm 3 @materializecss/materialize 3 loader-utils 3 connect 3 xdLocalStorage 3 @commercial/subtext 3 apollo-server 3 django-tinymce 3 keycloak-connect 3 llhttp 3 nuxt 3 n8n 3 bin-links 3 @frangoteam/fuxa 3 buttle 3 ftp-srv 3 ag-grid-community 3 m-server 3 @hapi/subtext 3
Filter by Repository
https://github.com/parse-community/parse-server 31 https://github.com/directus/directus 25 https://github.com/electron/electron 25 https://github.com/strapi/strapi 24 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/sequelize/sequelize 16 https://github.com/tinymce/tinymce 16 https://github.com/backstage/backstage 16 https://github.com/vercel/next.js 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/TryGhost/Ghost 13 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/NodeBB/NodeBB 11 https://github.com/keystonejs/keystone 10 https://github.com/jquery/jquery 10 https://github.com/nocodb/nocodb 10 https://github.com/matrix-org/matrix-js-sdk 10 https://github.com/nextauthjs/next-auth 10 https://github.com/matrix-org/matrix-react-sdk 9 https://github.com/evershopcommerce/evershop 9 https://github.com/apollographql/apollo-server 8 https://github.com/kjur/jsrsasign 8 https://github.com/pandao/editor.md 8 https://github.com/FlowiseAI/Flowise 8 https://github.com/digitalbazaar/forge 8 https://github.com/stealjs/steal 8 https://github.com/sebhildebrandt/systeminformation 8 https://github.com/matrix-org/matrix-appservice-irc 8 https://github.com/cure53/DOMPurify 7 https://github.com/saltcorn/saltcorn 7 https://github.com/lodash/lodash 7 https://github.com/ericcornelissen/shescape 7 https://github.com/twbs/bootstrap 7 https://github.com/louislam/uptime-kuma 7 https://github.com/unshiftio/url-parse 7 https://github.com/indutny/elliptic 7 https://github.com/lunary-ai/lunary 7 https://github.com/vitejs/vite 7 https://github.com/npm/node-tar 6 https://github.com/DIYgod/RSSHub 6 https://github.com/ionicabizau/parse-url 6 https://github.com/facebook/hermes 6 https://github.com/shenzhim/aaptjs 6 https://github.com/totaljs/framework 6 https://github.com/jquery/jquery-ui 6 https://github.com/eclipse-theia/theia 6 https://github.com/panva/jose 6 https://github.com/axios/axios 5 https://github.com/npm/cli 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/gatsbyjs/gatsby 5 https://github.com/sidorares/node-mysql2 5 https://github.com/GoogleChrome/rendertron 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/openpgpjs/openpgpjs 5 https://github.com/handlebars-lang/handlebars.js 5 https://github.com/apostrophecms/sanitize-html 5 https://github.com/markedjs/marked 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/vega/vega 5 https://github.com/KaTeX/KaTeX 4 https://github.com/auth0/lock 4 https://github.com/auth0/node-jsonwebtoken 4 https://github.com/vendure-ecommerce/vendure 4 https://github.com/mrvautin/expressCart 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/ofirdagan/cross-domain-local-storage 4 https://github.com/PrismJS/prism 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/Dogfalo/materialize 4 https://github.com/balderdashy/sails 4 https://github.com/honojs/hono 4 https://github.com/follow-redirects/follow-redirects 4 https://github.com/medialize/URI.js 4 https://github.com/medialize/uri.js 4 https://github.com/mde/ejs 4 https://github.com/steveukx/git-js 4 https://github.com/yarnpkg/yarn 4 https://github.com/hapijs/hapi 4 https://github.com/cloudflare/workers-sdk 4 https://github.com/lobehub/lobe-chat 4 https://github.com/ckeditor/ckeditor5 4 https://github.com/Ylianst/MeshCentral 4 https://github.com/socketio/engine.io 4 https://github.com/xCss/Valine 4 https://github.com/jonschlinkert/remarkable 4 https://github.com/npm/npm 4 https://github.com/angular/angular.js 4 https://github.com/websockets/ws 4 https://github.com/fastify/fastify 4 https://github.com/nuxt/nuxt 4 https://github.com/NaturalIntelligence/fast-xml-parser 4 https://github.com/expressjs/express 3 https://github.com/postcss/postcss 3 https://github.com/mariocasciaro/object-path 3 https://github.com/transloadit/uppy 3 https://github.com/actions/toolkit 3 https://github.com/Automattic/mongoose 3 https://github.com/nodejs/llhttp 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/webpack/loader-utils 3 https://github.com/mozilla/node-convict 3 https://github.com/facebook/react 3 https://github.com/HackAllSec/CVEs 3 https://github.com/node-fetch/node-fetch 3 https://github.com/soketi/soketi 3 https://github.com/mozilla/pdf.js 3 https://github.com/jarofghosts/glance 3 https://github.com/cisco/node-jose 3 https://github.com/salesforce/tough-cookie 3 https://github.com/node-opcua/node-opcua 3 https://github.com/zeit/next.js 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/libxmljs/libxmljs 3 https://github.com/micromatch/braces 3 https://github.com/josdejong/mathjs 3 https://github.com/moment/moment 3 https://github.com/adaltas/node-mixme 3 https://github.com/clientIO/joint 3 https://github.com/docsifyjs/docsify 3 https://github.com/kujirahand/nadesiko3 3 https://github.com/mongodb/js-bson 3 https://github.com/highcharts/highcharts 3 https://github.com/renovatebot/renovate 3 https://github.com/YMFE/yapi 3 https://github.com/dojo/dojo 3 https://github.com/dojo/dojox 3 https://github.com/mongo-express/mongo-express 3 https://github.com/ag-grid/ag-grid 3 https://github.com/neocotic/convert-svg 3 https://github.com/zestedesavoir/zmarkdown 3 https://github.com/vanessa219/vditor 3 https://github.com/chjj/marked 3 https://github.com/koush/scrypted 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3 https://github.com/jasonraimondi/url-to-png 3 https://github.com/mermaid-js/mermaid 3 https://github.com/agnaistic/agnai 3 https://github.com/n8n-io/n8n 3 https://github.com/apostrophecms/apostrophe 3 https://github.com/skoranga/node-dns-sync 3 https://github.com/manuelstofer/json-pointer 3 https://github.com/simpleledger/slpjs 3 https://github.com/beerpwn/CVE 3 https://github.com/gruntjs/grunt 3 https://github.com/nasa/openmct 3 https://github.com/nodemailer/nodemailer 3 https://github.com/dwisiswant0/advisory 3 https://github.com/socketio/socket.io-parser 3 https://github.com/typeorm/typeorm 3 https://github.com/socketio/socket.io 3 https://github.com/immerjs/immer 3 https://github.com/ua-parser/uap-core 3 https://github.com/udecode/plate 3 https://github.com/hapijs/subtext 3 https://github.com/MrRio/jsPDF 3 https://github.com/RIAEvangelist/node-ipc 3 https://github.com/jquery-validation/jquery-validation 3 https://github.com/getsentry/sentry-javascript 3 https://github.com/Marak/colors.js 3 https://github.com/lukeed/dset 3 https://github.com/xmldom/xmldom 3 https://github.com/vriteio/vrite 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/sveltejs/kit 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/givanz/VvvebJs 2 https://github.com/node-red/node-red 2 https://github.com/commenthol/serialize-to-js 2 https://github.com/gilbitron/Raneto 2 https://github.com/gigafied/decal.js 2 https://github.com/rvagg/bl 2 https://github.com/cronvel/tree-kit 2 https://github.com/rs/node-netmask 2 https://github.com/cube-js/cube.js 2 https://github.com/curveball/a12n-server 2 https://github.com/RocketChat/Rocket.Chat 2 https://github.com/grpc/grpc-node 2 https://github.com/sindresorhus/is-svg 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/simonh1000/angular-http-server 2 https://github.com/manvel-khnkoyan/jpv 2 https://github.com/google/closure-library 2 https://github.com/chocobozzz/peertube 2 https://github.com/chriso/validator.js 2 https://github.com/nodeca/js-yaml 2 https://github.com/christian-bromann/rgb2hex 2 https://github.com/facebook/create-react-app 2 https://github.com/jcubic/jquery.terminal 2 https://github.com/shelljs/shelljs 2 https://github.com/markdown-it/markdown-it 2 https://github.com/expressjs/serve-static 2 https://github.com/senchalabs/connect 2 https://github.com/semantic-release/semantic-release 2