Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Loading...
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0Y20teDJxNS04MjI1
dojox vulnerable to unescaped string injection
Ecosystems: npm
Packages: dojox
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OTYtbW0yZy1jOG03
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFodjktNzI4ci02anFn
ReDoS via long string of semicolons in tough-cookie
Ecosystems: npm
Packages: tough-cookie
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5NGYtcnc0NC1xcnc1
mongose is malware
Ecosystems: npm
Packages: mongose
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2OHItMjNoai14Zjlj
node-openssl is malware
Ecosystems: npm
Packages: node-openssl
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNXAtZmY3eC1odzdx
Cross-Site Scripting in public
Ecosystems: npm
Packages: public
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4OG0tOHhteC1xOHYz
Denial of Service in memjs
Ecosystems: npm
Packages: memjs
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxamctd2htbS04Z3Y2
Denial of Service via malformed accept-encoding header in hapi
Ecosystems: npm
Packages: hapi
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnMzMtZjI2Mi14anA0
Cryptographically Weak PRNG in randomatic
Ecosystems: npm
Packages: randomatic
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3NGgtM2NtMy0ycG0y
Out-of-bounds Read in atob
Ecosystems: npm
Packages: atob
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyMnYtMzk1Mi02MzNx
Prototype Pollution in deep-extend
Ecosystems: npm
Packages: deep-extend
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bTItcjM0Zi1xbWM1
Regular Expression Denial of Service in minimatch
Ecosystems: npm
Packages: minimatch
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5Y20tcDN3Ni14dnIz
Denial-of-Service Extended Event Loop Blocking in qs
Ecosystems: npm
Packages: qs
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3aHItajRtai1qMnc2
Verification Bypass in jsonwebtoken
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtYzUtY2hocC1mbWMz
Regular Expression Denial of Service in negotiator
Ecosystems: npm
Packages: negotiator
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2MmYtYzJ3Zy1tOGM4
Denial of Service in protobufjs
Ecosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OTMtNDVyMy1wNjZw
Prototype Pollution in merge-options
Ecosystems: npm
Packages: merge-options
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0NngtbTM2My05cmg0
node-opensl is malware
Ecosystems: npm
Packages: node-opensl
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmaDItNmY3cS1ncjg2
Cross-Site Scripting in sexstatic
Ecosystems: npm
Packages: sexstatic
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczNzUtdmpyMi0zZzd3
Cross-Site Scripting in glance
Ecosystems: npm
Packages: glance
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3Y2gtZndteC1jZjQ3
Directory Traversal in augustine
Ecosystems: npm
Packages: augustine
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMydnItMmM4OS1waDg4
Downloads Resources over HTTP in node-bsdiff-android
Ecosystems: npm
Packages: node-bsdiff-android
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4aG0tM3ZqOS02Y3Fo
apk-parser2 downloads Resources over HTTP
Ecosystems: npm
Packages: apk-parser2
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Y3ItcTkzNS04ajY3
Path Traversal in buttle
Ecosystems: npm
Packages: buttle
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwODItMmg5OS0zZnBw
Prototype Pollution in async merge-object
Ecosystems: npm
Packages: merge-object
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2eG0tZjI5NS14OTU3
Prototype Pollution in merge-recursive
Ecosystems: npm
Packages: merge-recursive
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtODctNDZ2di1qcXJy
Path Traversal in html-pages
Ecosystems: npm
Packages: html-pages
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0NjItcTd4Ny1nMng0
js-bson vulnerable to REDoS
Ecosystems: npm
Packages: bson
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmaGctOXg0NC03OGgy
ps Enables OS Command Injection
Ecosystems: npm
Packages: ps
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ajMtd3FwaC01eHg5
Command Injection in egg-scripts
Ecosystems: npm
Packages: egg-scripts
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjdjctcjQ4OC13YzV4
noderequest is malware
Ecosystems: npm
Packages: noderequest
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtdnItNXgyZy13ZmM4
Bootstrap Cross-site Scripting vulnerability
Ecosystems: npm, rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqN20tZzUzbS03NjM4
Bootstrap Cross-site Scripting vulnerability
Ecosystems: packagist, npm
Packages: typo3/cms, typo3/cms-core, bootstrap
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqMmotOHJydi0yNjRn
Cross-Site Scripting in exceljs
Ecosystems: npm
Packages: exceljs
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxOGctNXBjNS13cmhy
Insufficient Entropy in cryptiles
Ecosystems: npm
Packages: cryptiles
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcjgtNnBycC1nd2p2
SQL Injection in query-mysql
Ecosystems: npm
Packages: query-mysql
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnM2ctMm1naC0zM2o4
Sensitive Data Exposure in msrcrypto
Ecosystems: npm
Packages: msrcrypto
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwNTctbXFtaC00NGg3
Command Injection in macaddress
Ecosystems: npm
Packages: macaddress
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwdmotcTdmcC1qY2No
simplehttpserver allows directory traversal and file listing
Ecosystems: npm
Packages: simplehttpserver
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqY2otNWcyci12eHFj
Pandao editor.md vulnerable to XSS in IMG attributes
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxZzctdnJqNy12ODJo
Mosca REDoS Vulnerability
Ecosystems: npm
Packages: mosca
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyaHYtcnA0cS1xN2Yz
babelcli is malware
Ecosystems: npm
Packages: babelcli
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3eHEtN3I4bS1xcG1n
ffmepg is malware
Ecosystems: npm
Packages: ffmepg
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4MzctNXJoMi1ocDhj
node-opencv is malware
Ecosystems: npm
Packages: node-opencv
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoeHctcjg0Ny1xZndw
opencv.js is malware
Ecosystems: npm
Packages: opencv.js
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyZ3EteDZwZy03NTJq
openssl.js is malware
Ecosystems: npm
Packages: openssl.js
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4NjYtOHZ4eC0yN2h4
nodemailer.js is malware
Ecosystems: npm
Packages: nodemailer.js
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoNTYtM2Y1dy05aDI1
nodemailer-js is malware
Ecosystems: npm
Packages: nodemailer-js
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3cHEtdnZ3Ni02N3dy
nodecaffe is malware
Ecosystems: npm
Packages: nodecaffe
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxaDQtMjdjYy1qOGYy
nodeffmpeg is malware
Ecosystems: npm
Packages: nodeffmpeg
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoNTUtNDlqbS03Mzl4
Directory Traversal in easyquick
Ecosystems: npm
Packages: easyquick
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2NnEtOWNmdy00Yzgz
smb is malware
Ecosystems: npm
Packages: smb
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqNzMtdjY4OC13cXhm
Hijacked Environment Variables in proxy.js
Ecosystems: npm
Packages: proxy.js
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnNTQtOTV4di1mMzUz
http-proxy.js is malware
Ecosystems: npm
Packages: http-proxy.js
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMybTQtdzVobS12cWp3
crossenv is malware
Ecosystems: npm
Packages: crossenv
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1MjMtMmY1ai1nZmNn
Regular Expression Denial of Service in timespan
Ecosystems: npm
Packages: timespan
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2dmMtY3c2Mi1mcXZy
Shadowsock is malware
Ecosystems: npm
Packages: shadowsock
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2
Electron webPreferences vulnerability can be used to perform remote code execution
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpocTMtNTd4aC02NjQz
Privilege Escalation due to Blind NoSQL Injection in flintcms
Ecosystems: npm
Packages: flintcms
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzYzIteDc3Yy03cHZy
Command Injection in git-dummy-commit
Ecosystems: npm
Packages: git-dummy-commit
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4ZjUtZ2hjMi1mY212
Code Injection in cryo
Ecosystems: npm
Packages: cryo
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyOWMtNDZ2My00M2Zj
Downloads Resources over HTTP in haxe3
Ecosystems: npm
Packages: haxe3
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjZnAtcHBxdy1tZjIz
fis-sass-all downloads Resources over HTTP
Ecosystems: npm
Packages: fis-sass-all
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjbXgtaHJxOS1jMjNw
Improper Authorization in aedes
Ecosystems: npm
Packages: aedes
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqNTktaGZ3Ni02dzdo
Downloads Resources over HTTP in cmake
Ecosystems: npm
Packages: cmake
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBoOHAtMmc5Ny05NjU0
Downloads Resources over HTTP in jstestdriver
Ecosystems: npm
Packages: jstestdriver
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyYzYtMnIzci1mdjc5
slimerjs-edge downloads Resources over HTTP
Ecosystems: npm
Packages: slimerjs-edge
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cTMtNjd2Yy13dmNm
grunt-images downloads Resources over HTTP
Ecosystems: npm
Packages: grunt-images
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2NWgtMjMzYy1qeHZt
Downloads Resources over HTTP in resourcehacker
Ecosystems: npm
Packages: resourcehacker
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3ZzktOTJmci02ajd2
marionette-socket-host downloads Resources over HTTP
Ecosystems: npm
Packages: marionette-socket-host
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtMzktNjJmbS1xOHIz
Regular Expression Denial of Service in sshpk
Ecosystems: npm
Packages: sshpk
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2NGMtcDJqNS0zOGo0
Open Redirect in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljcDMtZmg1eC14ZmNq
Regular Expression Denial of Service in charset
Ecosystems: npm
Packages: charset
Source: GitHub Advisory Database
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cGotY3g3Zy04NThj
Regular Expression Denial of Service in debug
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyMjUtNmN2ci04cHFw
superagent vulnerable to zip bomb attacks
Ecosystems: npm
Packages: superagent
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmNjQtcTdqYy1jY2dw
metascraper before v5.2.0 vulnerable to stored cross-site scripting
Ecosystems: npm
Packages: metascraper
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2OW0tZjd3NC04ODlj
discordi.js is malware
Ecosystems: npm
Packages: discordi.js
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmanItbTd2Ni1mcGc5
jquey is malware
Ecosystems: npm
Packages: jquey
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY0OTktanY0Ny05d3hm
Directory Traversal in desafio
Ecosystems: npm
Packages: desafio
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNwcDItcTY2eC1mcTQ0
Directory Traversal in jikes
Ecosystems: npm
Packages: jikes
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtanctNmpyaC1odmZx
Sandbox Breakout / Arbitrary Code Execution in static-eval
Ecosystems: npm
Packages: static-eval
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyZmctanFoeC1jNjhw
Open Redirect in st
Ecosystems: npm
Packages: st
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwMjgtMjljaC1naDky
Directory Traversal in elding
Ecosystems: npm
Packages: elding
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1jOXgtdjl4Zy0yNXBt
coffescript is malware
Ecosystems: npm
Packages: coffescript
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5cmotcGd4di04NGpj
cofee-script is malware
Ecosystems: npm
Packages: cofee-script
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo0OWctbXA3OS01dm01
coffe-script is malware
Ecosystems: npm
Packages: coffe-script
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02d2gtbThtOC02eHg1
cofeescript is malware
Ecosystems: npm
Packages: cofeescript
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmN2gtdmc1di1jY2g2
Directory Traversal in ritp
Ecosystems: npm
Packages: ritp
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01aDYtaHIzcS0yMmg1
npm Token Leak in npm
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjcHYtZzlyci1xeHJj
Regular Expression Denial of Service in hawk
Ecosystems: npm
Packages: hawk
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoajQtdzIzMy1nMzVx
Downloads Resources over HTTP in react-native-baidu-voice-synthesizer
Ecosystems: npm
Packages: react-native-baidu-voice-synthesizer
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNjktZ3hwbS01NDY5
Downloads Resources over HTTP in alto-saxophone
Ecosystems: npm
Packages: alto-saxophone
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyNmMtODVmaC1jcXBn
Downloads Resources over HTTP in haxeshim
Ecosystems: npm
Packages: haxeshim
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03OXctNG1xdi1yMzlm
windows-seleniumjar downloads Resources over HTTP
Ecosystems: npm
Packages: windows-seleniumjar
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdqcjQtMmpndy1obXY4
Command Injection in whereis
Ecosystems: npm
Packages: whereis
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEycWgtY2djMi1xaHIz
Directory Traversal in serve
Ecosystems: npm
Packages: serve
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2NmgtaHFtNC0ycmc2
Arbitrary File Write in adm-zip
Ecosystems: npm
Packages: adm-zip
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NHctNjk4Zi05Mjdm
Arbitrary File Write via Archive Extraction in unzipper
Ecosystems: npm
Packages: unzipper
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtNzctcTc0cC01NzYz
Path Traversal in superstatic
Ecosystems: npm
Packages: superstatic
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjNDgtNnBjdi04OHJt
Macro in MathJax running untrusted Javascript within a web browser
Ecosystems: npm
Packages: mathjax
Source: GitHub Advisory Database
Published: over 5 years ago
Statistics
Advisories: 17,221
Packages: 7,995
Repositories: 1,355
Ecosystems: 12
Filter by Package
parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 sequelize 16 directus 16 tinymce 14 swagger-ui 14 strapi 13 next 13 ckeditor4 13 ghost 13 vm2 12 marked 11 handlebars 11 angular 11 nodebb 11 undici 10 @evershop/evershop 9 tinymce/tinymce 9 TinyMCE 9 next-auth 9 serve 9 jquery 9 jquery-rails 9 org.webjars.npm:jquery 9 urijs 8 bootstrap 8 systeminformation 8 @strapi/strapi 8 steal 8 node-forge 8 npm 8 jsrsasign 8 joplin 8 url-parse 8 editor.md 8 validator 8 matrix-js-sdk 8 jQuery 8 hermes-engine 7 nocodb 7 tar 7 jquery-ui 7 matrix-react-sdk 7 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 total.js 7 lodash 7 shescape 7 snyk-broker 7 hapi 7 aaptjs 6 safe-eval 6 express-cart 6 rsshub 6 parse-url 6 sanitize-html 6 matrix-appservice-irc 6 public 5 rendertron 5 prismjs 5 sweetalert2 5 openpgp 5 total4 5 dojo 5 yarn 5 ua-parser-js 5 @strapi/plugin-users-permissions 5 keystone 5 lodash-es 5 auth0-lock 4 mermaid 4 apollo-server-core 4 valine 4 hummus 4 jsonwebtoken 4 ws 4 muhammara 4 generator-jhipster 4 vditor 4 fastify 4 vega 4 engine.io 4 moment 4 realms-shim 4 simple-git 4 safer-eval 4 axios 4 @keystone-6/core 4 katex 4 simple-markdown 4 apostrophe 4 materialize-css 4 mongo-express 4 dompurify 4 uptime-kuma 4 meshcentral 4 glance 4 xlsx 4 auth0-js 4 remarkable 4 ecstatic 4 @backstage/plugin-scaffolder-backend 4 ejs 4 qs 4 vite 4 aws-iot-device-sdk-v2 4 follow-redirects 4 mongoose 4 awsiotsdk 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 jose-node-cjs-runtime 3 node-jose 3 slpjs 3 grunt 3 notevil 3 xdLocalStorage 3 ses 3 fast-xml-parser 3 @uppy/companion 3 tough-cookie 3 mathjs 3 json-pointer 3 socket.io-file 3 convict 3 parsel 3 sails 3 jose-node-esm-runtime 3 mixme 3 highcharts 3 socket.io-parser 3 @vrite/sdk 3 @apollo/server 3 localhost-now 3 node-fetch 3 json-ptr 3 ftp-srv 3 mxgraph 3 node-opcua 3 postcss 3 nodemailer 3 @frangoteam/fuxa 3 fuxa-server 3 yapi-vendor 3 @strapi/utils 3 @backstage/techdocs-common 3 blamer 3 keycloak-connect 3 bootstrap 3 simplehttpserver 3 @ckeditor/ckeditor5-markdown-gfm 3 @sveltejs/kit 3 raneto 3 dojox 3 immer 3 xmldom 3 froala-editor 3 mysql 3 connect 3 jose 3 stimulsoft-dashboards-js 3 wrangler 3 ids-enterprise 3 nadesiko3 3 @materializecss/materialize 3 code-server 3 js-yaml 3 @soketi/soketi 3 bin-links 3 snyk 3 protobufjs 3 subtext 3 apollo-server 3 http-live-simulator 3 org.webjars.npm:xlsx 3 uap-core 3 @hapi/subtext 3 dns-sync 3 node-red-dashboard 3 bson 3 @commercial/subtext 3 slp-validate 3 jspdf 3 passport-wsfed-saml2 3 docsify 3 m-server 3 serialize-to-js 3 n8n 3 express-fileupload 3 @sequelize/core 3 feathers-sequelize 3 convert-svg-core 3 node-ipc 3 openmct 3 buttle 3 @cubejs-backend/api-gateway 3 locutus 3 typeorm 3
Filter by Repository
https://github.com/parse-community/parse-server 29 https://github.com/electron/electron 25 https://github.com/strapi/strapi 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/sequelize/sequelize 16 https://github.com/directus/directus 15 https://github.com/tinymce/tinymce 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/backstage/backstage 12 https://github.com/patriksimek/vm2 12 https://github.com/TryGhost/Ghost 11 https://github.com/ckeditor/ckeditor4 11 https://github.com/jquery/jquery 11 https://github.com/NodeBB/NodeBB 11 https://github.com/nodejs/undici 10 https://github.com/nextauthjs/next-auth 10 https://github.com/keystonejs/keystone 10 https://github.com/evershopcommerce/evershop 9 https://github.com/vercel/next.js 9 https://github.com/pandao/editor.md 8 https://github.com/matrix-org/matrix-js-sdk 8 https://github.com/laurent22/joplin 8 https://github.com/sebhildebrandt/systeminformation 8 https://github.com/kjur/jsrsasign 8 https://github.com/stealjs/steal 8 https://github.com/digitalbazaar/forge 8 https://github.com/apollographql/apollo-server 8 https://github.com/nocodb/nocodb 7 https://github.com/unshiftio/url-parse 7 https://github.com/lodash/lodash 7 https://github.com/matrix-org/matrix-react-sdk 7 https://github.com/ericcornelissen/shescape 7 https://github.com/twbs/bootstrap 7 https://github.com/shenzhim/aaptjs 6 https://github.com/npm/node-tar 6 https://github.com/DIYgod/RSSHub 6 https://github.com/matrix-org/matrix-appservice-irc 6 https://github.com/totaljs/framework 6 https://github.com/facebook/hermes 6 https://github.com/eclipse-theia/theia 6 https://github.com/jquery/jquery-ui 6 https://github.com/ionicabizau/parse-url 6 https://github.com/panva/jose 6 https://github.com/GoogleChrome/rendertron 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/openpgpjs/openpgpjs 5 https://github.com/vega/vega 5 https://github.com/gatsbyjs/gatsby 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/handlebars-lang/handlebars.js 5 https://github.com/markedjs/marked 5 https://github.com/npm/cli 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/socketio/engine.io 4 https://github.com/balderdashy/sails 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/auth0/lock 4 https://github.com/medialize/URI.js 4 https://github.com/auth0/node-jsonwebtoken 4 https://github.com/vitejs/vite 4 https://github.com/KaTeX/KaTeX 4 https://github.com/PrismJS/prism 4 https://github.com/medialize/uri.js 4 https://github.com/axios/axios 4 https://github.com/xCss/Valine 4 https://github.com/ofirdagan/cross-domain-local-storage 4 https://github.com/louislam/uptime-kuma 4 https://github.com/BlackFan/client-side-prototype-pollution 4 https://github.com/cloudflare/workers-sdk 4 https://github.com/apostrophecms/sanitize-html 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/hapijs/hapi 4 https://github.com/steveukx/git-js 4 https://github.com/angular/angular.js 4 https://github.com/fastify/fastify 4 https://github.com/jonschlinkert/remarkable 4 https://github.com/npm/npm 4 https://github.com/Ylianst/MeshCentral 4 https://github.com/follow-redirects/follow-redirects 4 https://github.com/yarnpkg/yarn 4 https://github.com/Dogfalo/materialize 4 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/typeorm/typeorm 3 https://github.com/moment/moment 3 https://github.com/mongodb/js-bson 3 https://github.com/zeit/next.js 3 https://github.com/mongo-express/mongo-express 3 https://github.com/dojo/dojox 3 https://github.com/transloadit/uppy 3 https://github.com/dojo/dojo 3 https://github.com/docsifyjs/docsify 3 https://github.com/skoranga/node-dns-sync 3 https://github.com/socketio/socket.io-parser 3 https://github.com/soketi/soketi 3 https://github.com/hapijs/subtext 3 https://github.com/manuelstofer/json-pointer 3 https://github.com/simpleledger/slpjs 3 https://github.com/Marak/colors.js 3 https://github.com/mariocasciaro/object-path 3 https://github.com/chjj/marked 3 https://github.com/cisco/node-jose 3 https://github.com/gruntjs/grunt 3 https://github.com/ckeditor/ckeditor5 3 https://github.com/highcharts/highcharts 3 https://github.com/clientIO/joint 3 https://github.com/salesforce/tough-cookie 3 https://github.com/mde/ejs 3 https://github.com/sveltejs/kit 3 https://github.com/beerpwn/CVE 3 https://github.com/cure53/DOMPurify 3 https://github.com/kujirahand/nadesiko3 3 https://github.com/mermaid-js/mermaid 3 https://github.com/immerjs/immer 3 https://github.com/RIAEvangelist/node-ipc 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/nasa/openmct 3 https://github.com/zestedesavoir/zmarkdown 3 https://github.com/websockets/ws 3 https://github.com/vendure-ecommerce/vendure 3 https://github.com/adaltas/node-mixme 3 https://github.com/node-fetch/node-fetch 3 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3 https://github.com/josdejong/mathjs 3 https://github.com/NaturalIntelligence/fast-xml-parser 3 https://github.com/vanessa219/vditor 3 https://github.com/jarofghosts/glance 3 https://github.com/YMFE/yapi 3 https://github.com/jquery-validation/jquery-validation 3 https://github.com/dwisiswant0/advisory 3 https://github.com/n8n-io/n8n 3 https://github.com/webpack/loader-utils 3 https://github.com/nodemailer/nodemailer 3 https://github.com/nodejs/llhttp 3 https://github.com/ua-parser/uap-core 3 https://github.com/postcss/postcss 3 https://github.com/mozilla/node-convict 3 https://github.com/apostrophecms/apostrophe 3 https://github.com/xmldom/xmldom 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/facebook/react 3 https://github.com/vriteio/vrite 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/node-opcua/node-opcua 3 https://github.com/MrRio/jsPDF 3 https://github.com/evangelion1204/multi-ini 2 https://github.com/senchalabs/connect 2 https://github.com/npm/npm-user-validate 2 https://github.com/semantic-release/semantic-release 2 https://github.com/mathjax/MathJax 2 https://github.com/fastify/fastify-reply-from 2 https://github.com/matrix-org/matrix-appservice-bridge 2 https://github.com/fastify/fastify-static 2 https://github.com/ethereum/web3.js 2 https://github.com/eta-dev/eta 2 https://github.com/cloudhead/node-static 2 https://github.com/codecov/codecov-node 2 https://github.com/sass/node-sass 2 https://github.com/fb55/css-what 2 https://github.com/google/closure-library 2 https://github.com/commenthol/safer-eval 2 https://github.com/builderio/qwik 2 https://github.com/mafintosh/is-my-json-valid 2 https://github.com/sindresorhus/semver-regex 2 https://github.com/caolan/forms 2 https://github.com/sindresorhus/is-svg 2 https://github.com/node-red/node-red 2 https://github.com/node-red/node-red-dashboard 2 https://github.com/node-saml/node-saml 2 https://github.com/cdr/code-server 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/node-saml/passport-saml 2 https://github.com/facebook/create-react-app 2 https://github.com/manvel-khnkoyan/jpv 2 https://github.com/simonh1000/angular-http-server 2 https://github.com/fastify/fastify-csrf 2 https://github.com/markdown-it/markdown-it 2 https://github.com/npm/arborist 2 https://github.com/nodeca/js-yaml 2 https://github.com/chocobozzz/peertube 2 https://github.com/chriso/validator.js 2 https://github.com/christian-bromann/rgb2hex 2 https://github.com/fastify/fastify-multipart 2 https://github.com/shelljs/shelljs 2 https://github.com/guardian/html-janitor 2 https://github.com/fastify/fastify-passport 2 https://github.com/galkahana/HummusJS 2 https://github.com/dfinity/agent-js 2 https://github.com/yhatt/jsx-slack 2 https://github.com/rabobank-blockchain/vp-toolkit 2 https://github.com/payloadcms/payload 2 https://github.com/Qwerios/madlib-object-utils 2 https://github.com/peerigon/angular-expressions 2 https://github.com/peterbraden/node-opencv 2 https://github.com/quilljs/quill 2 https://github.com/moment/moment-timezone 2 https://github.com/mrvautin/expressCart 2 https://github.com/dimpu/ngx-md 2 https://github.com/froala/wysiwyg-editor 2 https://github.com/punkave/sanitize-html 2