Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm Security Advisories
Loading...
Low
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1tcnI4LXY0OXctMzMzM84AA0iP
sweetalert2 v11.6.14 and above contains potentially undesirable behaviorEcosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
Ecosystems: npm
Packages: is_js
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: 10 months ago
GSA_kwCzR0hTQS1wdnJ3LWc2ZngtbWN4Ms4AA0Tj
is_js vulnerable to Regular Expression Denial of ServiceEcosystems: npm
Packages: is_js
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: 10 months ago
High
Ecosystems: npm
Packages: snyk
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 10 months ago
GSA_kwCzR0hTQS00dnJ2LTkzYzctbTkyas4AA0TJ
snyk Code Injection vulnerabilityEcosystems: npm
Packages: snyk
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: @vendure/admin-ui-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1nbTY4LTU3MnAtcTI4cs4AA0Q9
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerabilityEcosystems: npm
Packages: @vendure/admin-ui-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
Ecosystems: npm
Packages: @fastify/oauth2
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 10 months ago
GSA_kwCzR0hTQS1nOHg1LXA5cWMtY2Y5Nc4AA0OQ
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 stateEcosystems: npm
Packages: @fastify/oauth2
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 10 months ago
Critical
Ecosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 54.7
Published: 10 months ago
GSA_kwCzR0hTQS1oNzU1LThxcDktY3E4Nc4AA0Nr
protobufjs Prototype Pollution vulnerabilityEcosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 54.7
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: tough-cookie
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 10 months ago
GSA_kwCzR0hTQS03MnhmLWcydjQtcXZmM84AA0LC
tough-cookie Prototype Pollution vulnerabilityEcosystems: npm
Packages: tough-cookie
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 10 months ago
High
Ecosystems: npm
Packages: llhttp
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 months ago
GSA_kwCzR0hTQS1jZ2doLXBxNDUtNmg5eM4AA0Ks
llhttp vulnerable to HTTP request smugglingEcosystems: npm
Packages: llhttp
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 10 months ago
GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: angular-ui-notification
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
GSA_kwCzR0hTQS1tcmNqLTVxeHItdmhwMs4AA0Jz
angular-ui-notification Cross-site Scripting vulnerabilityEcosystems: npm
Packages: angular-ui-notification
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
GSA_kwCzR0hTQS03Z3J3LXhmeDYtcWh4Ns4AA0Jx
Joplin Cross-site Scripting vulnerabilityEcosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
GSA_kwCzR0hTQS00amp2LXA4eDktcnJmN84AA0Jy
Joplin Cross-site Scripting vulnerabilityEcosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
High
Ecosystems: npm
Packages: flatnest
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 10 months ago
GSA_kwCzR0hTQS03cHgyLTNjMnAtcTR2NM4AA0Jj
flatnest Prototype Pollution vulnerabilityEcosystems: npm
Packages: flatnest
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 10 months ago
Critical
Ecosystems: npm
Packages: git-commit-info
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
GSA_kwCzR0hTQS1oNDJqLW1ybXAtOTM2Oc4AA0GE
git-commit-info vulnerable to Command InjectionEcosystems: npm
Packages: git-commit-info
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
Moderate
Ecosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
GSA_kwCzR0hTQS0yNTdxLXB2ODktdjN4ds4AA0D1
jQuery Cross Site Scripting vulnerabilityEcosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
Low
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
GSA_kwCzR0hTQS0zZzdwLThxaHgtbWM4cs4AAz_2
Shescape potential environment variable exposure on Windows with CMDEcosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: word-wrap
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: 11 months ago
GSA_kwCzR0hTQS1qOHhnLWZxZzMtNTNyN84AAz-j
word-wrap vulnerable to Regular Expression Denial of ServiceEcosystems: npm
Packages: word-wrap
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: 11 months ago
High
Ecosystems: npm
Packages: passport-wsfed-saml2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS01d3JnLThmeHAtY3g5cs4AAz-a
passport-wsfed-saml2 Signature Bypass vulnerabilityEcosystems: npm
Packages: passport-wsfed-saml2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
Ecosystems: npm
Packages: @backstage/plugin-scaffolder-backend
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: 11 months ago
GSA_kwCzR0hTQS13ZzZwLWptcGMteGptcs4AAz-Z
Backstage Scaffolder plugin has insecure sandboxEcosystems: npm
Packages: @backstage/plugin-scaffolder-backend
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: 11 months ago
High
Ecosystems: npm
Packages: passport-wsfed-saml2
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 11 months ago
GSA_kwCzR0hTQS03N2Z3LXJmNHYtdmZwOc4AAz-Y
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 tokenEcosystems: npm
Packages: passport-wsfed-saml2
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: semver
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 11 months ago
GSA_kwCzR0hTQS1jMnFmLXJ4amotcXFnd84AAz95
semver vulnerable to Regular Expression Denial of ServiceEcosystems: npm
Packages: semver
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: remult
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 11 months ago
GSA_kwCzR0hTQS03aGgzLTN4NjQtdjJnOc4AAz9x
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by IdEcosystems: npm
Packages: remult
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: @aws-cdk/aws-eks, aws-cdk-lib
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 11 months ago
GSA_kwCzR0hTQS1yeDI4LXIyM3AtMnFjM84AAz8q
AWS CDK EKS overly permissive trust policiesEcosystems: npm
Packages: @aws-cdk/aws-eks, aws-cdk-lib
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific treesEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
Low
Ecosystems: npm
Packages: @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS02OGpoLXJmNngtODM2Zs4AAz6F
@apollo/server vulnerable to unsafe application of Content Security Policy via reused noncesEcosystems: npm
Packages: @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS1ncHY1LTd4M2ctZ2hqds4AAz4I
fast-xml-parser regex vulnerability patch could be improved from a safety perspectiveEcosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: @keystone-6/auth
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
GSA_kwCzR0hTQS1qcXhyLXZqdnYtODk5bc4AAz2U
@keystone-6/auth Open Redirect vulnerabilityEcosystems: npm
Packages: @keystone-6/auth
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
High
Ecosystems: npm
Packages: nuxt
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: 11 months ago
GSA_kwCzR0hTQS1nYzM0LTV2NDMtaDd2OM4AAz0l
nuxt Code Injection vulnerabilityEcosystems: npm
Packages: nuxt
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: 11 months ago
GSA_kwCzR0hTQS14M2NjLXgzOXAtNDJxeM4AAzz_
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute nameEcosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: 11 months ago
Low
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS01ZnA2LTR4dzMteHFxM84AAzyU
@keystone-6/core's bundled cuid package known to be insecureEcosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
Ecosystems: npm
Packages: progressbar.js
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 11 months ago
GSA_kwCzR0hTQS04OXFtLWhtMngtbXhtM84AAzx1
progressbar.js vulnerable to Prototype PollutionEcosystems: npm
Packages: progressbar.js
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 11 months ago
GSA_kwCzR0hTQS0zdzN3LXB4bW0tMncyas4AAzxu
crypto-js uses insecure random numbersEcosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 11 months ago
High
Ecosystems: npm
Packages: dottie
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 11 months ago
GSA_kwCzR0hTQS00Z3hmLWc1Z2YtMjJoNM4AAzxj
dottie vulnerable to Prototype PollutionEcosystems: npm
Packages: dottie
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 11 months ago
High
Ecosystems: npm
Packages: snowflake-sdk
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 11 months ago
GSA_kwCzR0hTQS1oNTN3LTdxdzctdmg1Y84AAzxg
Snowflake NodeJS Driver vulnerable to Command InjectionEcosystems: npm
Packages: snowflake-sdk
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: gatsby
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 11 months ago
GSA_kwCzR0hTQS1jNmY4LThyMjUtYzRnY84AAzxd
Gatsby develop server has Local File Inclusion vulnerabilityEcosystems: npm
Packages: gatsby
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 11 months ago
High
Ecosystems: npm
Packages: @udecode/plate-link
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 11 months ago
GSA_kwCzR0hTQS00ODgyLWh4cHItaHJ2bc4AAzxb
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` schemeEcosystems: npm
Packages: @udecode/plate-link
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunningEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
High
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 11 months ago
GSA_kwCzR0hTQS02dzYzLWgzZmotcTR2d84AAzr7
fast-xml-parser vulnerable to Regex Injection via Doctype EntitiesEcosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 11 months ago
High
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 11 months ago
GSA_kwCzR0hTQS0zNTNmLTV4ZjQtcXc2N84AAzpR
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 11 months ago
GSA_kwCzR0hTQS05cHJtLWpxd3gtNDV4Oc4AAzkR
Phishing attack vulnerability by uploading malicious HTML fileEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: proxy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS1tajZwLTNwYzktd2Y1bc4AAzhf
proxy denial of service vulnerabilityEcosystems: npm
Packages: proxy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: @antfu/utils
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
GSA_kwCzR0hTQS1wMmZoLTJoMjMtNmdyZ84AAzhQ
antfu/utils vulnerable to prototype pollutionEcosystems: npm
Packages: @antfu/utils
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
High
Ecosystems: npm
Packages: n158
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 11 months ago
GSA_kwCzR0hTQS01NDloLXI3ZzktMnFwZs4AAzft
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' functionEcosystems: npm
Packages: n158
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 11 months ago
High
Ecosystems: npm
Packages: bwm-ng
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 11 months ago
GSA_kwCzR0hTQS04dnczLXZ4bWotaDQzd84AAzfr
bwm-ng vulnerable to command injectionEcosystems: npm
Packages: bwm-ng
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 11 months ago
High
Ecosystems: npm
Packages: keep-module-latest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS13eHJ4LXBjNDQtcmNnY84AAzfs
keep-module-latest vulnerable to Command Injection due to missing input sanitizationEcosystems: npm
Packages: keep-module-latest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
Ecosystems: npm
Packages: highlight.run
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 11 months ago
GSA_kwCzR0hTQS05cXBqLXFxMnItNW1jY84AAzew
html inputs of type password recorded in plaintext when converted to text inputsEcosystems: npm
Packages: highlight.run
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 11 months ago
Critical
Ecosystems: npm
Packages: bignum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
GSA_kwCzR0hTQS03Y2djLWZqdjQtNTJ4Ns4AAzdI
Malware in pre-build binaries of bignumEcosystems: npm
Packages: bignum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
Ecosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: 12 months ago
GSA_kwCzR0hTQS1jcW1qLTkyeGYtcjZyOc4AAzcU
Insufficient validation when decoding a Socket.IO packetEcosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: 12 months ago
Moderate
Ecosystems: npm
Packages: posthog-js
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 12 months ago
GSA_kwCzR0hTQS04Nzc1LTVod3Ytd3I2ds4AAzbF
Potential for cross-site scripting in PostHog-jsEcosystems: npm
Packages: posthog-js
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 12 months ago
Moderate
Ecosystems: npm
Packages: parse-server-push-adapter
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 months ago
GSA_kwCzR0hTQS1teGhnLXJ2d3gteDk5M84AAzbC
Invalid push request payload crashes Parse ServerEcosystems: npm
Packages: parse-server-push-adapter
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 months ago
High
Ecosystems: npm
Packages: snarkjs
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: 12 months ago
GSA_kwCzR0hTQS14cDVnLWpoZzMtM3JnMs4AAzah
Double spend in snarkjsEcosystems: npm
Packages: snarkjs
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: 12 months ago
Moderate
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 12 months ago
GSA_kwCzR0hTQS1wNWdjLWM1ODQtamo2ds4AAzXv
vm2 vulnerable to Inspect ManipulationEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 12 months ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 12 months ago
GSA_kwCzR0hTQS13aHBqLThmM3ctNjdwNc4AAzV1
vm2 Sandbox Escape vulnerabilityEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 12 months ago
Moderate
Ecosystems: npm
Packages: workerd
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 12 months ago
GSA_kwCzR0hTQS04dng2LTY5dmctYzQ2Zs4AAzT_
Buffer under-read in workerdEcosystems: npm
Packages: workerd
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 12 months ago
High
Ecosystems: npm
Packages: n8n
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 12 months ago
GSA_kwCzR0hTQS1yOXh3LXA3d2otdzc5Ms4AAzQp
n8n Information Disclosure vulnerabilityEcosystems: npm
Packages: n8n
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 12 months ago
High
Ecosystems: npm
Packages: n8n
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: 12 months ago
GSA_kwCzR0hTQS05N2NwLW1yNG0tOW1jZs4AAzQl
n8n Privilege Escalation vulnerabilityEcosystems: npm
Packages: n8n
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: 12 months ago
Moderate
Ecosystems: npm
Packages: n8n
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 12 months ago
GSA_kwCzR0hTQS1wNTh4LTc3MzMtdnA5bc4AAzQr
n8n Directory Traversal vulnerabilityEcosystems: npm
Packages: n8n
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 12 months ago
High
Ecosystems: npm
Packages: m.static
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
GSA_kwCzR0hTQS12Y3hoLXF2Z3ItOWZ3Oc4AAzNm
m.static Directory Traversal vulnerabilityEcosystems: npm
Packages: m.static
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
Ecosystems: npm
Packages: jsreport
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 12 months ago
GSA_kwCzR0hTQS1nN3JqLXE3MjItMjQ1Z84AAzH0
jsreport vulnerable to code injectionEcosystems: npm
Packages: jsreport
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 12 months ago
High
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 12 months ago
GSA_kwCzR0hTQS13Zjd4LWZoNnctMzRyNs4AAzGS
Path Traversal in GhostEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 12 months ago
Moderate
Ecosystems: npm
Packages: total4
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 1 year ago
GSA_kwCzR0hTQS1qajQ1LTI0cnctdjZqd84AAzFc
Cross-site scripting in TotalJSEcosystems: npm
Packages: total4
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 1 year ago
High
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 1 year ago
GSA_kwCzR0hTQS1yOTdxLWdoY2gtODJqOc4AAzEw
Ghost vulnerable to information disclosure of private API fieldsEcosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: about 1 year ago
GSA_kwCzR0hTQS1xOW13LTY4YzItajZtNc4AAzEv
engine.io Uncaught Exception vulnerabilityEcosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @mittwald/kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 year ago
GSA_kwCzR0hTQS1nMzV4LWo2amotOGc3as4AAzD2
@mittwald/kubernetes's secret contents leaked via debug loggingEcosystems: npm
Packages: @mittwald/kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: appium-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS14cTZqLXg4cHEtZzNncs4AAzDz
appium-desktop OS Command Injection vulnerabilityEcosystems: npm
Packages: appium-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 1 year ago
GSA_kwCzR0hTQS04NDdnLTM0YzUtdnZtOM4AAzC3
editor.md vulnerable to Cross-site ScriptingEcosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 1 year ago
Low
Ecosystems: npm
Packages: @aedart/support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS13d3hoLTc0ZngtMzNjNs4AAzCl
Possible prototype pollution in metadata record, when using meta decoratorEcosystems: npm
Packages: @aedart/support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: typed-rest-client
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: about 1 year ago
GSA_kwCzR0hTQS01NThwLW0zNG0tdnBtcc4AAy_o
Potential leak of authentication data to 3rd partiesEcosystems: npm
Packages: typed-rest-client
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: vconsole
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: about 1 year ago
GSA_kwCzR0hTQS1mNzM3LTNmaDYtamY2d84AAy_R
Prototype Pollution in vConsoleEcosystems: npm
Packages: vconsole
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: about 1 year ago
High
Ecosystems: npm
Packages: payload
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 1 year ago
GSA_kwCzR0hTQS0zNWpqLXZxY2YtZjJqZs4AAy-5
Hidden fields can be leaked on readable collections in PayloadEcosystems: npm
Packages: payload
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @builder.io/qwik-city
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 1 year ago
GSA_kwCzR0hTQS1jNTR3LTdqNWYteGc5OM4AAy-0
@builder.io/qwik-city Cross-Site Request Forgery vulnerabilityEcosystems: npm
Packages: @builder.io/qwik-city
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 1 year ago
High
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
GSA_kwCzR0hTQS14djgzLXg0NDMtN3Jtd84AAy9h
HTML injection in search results via plaintext message highlightingEcosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: broccoli-compass
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 1 year ago
GSA_kwCzR0hTQS13cThmLXhtcTMtNXZxOc4AAy8R
Remote code execution in broccoli-compassEcosystems: npm
Packages: broccoli-compass
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: dawnsparks-node-tesseract
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS04OHFmLTVmM3YtcG02bc4AAy8U
Remote code execution in dawnsparks-node-tesseractEcosystems: npm
Packages: dawnsparks-node-tesseract
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
Ecosystems: npm
Packages: yaml
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: about 1 year ago
GSA_kwCzR0hTQS1mOXh2LXE5NjktcHF4NM4AAy8A
Uncaught Exception in yamlEcosystems: npm
Packages: yaml
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: about 1 year ago
High
Ecosystems: npm
Packages: xlsx
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: about 1 year ago
GSA_kwCzR0hTQS00cjZoLTh2NnAteHZ3Ns4AAy7y
Prototype Pollution in sheetJSEcosystems: npm
Packages: xlsx
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: about 1 year ago
High
Ecosystems: npm
Packages: @fastify/passport
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 1 year ago
GSA_kwCzR0hTQS00bTNtLXBwdngteGd3Oc4AAy6_
Session fixation in fastify-passportEcosystems: npm
Packages: @fastify/passport
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @fastify/passport
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 1 year ago
GSA_kwCzR0hTQS0yY2NmLWZmcmotbTRxd84AAy6-
CSRF token fixation in fastify-passportEcosystems: npm
Packages: @fastify/passport
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: nunjucks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS14NzdqLXc3d2YtZmptd84AAy5c
Nunjucks autoescape bypass leads to cross site scriptingEcosystems: npm
Packages: nunjucks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @fastify/csrf-protection
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: about 1 year ago
GSA_kwCzR0hTQS1xcmdmLTlncGMtdnJ4d84AAy5b
Bypass of CSRF protection in the presence of predictable userInfoEcosystems: npm
Packages: @fastify/csrf-protection
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: gatsby-plugin-sharp
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 year ago
GSA_kwCzR0hTQS1oMnBtLTM3OGMtcGN4eM4AAy5Z
Path traversal vulnerability in gatsby-plugin-sharpEcosystems: npm
Packages: gatsby-plugin-sharp
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
GSA_kwCzR0hTQS1jaDNyLWo1eDMtNnEybc4AAy46
vm2 Sandbox Escape vulnerabilityEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
High
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 year ago
GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45
GovernorCompatibilityBravo may trim proposal calldataEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 year ago
Low
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scriptingEcosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: @strapi/plugin-email, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 1 year ago
GSA_kwCzR0hTQS0yaDg3LTRxMnctdjRoZs4AAy4o
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions PluginEcosystems: npm
Packages: @strapi/plugin-email, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 1 year ago
High
Ecosystems: npm
Packages: @strapi/strapi
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 1 year ago
GSA_kwCzR0hTQS1qanFmLWo0dzctOTJ3OM4AAy4n
Strapi leaking sensitive user information by filtering on private fieldsEcosystems: npm
Packages: @strapi/strapi
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS01ODN4LTIzaDktZjV3N84AAy3y
Strapi does not verify the access or ID tokens issued during the OAuth flowEcosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @web3-react/walletconnect, @web3-react/metamask, @web3-react/eip1193, @web3-react/coinbase-wallet
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 1 year ago
GSA_kwCzR0hTQS04cGYzLTZmZ3ItM2czZ84AAy3P
`chainId` may be outdated if user changes chains as part of connection in @web3-reactEcosystems: npm
Packages: @web3-react/walletconnect, @web3-react/metamask, @web3-react/eip1193, @web3-react/coinbase-wallet
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 1 year ago
High
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 year ago
GSA_kwCzR0hTQS14djNxLWpybW0tNGZ4ds4AAy3O
Authentication Bypass in @strapi/plugin-users-permissionsEcosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: @nuxtlabs/github-module
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
GSA_kwCzR0hTQS1mcDJ3LWc5MmctZmdxNM4AAy0_
@nuxtlabs/github-module made Use of Hard-coded CredentialsEcosystems: npm
Packages: @nuxtlabs/github-module
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 year ago
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegatedEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 year ago
GSA_kwCzR0hTQS02ZzY3LXEzOWctcjc5cc4AAyyO
matrix-js-sdk vulnerable to invisible eavesdropping in group callsEcosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
GSA_kwCzR0hTQS14ajcyLXd2ZnYtODk4Nc4AAyu7
vm2 Sandbox Escape vulnerabilityEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
GSA_kwCzR0hTQS03OXhmLTY3cjQtcTJqas4AAyqY
safe-eval vulnerable to Sandbox Bypass due to improper input sanitizationEcosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
GSA_kwCzR0hTQS1oY2czLTU2amYteDR2aM4AAyqc
safe-eval vulnerable to Prototype Pollution via the safeEval functionEcosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
GSA_kwCzR0hTQS03anhyLWNnN2YtZ3Bnds4AAyoQ
vm2 vulnerable to sandbox escapeEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
High
Ecosystems: npm
Packages: @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: about 1 year ago
GSA_kwCzR0hTQS1ndjdnLXg1OXgtd2Y4Zs4AAyoO
SvelteKit framework has Insufficient CSRF protection for CORS requestsEcosystems: npm
Packages: @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: xml2js
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: about 1 year ago
GSA_kwCzR0hTQS03NzZmLXF4MjUtcTNjY84AAykj
xml2js is vulnerable to prototype pollutionEcosystems: npm
Packages: xml2js
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: about 1 year ago
High
Ecosystems: npm
Packages: markdown-pdf
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: about 1 year ago
GSA_kwCzR0hTQS1xZ2hyLTg3N2gtZjlqaM4AAyiy
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)Ecosystems: npm
Packages: markdown-pdf
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: about 1 year ago
High
Ecosystems: npm
Packages: @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: about 1 year ago
GSA_kwCzR0hTQS01cDc1LXZjNWctOHJ2Ms4AAyiw
SvelteKit vulnerable to Cross-Site Request ForgeryEcosystems: npm
Packages: @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: about 1 year ago
Statistics
Advisories: 18,361
Packages: 8,293
Repositories: 1,394
Ecosystems: 12
Packages: 8,293
Repositories: 1,394
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
29
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
directus
16
sequelize
16
ghost
14
tinymce
14
swagger-ui
14
next
13
joplin
13
strapi
13
ckeditor4
13
vm2
12
undici
12
handlebars
11
nodebb
11
angular
11
marked
11
@evershop/evershop
9
serve
9
tinymce/tinymce
9
TinyMCE
9
jquery
9
next-auth
9
org.webjars.npm:jquery
9
jquery-rails
9
matrix-js-sdk
8
tar
8
node-forge
8
systeminformation
8
steal
8
npm
8
jQuery
8
@strapi/strapi
8
bootstrap
8
validator
8
urijs
8
express-cart
8
editor.md
8
jsrsasign
8
url-parse
8
jquery-ui-rails
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
shescape
7
sanitize-html
7
matrix-appservice-irc
7
hapi
7
jquery-ui
7
nocodb
7
lodash
7
uptime-kuma
7
total.js
7
matrix-react-sdk
7
hermes-engine
7
snyk-broker
7
parse-url
6
safe-eval
6
rsshub
6
aaptjs
6
ua-parser-js
5
rendertron
5
vditor
5
keystone
5
sweetalert2
5
prismjs
5
dojo
5
openpgp
5
ejs
5
yarn
5
mongoose
5
public
5
xlsx
5
total4
5
vite
5
lodash-es
5
@strapi/plugin-users-permissions
5
mongo-express
4
vega
4
valine
4
glance
4
moment
4
apostrophe
4
dompurify
4
safer-eval
4
@keystone-6/core
4
@backstage/plugin-scaffolder-backend
4
meshcentral
4
simple-markdown
4
axios
4
hummus
4
muhammara
4
remarkable
4
katex
4
jsonwebtoken
4
qs
4
follow-redirects
4
ws
4
engine.io
4
materialize-css
4
convert-svg-core
4
apollo-server-core
4
realms-shim
4
fastify
4
ecstatic
4
auth0-lock
4
auth0-js
4
simple-git
4
mysql2
4
awsiotsdk
4
aws-iot-device-sdk-v2
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
generator-jhipster
4
mermaid
4
@strapi/utils
3
typeorm
3
keycloak-connect
3
xmldom
3
locutus
3
m-server
3
apollo-server
3
@cubejs-backend/api-gateway
3
code-server
3
@sequelize/core
3
nodemailer
3
mysql
3
postcss
3
wrangler
3
node-opcua
3
slp-validate
3
feathers-sequelize
3
jspdf
3
dns-sync
3
org.webjars.npm:xlsx
3
node-red-dashboard
3
mathjs
3
grunt
3
passport-wsfed-saml2
3
codecov
3
jointjs
3
node-jose
3
node-ipc
3
js-yaml
3
loader-utils
3
@backstage/techdocs-common
3
jquery-validation
3
n8n
3
object-path
3
protobufjs
3
http-live-simulator
3
notevil
3
ses
3
uap-core
3
socket.io-parser
3
froala-editor
3
docsify
3
tough-cookie
3
raneto
3
jose-node-cjs-runtime
3
jose-node-esm-runtime
3
ids-enterprise
3
@materializecss/materialize
3
libxmljs
3
sails
3
parsel
3
@uppy/companion
3
@ckeditor/ckeditor5-markdown-gfm
3
nadesiko3
3
convict
3
bootstrap
3
dojox
3
blamer
3
simplehttpserver
3
buttle
3
slpjs
3
@commercial/subtext
3
serialize-to-js
3
lodash.defaultsdeep
3
browserify-shim
3
fast-xml-parser
3
socket.io-file
3
@vrite/sdk
3
jose
3
snyk
3
connect
3
mixme
3
@soketi/soketi
3
json-ptr
3
localhost-now
3
openmct
3
highcharts
3
@sveltejs/kit
3
fuxa-server
3
ftp-srv
3
xdLocalStorage
3
bin-links
3
node-fetch
3
@apollo/server
3
subtext
3
Filter by Repository
https://github.com/parse-community/parse-server
29
https://github.com/electron/electron
25
https://github.com/strapi/strapi
21
https://github.com/OpenZeppelin/openzeppelin-contracts
20
https://github.com/sequelize/sequelize
16
https://github.com/directus/directus
15
https://github.com/tinymce/tinymce
14
https://github.com/swagger-api/swagger-ui
13
https://github.com/nodejs/undici
12
https://github.com/TryGhost/Ghost
12
https://github.com/backstage/backstage
12
https://github.com/laurent22/joplin
12
https://github.com/ckeditor/ckeditor4
12
https://github.com/patriksimek/vm2
12
https://github.com/jquery/jquery
11
https://github.com/NodeBB/NodeBB
11
https://github.com/nextauthjs/next-auth
10
https://github.com/keystonejs/keystone
10
https://github.com/evershopcommerce/evershop
9
https://github.com/vercel/next.js
9
https://github.com/pandao/editor.md
8
https://github.com/digitalbazaar/forge
8
https://github.com/sebhildebrandt/systeminformation
8
https://github.com/matrix-org/matrix-js-sdk
8
https://github.com/apollographql/apollo-server
8
https://github.com/stealjs/steal
8
https://github.com/kjur/jsrsasign
8
https://github.com/nocodb/nocodb
7
https://github.com/unshiftio/url-parse
7
https://github.com/ericcornelissen/shescape
7
https://github.com/louislam/uptime-kuma
7
https://github.com/twbs/bootstrap
7
https://github.com/matrix-org/matrix-appservice-irc
7
https://github.com/matrix-org/matrix-react-sdk
7
https://github.com/lodash/lodash
7
https://github.com/npm/node-tar
6
https://github.com/totaljs/framework
6
https://github.com/eclipse-theia/theia
6
https://github.com/DIYgod/RSSHub
6
https://github.com/facebook/hermes
6
https://github.com/jquery/jquery-ui
6
https://github.com/ionicabizau/parse-url
6
https://github.com/panva/jose
6
https://github.com/shenzhim/aaptjs
6
https://github.com/BlackFan/client-side-prototype-pollution
5
https://github.com/vitejs/vite
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/openpgpjs/openpgpjs
5
https://github.com/gatsbyjs/gatsby
5
https://github.com/faisalman/ua-parser-js
5
https://github.com/markedjs/marked
5
https://github.com/npm/cli
5
https://github.com/apostrophecms/sanitize-html
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/handlebars-lang/handlebars.js
5
https://github.com/GoogleChrome/rendertron
5
https://github.com/vega/vega
5
https://github.com/ofirdagan/cross-domain-local-storage
4
https://github.com/angular/angular.js
4
https://github.com/cloudflare/workers-sdk
4
https://github.com/sidorares/node-mysql2
4
https://github.com/npm/npm
4
https://github.com/steveukx/git-js
4
https://github.com/socketio/engine.io
4
https://github.com/KaTeX/KaTeX
4
https://github.com/axios/axios
4
https://github.com/PrismJS/prism
4
https://github.com/xCss/Valine
4
https://github.com/mrvautin/expressCart
4
https://github.com/auth0/node-jsonwebtoken
4
https://github.com/follow-redirects/follow-redirects
4
https://github.com/balderdashy/sails
4
https://github.com/Dogfalo/materialize
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/auth0/lock
4
https://github.com/jhipster/generator-jhipster
4
https://github.com/yarnpkg/yarn
4
https://github.com/Ylianst/MeshCentral
4
https://github.com/jonschlinkert/remarkable
4
https://github.com/medialize/URI.js
4
https://github.com/medialize/uri.js
4
https://github.com/mde/ejs
4
https://github.com/fastify/fastify
4
https://github.com/hapijs/hapi
4
https://github.com/node-opcua/node-opcua
3
https://github.com/hapijs/subtext
3
https://github.com/transloadit/uppy
3
https://github.com/nodemailer/nodemailer
3
https://github.com/node-fetch/node-fetch
3
https://github.com/facebook/react
3
https://github.com/infor-design/enterprise-ng
3
https://github.com/highcharts/highcharts
3
https://github.com/nodejs/llhttp
3
https://github.com/sveltejs/kit
3
https://github.com/immerjs/immer
3
https://github.com/beerpwn/CVE
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/kujirahand/nadesiko3
3
https://github.com/libxmljs/libxmljs
3
https://github.com/RIAEvangelist/node-ipc
3
https://github.com/renovatebot/renovate
3
https://github.com/moment/moment
3
https://github.com/docsifyjs/docsify
3
https://github.com/mongodb/js-bson
3
https://github.com/dojo/dojo
3
https://github.com/dojo/dojox
3
https://github.com/mongo-express/mongo-express
3
https://github.com/mozilla/node-convict
3
https://github.com/dwisiswant0/advisory
3
https://github.com/postcss/postcss
3
https://github.com/MrRio/jsPDF
3
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
3
https://github.com/n8n-io/n8n
3
https://github.com/nasa/openmct
3
https://github.com/neocotic/convert-svg
3
https://github.com/soketi/soketi
3
https://github.com/socketio/socket.io-parser
3
https://github.com/manuelstofer/json-pointer
3
https://github.com/skoranga/node-dns-sync
3
https://github.com/Marak/colors.js
3
https://github.com/chjj/marked
3
https://github.com/cisco/node-jose
3
https://github.com/ckeditor/ckeditor5
3
https://github.com/mariocasciaro/object-path
3
https://github.com/simpleledger/slpjs
3
https://github.com/clientIO/joint
3
https://github.com/gruntjs/grunt
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/cure53/DOMPurify
3
https://github.com/salesforce/tough-cookie
3
https://github.com/mermaid-js/mermaid
3
https://github.com/NaturalIntelligence/fast-xml-parser
3
https://github.com/zeit/next.js
3
https://github.com/jquery-validation/jquery-validation
3
https://github.com/websockets/ws
3
https://github.com/jfhbrook/node-ecstatic
3
https://github.com/apostrophecms/apostrophe
3
https://github.com/webpack/loader-utils
3
https://github.com/auth0/passport-wsfed-saml2
3
https://github.com/jarofghosts/glance
3
https://github.com/adaltas/node-mixme
3
https://github.com/ua-parser/uap-core
3
https://github.com/vriteio/vrite
3
https://github.com/josdejong/mathjs
3
https://github.com/zestedesavoir/zmarkdown
3
https://github.com/vanessa219/vditor
3
https://github.com/Automattic/mongoose
3
https://github.com/vendure-ecommerce/vendure
3
https://github.com/xmldom/xmldom
3
https://github.com/typeorm/typeorm
3
https://github.com/YMFE/yapi
3
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/shelljs/shelljs
2
https://github.com/mathjax/MathJax
2
https://github.com/jsuites/jsuites
2
https://github.com/codecov/codecov-node
2
https://github.com/cloudhead/node-static
2
https://github.com/commenthol/safer-eval
2
https://github.com/commenthol/serialize-to-js
2
https://github.com/senchalabs/connect
2
https://github.com/semantic-release/semantic-release
2
https://github.com/vvakame/fs-git
2
https://github.com/peerigon/angular-expressions
2
https://github.com/ahdinosaur/set-in
2
https://github.com/peterbraden/node-opencv
2
https://github.com/josdejong/jsoneditor
2
https://github.com/mysqljs/mysql
2
https://github.com/cronvel/tree-kit
2
https://github.com/snyk/cli
2
https://github.com/karma-runner/karma
2
https://github.com/Finastra/ssr-pages
2
https://github.com/jonschlinkert/mixin-deep
2
https://github.com/manvel-khnkoyan/jpv
2
https://github.com/jwadhams/json-logic-js
2
https://github.com/justmoon/node-bignum
2
https://github.com/chocobozzz/peertube
2
https://github.com/chriso/validator.js
2
https://github.com/sindresorhus/semver-regex
2
https://github.com/christian-bromann/rgb2hex
2
https://github.com/sindresorhus/is-svg
2
https://github.com/yahoo/serialize-javascript
2
https://github.com/aFarkas/lazysizes
2
https://github.com/jonschlinkert/set-value
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/julianhille/MuhammaraJS
2
https://github.com/markdown-it/markdown-it
2
https://github.com/simonh1000/angular-http-server
2
https://github.com/marudor/libxmljs2
2
https://github.com/vivaxy/here
2
https://github.com/endojs/endo
2
https://github.com/Agoric/realms-shim
2
https://github.com/payloadcms/payload
2
https://github.com/guardian/html-janitor
2
https://github.com/jameswlane/status-board
2
https://github.com/amitmerchant1990/electron-markdownify
2
https://github.com/froala/wysiwyg-editor
2
https://github.com/mozilla/nunjucks
2
https://github.com/dfinity/agent-js
2
https://github.com/mithunsatheesh/node-rules
2