Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Loading...
Low
GSA_kwCzR0hTQS1tcnI4LXY0OXctMzMzM84AA0iP
sweetalert2 v11.6.14 and above contains potentially undesirable behavior
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1wdnJ3LWc2ZngtbWN4Ms4AA0Tj
is_js vulnerable to Regular Expression Denial of Service
Ecosystems: npm
Packages: is_js
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: 10 months ago
High
GSA_kwCzR0hTQS00dnJ2LTkzYzctbTkyas4AA0TJ
snyk Code Injection vulnerability
Ecosystems: npm
Packages: snyk
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1nbTY4LTU3MnAtcTI4cs4AA0Q9
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @vendure/admin-ui-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1nOHg1LXA5cWMtY2Y5Nc4AA0OQ
@fastify/oauth2 vulnerable to Cross Site Request Forgery due to reused Oauth2 state
Ecosystems: npm
Packages: @fastify/oauth2
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1oNzU1LThxcDktY3E4Nc4AA0Nr
protobufjs Prototype Pollution vulnerability
Ecosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 54.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03MnhmLWcydjQtcXZmM84AA0LC
tough-cookie Prototype Pollution vulnerability
Ecosystems: npm
Packages: tough-cookie
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1jZ2doLXBxNDUtNmg5eM4AA0Ks
llhttp vulnerable to HTTP request smuggling
Ecosystems: npm
Packages: llhttp
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollution
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tcmNqLTVxeHItdmhwMs4AA0Jz
angular-ui-notification Cross-site Scripting vulnerability
Ecosystems: npm
Packages: angular-ui-notification
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03Z3J3LXhmeDYtcWh4Ns4AA0Jx
Joplin Cross-site Scripting vulnerability
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00amp2LXA4eDktcnJmN84AA0Jy
Joplin Cross-site Scripting vulnerability
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 10 months ago
High
GSA_kwCzR0hTQS03cHgyLTNjMnAtcTR2NM4AA0Jj
flatnest Prototype Pollution vulnerability
Ecosystems: npm
Packages: flatnest
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1oNDJqLW1ybXAtOTM2Oc4AA0GE
git-commit-info vulnerable to Command Injection
Ecosystems: npm
Packages: git-commit-info
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yNTdxLXB2ODktdjN4ds4AA0D1
jQuery Cross Site Scripting vulnerability
Ecosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zZzdwLThxaHgtbWM4cs4AAz_2
Shescape potential environment variable exposure on Windows with CMD
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qOHhnLWZxZzMtNTNyN84AAz-j
word-wrap vulnerable to Regular Expression Denial of Service
Ecosystems: npm
Packages: word-wrap
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: 11 months ago
High
GSA_kwCzR0hTQS01d3JnLThmeHAtY3g5cs4AAz-a
passport-wsfed-saml2 Signature Bypass vulnerability
Ecosystems: npm
Packages: passport-wsfed-saml2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS13ZzZwLWptcGMteGptcs4AAz-Z
Backstage Scaffolder plugin has insecure sandbox
Ecosystems: npm
Packages: @backstage/plugin-scaffolder-backend
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: 11 months ago
High
GSA_kwCzR0hTQS03N2Z3LXJmNHYtdmZwOc4AAz-Y
passport-wsfed-saml2 vulnerable to Signature Bypass in SAML2 token
Ecosystems: npm
Packages: passport-wsfed-saml2
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jMnFmLXJ4amotcXFnd84AAz95
semver vulnerable to Regular Expression Denial of Service
Ecosystems: npm
Packages: semver
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03aGgzLTN4NjQtdjJnOc4AAz9x
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
Ecosystems: npm
Packages: remult
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yeDI4LXIyM3AtMnFjM84AAz8q
AWS CDK EKS overly permissive trust policies
Ecosystems: npm
Packages: @aws-cdk/aws-eks, aws-cdk-lib
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
Low
GSA_kwCzR0hTQS02OGpoLXJmNngtODM2Zs4AAz6F
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Ecosystems: npm
Packages: @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1ncHY1LTd4M2ctZ2hqds4AAz4I
fast-xml-parser regex vulnerability patch could be improved from a safety perspective
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qcXhyLXZqdnYtODk5bc4AAz2U
@keystone-6/auth Open Redirect vulnerability
Ecosystems: npm
Packages: @keystone-6/auth
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1nYzM0LTV2NDMtaDd2OM4AAz0l
nuxt Code Injection vulnerability
Ecosystems: npm
Packages: nuxt
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS14M2NjLXgzOXAtNDJxeM4AAzz_
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS01ZnA2LTR4dzMteHFxM84AAzyU
@keystone-6/core's bundled cuid package known to be insecure
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS04OXFtLWhtMngtbXhtM84AAzx1
progressbar.js vulnerable to Prototype Pollution
Ecosystems: npm
Packages: progressbar.js
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0zdzN3LXB4bW0tMncyas4AAzxu
crypto-js uses insecure random numbers
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 11 months ago
High
GSA_kwCzR0hTQS00Z3hmLWc1Z2YtMjJoNM4AAzxj
dottie vulnerable to Prototype Pollution
Ecosystems: npm
Packages: dottie
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1oNTN3LTdxdzctdmg1Y84AAzxg
Snowflake NodeJS Driver vulnerable to Command Injection
Ecosystems: npm
Packages: snowflake-sdk
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jNmY4LThyMjUtYzRnY84AAzxd
Gatsby develop server has Local File Inclusion vulnerability
Ecosystems: npm
Packages: gatsby
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 11 months ago
High
GSA_kwCzR0hTQS00ODgyLWh4cHItaHJ2bc4AAzxb
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme
Ecosystems: npm
Packages: @udecode/plate-link
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
High
GSA_kwCzR0hTQS02dzYzLWgzZmotcTR2d84AAzr7
fast-xml-parser vulnerable to Regex Injection via Doctype Entities
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 11 months ago
High
GSA_kwCzR0hTQS0zNTNmLTV4ZjQtcXc2N84AAzpR
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05cHJtLWpxd3gtNDV4Oc4AAzkR
Phishing attack vulnerability by uploading malicious HTML file
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1tajZwLTNwYzktd2Y1bc4AAzhf
proxy denial of service vulnerability
Ecosystems: npm
Packages: proxy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wMmZoLTJoMjMtNmdyZ84AAzhQ
antfu/utils vulnerable to prototype pollution
Ecosystems: npm
Packages: @antfu/utils
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
High
GSA_kwCzR0hTQS01NDloLXI3ZzktMnFwZs4AAzft
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function
Ecosystems: npm
Packages: n158
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 11 months ago
High
GSA_kwCzR0hTQS04dnczLXZ4bWotaDQzd84AAzfr
bwm-ng vulnerable to command injection
Ecosystems: npm
Packages: bwm-ng
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 11 months ago
High
GSA_kwCzR0hTQS13eHJ4LXBjNDQtcmNnY84AAzfs
keep-module-latest vulnerable to Command Injection due to missing input sanitization
Ecosystems: npm
Packages: keep-module-latest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05cXBqLXFxMnItNW1jY84AAzew
html inputs of type password recorded in plaintext when converted to text inputs
Ecosystems: npm
Packages: highlight.run
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 11 months ago
Critical
GSA_kwCzR0hTQS03Y2djLWZqdjQtNTJ4Ns4AAzdI
Malware in pre-build binaries of bignum
Ecosystems: npm
Packages: bignum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1jcW1qLTkyeGYtcjZyOc4AAzcU
Insufficient validation when decoding a Socket.IO packet
Ecosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04Nzc1LTVod3Ytd3I2ds4AAzbF
Potential for cross-site scripting in PostHog-js
Ecosystems: npm
Packages: posthog-js
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1teGhnLXJ2d3gteDk5M84AAzbC
Invalid push request payload crashes Parse Server
Ecosystems: npm
Packages: parse-server-push-adapter
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 months ago
High
GSA_kwCzR0hTQS14cDVnLWpoZzMtM3JnMs4AAzah
Double spend in snarkjs
Ecosystems: npm
Packages: snarkjs
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1wNWdjLWM1ODQtamo2ds4AAzXv
vm2 vulnerable to Inspect Manipulation
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS13aHBqLThmM3ctNjdwNc4AAzV1
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04dng2LTY5dmctYzQ2Zs4AAzT_
Buffer under-read in workerd
Ecosystems: npm
Packages: workerd
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1yOXh3LXA3d2otdzc5Ms4AAzQp
n8n Information Disclosure vulnerability
Ecosystems: npm
Packages: n8n
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 12 months ago
High
GSA_kwCzR0hTQS05N2NwLW1yNG0tOW1jZs4AAzQl
n8n Privilege Escalation vulnerability
Ecosystems: npm
Packages: n8n
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1wNTh4LTc3MzMtdnA5bc4AAzQr
n8n Directory Traversal vulnerability
Ecosystems: npm
Packages: n8n
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 12 months ago
High
GSA_kwCzR0hTQS12Y3hoLXF2Z3ItOWZ3Oc4AAzNm
m.static Directory Traversal vulnerability
Ecosystems: npm
Packages: m.static
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1nN3JqLXE3MjItMjQ1Z84AAzH0
jsreport vulnerable to code injection
Ecosystems: npm
Packages: jsreport
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 12 months ago
High
GSA_kwCzR0hTQS13Zjd4LWZoNnctMzRyNs4AAzGS
Path Traversal in Ghost
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qajQ1LTI0cnctdjZqd84AAzFc
Cross-site scripting in TotalJS
Ecosystems: npm
Packages: total4
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 1 year ago
High
GSA_kwCzR0hTQS1yOTdxLWdoY2gtODJqOc4AAzEw
Ghost vulnerable to information disclosure of private API fields
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xOW13LTY4YzItajZtNc4AAzEv
engine.io Uncaught Exception vulnerability
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nMzV4LWo2amotOGc3as4AAzD2
@mittwald/kubernetes's secret contents leaked via debug logging
Ecosystems: npm
Packages: @mittwald/kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14cTZqLXg4cHEtZzNncs4AAzDz
appium-desktop OS Command Injection vulnerability
Ecosystems: npm
Packages: appium-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NDdnLTM0YzUtdnZtOM4AAzC3
editor.md vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13d3hoLTc0ZngtMzNjNs4AAzCl
Possible prototype pollution in metadata record, when using meta decorator
Ecosystems: npm
Packages: @aedart/support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01NThwLW0zNG0tdnBtcc4AAy_o
Potential leak of authentication data to 3rd parties
Ecosystems: npm
Packages: typed-rest-client
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mNzM3LTNmaDYtamY2d84AAy_R
Prototype Pollution in vConsole
Ecosystems: npm
Packages: vconsole
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zNWpqLXZxY2YtZjJqZs4AAy-5
Hidden fields can be leaked on readable collections in Payload
Ecosystems: npm
Packages: payload
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jNTR3LTdqNWYteGc5OM4AAy-0
@builder.io/qwik-city Cross-Site Request Forgery vulnerability
Ecosystems: npm
Packages: @builder.io/qwik-city
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS14djgzLXg0NDMtN3Jtd84AAy9h
HTML injection in search results via plaintext message highlighting
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS13cThmLXhtcTMtNXZxOc4AAy8R
Remote code execution in broccoli-compass
Ecosystems: npm
Packages: broccoli-compass
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04OHFmLTVmM3YtcG02bc4AAy8U
Remote code execution in dawnsparks-node-tesseract
Ecosystems: npm
Packages: dawnsparks-node-tesseract
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mOXh2LXE5NjktcHF4NM4AAy8A
Uncaught Exception in yaml
Ecosystems: npm
Packages: yaml
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS00cjZoLTh2NnAteHZ3Ns4AAy7y
Prototype Pollution in sheetJS
Ecosystems: npm
Packages: xlsx
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS00bTNtLXBwdngteGd3Oc4AAy6_
Session fixation in fastify-passport
Ecosystems: npm
Packages: @fastify/passport
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yY2NmLWZmcmotbTRxd84AAy6-
CSRF token fixation in fastify-passport
Ecosystems: npm
Packages: @fastify/passport
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14NzdqLXc3d2YtZmptd84AAy5c
Nunjucks autoescape bypass leads to cross site scripting
Ecosystems: npm
Packages: nunjucks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xcmdmLTlncGMtdnJ4d84AAy5b
Bypass of CSRF protection in the presence of predictable userInfo
Ecosystems: npm
Packages: @fastify/csrf-protection
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oMnBtLTM3OGMtcGN4eM4AAy5Z
Path traversal vulnerability in gatsby-plugin-sharp
Ecosystems: npm
Packages: gatsby-plugin-sharp
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jaDNyLWo1eDMtNnEybc4AAy46
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45
GovernorCompatibilityBravo may trim proposal calldata
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scripting
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yaDg3LTRxMnctdjRoZs4AAy4o
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Ecosystems: npm
Packages: @strapi/plugin-email, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qanFmLWo0dzctOTJ3OM4AAy4n
Strapi leaking sensitive user information by filtering on private fields
Ecosystems: npm
Packages: @strapi/strapi
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01ODN4LTIzaDktZjV3N84AAy3y
Strapi does not verify the access or ID tokens issued during the OAuth flow
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04cGYzLTZmZ3ItM2czZ84AAy3P
`chainId` may be outdated if user changes chains as part of connection in @web3-react
Ecosystems: npm
Packages: @web3-react/walletconnect, @web3-react/metamask, @web3-react/eip1193, @web3-react/coinbase-wallet
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS14djNxLWpybW0tNGZ4ds4AAy3O
Authentication Bypass in @strapi/plugin-users-permissions
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mcDJ3LWc5MmctZmdxNM4AAy0_
@nuxtlabs/github-module made Use of Hard-coded Credentials
Ecosystems: npm
Packages: @nuxtlabs/github-module
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZzY3LXEzOWctcjc5cc4AAyyO
matrix-js-sdk vulnerable to invisible eavesdropping in group calls
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14ajcyLXd2ZnYtODk4Nc4AAyu7
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03OXhmLTY3cjQtcTJqas4AAyqY
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oY2czLTU2amYteDR2aM4AAyqc
safe-eval vulnerable to Prototype Pollution via the safeEval function
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03anhyLWNnN2YtZ3Bnds4AAyoQ
vm2 vulnerable to sandbox escape
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ndjdnLXg1OXgtd2Y4Zs4AAyoO
SvelteKit framework has Insufficient CSRF protection for CORS requests
Ecosystems: npm
Packages: @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03NzZmLXF4MjUtcTNjY84AAykj
xml2js is vulnerable to prototype pollution
Ecosystems: npm
Packages: xml2js
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xZ2hyLTg3N2gtZjlqaM4AAyiy
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
Ecosystems: npm
Packages: markdown-pdf
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS01cDc1LXZjNWctOHJ2Ms4AAyiw
SvelteKit vulnerable to Cross-Site Request Forgery
Ecosystems: npm
Packages: @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: about 1 year ago
Statistics
Advisories: 18,361
Packages: 8,293
Repositories: 1,394
Ecosystems: 12
Filter by Severity
Moderate 7,925 High 6,355 Critical 2,807 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,802 pypi 3,711 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 directus 16 sequelize 16 ghost 14 tinymce 14 swagger-ui 14 next 13 joplin 13 strapi 13 ckeditor4 13 vm2 12 undici 12 handlebars 11 nodebb 11 angular 11 marked 11 @evershop/evershop 9 serve 9 tinymce/tinymce 9 TinyMCE 9 jquery 9 next-auth 9 org.webjars.npm:jquery 9 jquery-rails 9 matrix-js-sdk 8 tar 8 node-forge 8 systeminformation 8 steal 8 npm 8 jQuery 8 @strapi/strapi 8 bootstrap 8 validator 8 urijs 8 express-cart 8 editor.md 8 jsrsasign 8 url-parse 8 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 shescape 7 sanitize-html 7 matrix-appservice-irc 7 hapi 7 jquery-ui 7 nocodb 7 lodash 7 uptime-kuma 7 total.js 7 matrix-react-sdk 7 hermes-engine 7 snyk-broker 7 parse-url 6 safe-eval 6 rsshub 6 aaptjs 6 ua-parser-js 5 rendertron 5 vditor 5 keystone 5 sweetalert2 5 prismjs 5 dojo 5 openpgp 5 ejs 5 yarn 5 mongoose 5 public 5 xlsx 5 total4 5 vite 5 lodash-es 5 @strapi/plugin-users-permissions 5 mongo-express 4 vega 4 valine 4 glance 4 moment 4 apostrophe 4 dompurify 4 safer-eval 4 @keystone-6/core 4 @backstage/plugin-scaffolder-backend 4 meshcentral 4 simple-markdown 4 axios 4 hummus 4 muhammara 4 remarkable 4 katex 4 jsonwebtoken 4 qs 4 follow-redirects 4 ws 4 engine.io 4 materialize-css 4 convert-svg-core 4 apollo-server-core 4 realms-shim 4 fastify 4 ecstatic 4 auth0-lock 4 auth0-js 4 simple-git 4 mysql2 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 generator-jhipster 4 mermaid 4 @strapi/utils 3 typeorm 3 keycloak-connect 3 xmldom 3 locutus 3 m-server 3 apollo-server 3 @cubejs-backend/api-gateway 3 code-server 3 @sequelize/core 3 nodemailer 3 mysql 3 postcss 3 wrangler 3 node-opcua 3 slp-validate 3 feathers-sequelize 3 jspdf 3 dns-sync 3 org.webjars.npm:xlsx 3 node-red-dashboard 3 mathjs 3 grunt 3 passport-wsfed-saml2 3 codecov 3 jointjs 3 node-jose 3 node-ipc 3 js-yaml 3 loader-utils 3 @backstage/techdocs-common 3 jquery-validation 3 n8n 3 object-path 3 protobufjs 3 http-live-simulator 3 notevil 3 ses 3 uap-core 3 socket.io-parser 3 froala-editor 3 docsify 3 tough-cookie 3 raneto 3 jose-node-cjs-runtime 3 jose-node-esm-runtime 3 ids-enterprise 3 @materializecss/materialize 3 libxmljs 3 sails 3 parsel 3 @uppy/companion 3 @ckeditor/ckeditor5-markdown-gfm 3 nadesiko3 3 convict 3 bootstrap 3 dojox 3 blamer 3 simplehttpserver 3 buttle 3 slpjs 3 @commercial/subtext 3 serialize-to-js 3 lodash.defaultsdeep 3 browserify-shim 3 fast-xml-parser 3 socket.io-file 3 @vrite/sdk 3 jose 3 snyk 3 connect 3 mixme 3 @soketi/soketi 3 json-ptr 3 localhost-now 3 openmct 3 highcharts 3 @sveltejs/kit 3 fuxa-server 3 ftp-srv 3 xdLocalStorage 3 bin-links 3 node-fetch 3 @apollo/server 3 subtext 3
Filter by Repository
https://github.com/parse-community/parse-server 29 https://github.com/electron/electron 25 https://github.com/strapi/strapi 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/sequelize/sequelize 16 https://github.com/directus/directus 15 https://github.com/tinymce/tinymce 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/patriksimek/vm2 12 https://github.com/jquery/jquery 11 https://github.com/NodeBB/NodeBB 11 https://github.com/nextauthjs/next-auth 10 https://github.com/keystonejs/keystone 10 https://github.com/evershopcommerce/evershop 9 https://github.com/vercel/next.js 9 https://github.com/pandao/editor.md 8 https://github.com/digitalbazaar/forge 8 https://github.com/sebhildebrandt/systeminformation 8 https://github.com/matrix-org/matrix-js-sdk 8 https://github.com/apollographql/apollo-server 8 https://github.com/stealjs/steal 8 https://github.com/kjur/jsrsasign 8 https://github.com/nocodb/nocodb 7 https://github.com/unshiftio/url-parse 7 https://github.com/ericcornelissen/shescape 7 https://github.com/louislam/uptime-kuma 7 https://github.com/twbs/bootstrap 7 https://github.com/matrix-org/matrix-appservice-irc 7 https://github.com/matrix-org/matrix-react-sdk 7 https://github.com/lodash/lodash 7 https://github.com/npm/node-tar 6 https://github.com/totaljs/framework 6 https://github.com/eclipse-theia/theia 6 https://github.com/DIYgod/RSSHub 6 https://github.com/facebook/hermes 6 https://github.com/jquery/jquery-ui 6 https://github.com/ionicabizau/parse-url 6 https://github.com/panva/jose 6 https://github.com/shenzhim/aaptjs 6 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/vitejs/vite 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/openpgpjs/openpgpjs 5 https://github.com/gatsbyjs/gatsby 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/markedjs/marked 5 https://github.com/npm/cli 5 https://github.com/apostrophecms/sanitize-html 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/handlebars-lang/handlebars.js 5 https://github.com/GoogleChrome/rendertron 5 https://github.com/vega/vega 5 https://github.com/ofirdagan/cross-domain-local-storage 4 https://github.com/angular/angular.js 4 https://github.com/cloudflare/workers-sdk 4 https://github.com/sidorares/node-mysql2 4 https://github.com/npm/npm 4 https://github.com/steveukx/git-js 4 https://github.com/socketio/engine.io 4 https://github.com/KaTeX/KaTeX 4 https://github.com/axios/axios 4 https://github.com/PrismJS/prism 4 https://github.com/xCss/Valine 4 https://github.com/mrvautin/expressCart 4 https://github.com/auth0/node-jsonwebtoken 4 https://github.com/follow-redirects/follow-redirects 4 https://github.com/balderdashy/sails 4 https://github.com/Dogfalo/materialize 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/auth0/lock 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/yarnpkg/yarn 4 https://github.com/Ylianst/MeshCentral 4 https://github.com/jonschlinkert/remarkable 4 https://github.com/medialize/URI.js 4 https://github.com/medialize/uri.js 4 https://github.com/mde/ejs 4 https://github.com/fastify/fastify 4 https://github.com/hapijs/hapi 4 https://github.com/node-opcua/node-opcua 3 https://github.com/hapijs/subtext 3 https://github.com/transloadit/uppy 3 https://github.com/nodemailer/nodemailer 3 https://github.com/node-fetch/node-fetch 3 https://github.com/facebook/react 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/highcharts/highcharts 3 https://github.com/nodejs/llhttp 3 https://github.com/sveltejs/kit 3 https://github.com/immerjs/immer 3 https://github.com/beerpwn/CVE 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/kujirahand/nadesiko3 3 https://github.com/libxmljs/libxmljs 3 https://github.com/RIAEvangelist/node-ipc 3 https://github.com/renovatebot/renovate 3 https://github.com/moment/moment 3 https://github.com/docsifyjs/docsify 3 https://github.com/mongodb/js-bson 3 https://github.com/dojo/dojo 3 https://github.com/dojo/dojox 3 https://github.com/mongo-express/mongo-express 3 https://github.com/mozilla/node-convict 3 https://github.com/dwisiswant0/advisory 3 https://github.com/postcss/postcss 3 https://github.com/MrRio/jsPDF 3 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3 https://github.com/n8n-io/n8n 3 https://github.com/nasa/openmct 3 https://github.com/neocotic/convert-svg 3 https://github.com/soketi/soketi 3 https://github.com/socketio/socket.io-parser 3 https://github.com/manuelstofer/json-pointer 3 https://github.com/skoranga/node-dns-sync 3 https://github.com/Marak/colors.js 3 https://github.com/chjj/marked 3 https://github.com/cisco/node-jose 3 https://github.com/ckeditor/ckeditor5 3 https://github.com/mariocasciaro/object-path 3 https://github.com/simpleledger/slpjs 3 https://github.com/clientIO/joint 3 https://github.com/gruntjs/grunt 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/cure53/DOMPurify 3 https://github.com/salesforce/tough-cookie 3 https://github.com/mermaid-js/mermaid 3 https://github.com/NaturalIntelligence/fast-xml-parser 3 https://github.com/zeit/next.js 3 https://github.com/jquery-validation/jquery-validation 3 https://github.com/websockets/ws 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/apostrophecms/apostrophe 3 https://github.com/webpack/loader-utils 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/jarofghosts/glance 3 https://github.com/adaltas/node-mixme 3 https://github.com/ua-parser/uap-core 3 https://github.com/vriteio/vrite 3 https://github.com/josdejong/mathjs 3 https://github.com/zestedesavoir/zmarkdown 3 https://github.com/vanessa219/vditor 3 https://github.com/Automattic/mongoose 3 https://github.com/vendure-ecommerce/vendure 3 https://github.com/xmldom/xmldom 3 https://github.com/typeorm/typeorm 3 https://github.com/YMFE/yapi 3 https://github.com/matrix-org/matrix-appservice-bridge 2 https://github.com/shelljs/shelljs 2 https://github.com/mathjax/MathJax 2 https://github.com/jsuites/jsuites 2 https://github.com/codecov/codecov-node 2 https://github.com/cloudhead/node-static 2 https://github.com/commenthol/safer-eval 2 https://github.com/commenthol/serialize-to-js 2 https://github.com/senchalabs/connect 2 https://github.com/semantic-release/semantic-release 2 https://github.com/vvakame/fs-git 2 https://github.com/peerigon/angular-expressions 2 https://github.com/ahdinosaur/set-in 2 https://github.com/peterbraden/node-opencv 2 https://github.com/josdejong/jsoneditor 2 https://github.com/mysqljs/mysql 2 https://github.com/cronvel/tree-kit 2 https://github.com/snyk/cli 2 https://github.com/karma-runner/karma 2 https://github.com/Finastra/ssr-pages 2 https://github.com/jonschlinkert/mixin-deep 2 https://github.com/manvel-khnkoyan/jpv 2 https://github.com/jwadhams/json-logic-js 2 https://github.com/justmoon/node-bignum 2 https://github.com/chocobozzz/peertube 2 https://github.com/chriso/validator.js 2 https://github.com/sindresorhus/semver-regex 2 https://github.com/christian-bromann/rgb2hex 2 https://github.com/sindresorhus/is-svg 2 https://github.com/yahoo/serialize-javascript 2 https://github.com/aFarkas/lazysizes 2 https://github.com/jonschlinkert/set-value 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/julianhille/MuhammaraJS 2 https://github.com/markdown-it/markdown-it 2 https://github.com/simonh1000/angular-http-server 2 https://github.com/marudor/libxmljs2 2 https://github.com/vivaxy/here 2 https://github.com/endojs/endo 2 https://github.com/Agoric/realms-shim 2 https://github.com/payloadcms/payload 2 https://github.com/guardian/html-janitor 2 https://github.com/jameswlane/status-board 2 https://github.com/amitmerchant1990/electron-markdownify 2 https://github.com/froala/wysiwyg-editor 2 https://github.com/mozilla/nunjucks 2 https://github.com/dfinity/agent-js 2 https://github.com/mithunsatheesh/node-rules 2