Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0zZ3ZwLTU0djItMmpycM4AAyhx
Directus API vulnerable to denial of service
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13OTc0LXJxOXgtbWgzds4AAyhu
Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01cDg0LW1taDktcHhncs4AAyhy
Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1td3E4LWZqcGYtYzJncs4AAydt
Prototype pollution in matrix-js-sdk (part 2)
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ydnJmLWhmMjYtanJwNc4AAydT
angular vulnerable to regular expression denial of service via the angular.copy() utility
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycXF4LXc5aHItcTVneM4AAydS
angular vulnerable to regular expression denial of service via the $resource service
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xd3FoLWhtOW0tcDVocs4AAydR
angular vulnerable to regular expression denial of service via the <input type="url"> element
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS02ZzQzLTg4Y3AtdzVnds4AAyaU
Prototype pollution in matrix-react-sdk
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yeDljLXF3Z2YtOTR4cs4AAyX5
matrix-react-sdk Prototype pollution vulnerability
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yZnY5LXg3aGgteGMzMs4AAyX4
matrix-js-sdk Prototype Pollution vulnerability
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1nd3ZtLXZycDQtNHBwNc4AAyUN
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
Ecosystems: npm
Packages: angular-server-side-configuration
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04dmcyLXdmM3EtbXd2N84AAyQe
directus vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mcmpnLWc3NjctNzM2M84AAyPi
code-server vulnerable to Missing Origin Validation in WebSockets
Ecosystems: npm
Packages: code-server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS00N3BqLXEydm0tNDZ4Y84AAyLM
Collection.js vulnerable to Prototype Pollution
Ecosystems: npm
Packages: collection.js
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wOHA3LXgyODgtMjhnNs4AAyJl
Server-Side Request Forgery in Request
Ecosystems: npm
Packages: @cypress/request, request
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS0ycnE1LTY5OWoteDdwNs4AAyIl
Arbitrary local file read vulnerability during template rendering
Ecosystems: npm
Packages: swig, swig-templates
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS03cjd4LTRjNHEtYzRxZs4AAyE2
Missing proper state, nonce and PKCE checks for OAuth authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qcXY1LTd4cHgtcWo3NM4AAyEw
sqlite vulnerable to code execution due to Object coercion
Ecosystems: npm
Packages: sqlite3
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oYzZxLTJtcHAtcXc3as4AAyD3
Cross-realm object access in Webpack 5
Ecosystems: npm
Packages: webpack
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03OTV3LTc0MjYtbTk0as4AAyCB
stoqey/gnuplot is vulnerable to command injection
Ecosystems: npm
Packages: @stoqey/gnuplot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jeHgzLTM2cWMtbTZxbc4AAyAl
node-bluetooth is vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation
Ecosystems: npm
Packages: node-bluetooth
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05amgzLTRwYzktaHEyOc4AAyAn
node-bluetooth-serial-port is vulnerable to Buffer Overflow via the findSerialPortChannel
Ecosystems: npm
Packages: node-bluetooth-serial-port
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05d2Y5LXF2dnAtMjkyOc4AAyAc
builderio/qwik is vulnerable to code injection
Ecosystems: npm
Packages: @builder.io/qwik
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tNXEzLTh3Z2YteDh4Zs4AAyAB
Directus vulnerable to extraction of password hashes through export querying
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS00aG1xLWdncm0tcWZjNs4AAx-d
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00anB2LThyNTctcHY3as4AAx8Q
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
Ecosystems: npm
Packages: @nestjs/core
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ybWhnLTJjdnYtcTd2eM4AAx8U
dot-lens vulnerable to Prototype Pollution
Ecosystems: npm
Packages: dot-lens
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS01Zzk3LXdoYzktOGc3as4AAx8P
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
Ecosystems: npm
Packages: @nubosoftware/node-static, node-static
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NzIyLXh2cTgtMzI1NM4AAx8O
SketchSVG Arbitrary Code Injection vulnerability
Ecosystems: npm
Packages: sketchsvg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02N2o0LTJtaDYtODYyN84AAx7w
json-logic-js Command Injection vulnerability
Ecosystems: npm
Packages: json-logic-js
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qM3JnLTNyZ20tNTM3aM4AAx7Z
Directus vulnerable to Server-Side Request Forgery On File Import
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E
OpenZeppelin Contracts contains Incorrect Calculation
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jcDQ3LXIyNTgtcTYyNs4AAx6k
Vega vulnerable to arbitrary code execution when clicking href links
Ecosystems: npm
Packages: vega
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01OWZxLTcyN2otaG0zZs4AAx6i
keycloak-connect contains Open redirect vulnerability in the Node.js adapter
Ecosystems: npm
Packages: keycloak-connect
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00dnE3LTg4Mmctd2NnNM4AAx6g
Vega Expression Language `scale` expression function Cross Site Scripting
Ecosystems: npm
Packages: vega, vega-functions
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NW0zLXhoNzUtbXA1Nc4AAx6f
Vega has Cross-site Scripting vulnerability in `lassoAppend` function
Ecosystems: npm
Packages: vega-functions, vega
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zMmdyLTRjcTYtNXc1cc4AAx5M
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 1 year ago
Low
GSA_kwCzR0hTQS02cThtLTQycXEtNjRyN84AAx4s
Imperative CLI vulnerable to Command Injection
Ecosystems: npm
Packages: @zowe/imperative
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS13eGZqLTg0eGYtN2d4ds4AAx2l
mde utilities contains Prototype Pollution
Ecosystems: npm
Packages: utilities
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS04MjM3LTNxNWctOTlmds4AAxzz
Denial of Service vulnerability in lite-web-server
Ecosystems: npm
Packages: lite-web-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wMmhwLTN3djMtNHc3NM4AAxzi
ecdh vulnerable to Exposure of Resource to Wrong Sphere
Ecosystems: npm
Packages: ecdh
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mNTk4LW1mcHYtZ21meM4AAxzf
Sequelize - Default support for “raw attributes” when using parentheses
Ecosystems: npm
Packages: sequelize, @sequelize/core
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NXJwLW1ocWYtOGdqM84AAxy9
rangy vulnerable to Prototype Pollution
Ecosystems: npm
Packages: rangy
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xOGdnLXZqNm0taGdtas4AAxy7
@braintree/sanitize-url Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @braintree/sanitize-url
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12cWZ4LWdqOTYtM3c5Nc4AAxyK
Unsafe fall-through in getWhereConditions
Ecosystems: npm
Packages: @sequelize/core, sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS13cmg5LWNqdjMtMmhwd84AAxxu
Sequelize vulnerable to SQL Injection via replacements
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1majc4LTJ2YzUtZjZjbc4AAxw6
Versionn Command Injection Vulnerability
Ecosystems: npm
Packages: versionn
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03aDR3LTZwOTgtcjN3eM4AAxwe
textAngular Cross-site Scripting vulnerability
Ecosystems: npm
Packages: textangular
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oNjg1LTgzdzQtM3BoM84AAxwf
iziModal Cross-site Scripting vulnerability
Ecosystems: npm
Packages: izimodal
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NjVmLW14eGgtZ3JjNM4AAxwo
Baremetrics date range picker vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: baremetrics-calendar
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12Zm1wLTk5OTktNndxas4AAxwh
Vditor Cross-site Scripting vulnerability
Ecosystems: npm
Packages: vditor
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jcmg1LXZ2MnYtYzgycc4AAxvj
@claviska/jquery-minicolors vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @claviska/jquery-minicolors
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nOXBoLXI5aGMtMzRyOM4AAxva
Erxes vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: erxes
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tMjJxLTk3cDUtNzl2Ms4AAxvi
Mind-elixir Cross-site Scripting vulnerability
Ecosystems: npm
Packages: mind-elixir
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mOGh2LXJ4OXAtZjlyNM4AAxvG
generator-hottowel Cross-site Scripting vulnerability
Ecosystems: npm
Packages: generator-hottowel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xODJoLXE0N2otZjQ5Ms4AAxuf
Cross-site Scripting in jspreadsheet
Ecosystems: npm
Packages: jspreadsheet-ce
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01cjlnLXFoNm0tanhmZs4AAxq9
CRLF Injection in Nodejs ‘undici’ via host
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yNmNoLW1xZjktcWM5d84AAxq-
Regular Expression Denial of Service in Headers
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS01aDRqLXFydmctOXhod84AAxq8
Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)
Ecosystems: npm
Packages: node-jose
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qMndoLXdydjMtNHg0Z84AAxq7
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
Ecosystems: npm
Packages: @graphql-mesh/http, @graphql-mesh/cli
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04YzI1LWYzbWotdjZoOM4AAxqp
Sequelize information disclosure vulnerability
Ecosystems: npm
Packages: @sequelize/core, sequelize
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ocHAyLTJjcjUtcGY2Z84AAxo9
Denial of service due to unlimited number of parts
Ecosystems: npm
Packages: @fastify/multipart
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03aHY4LTNmcjktajJods4AAxo8
Cross site scripting Vulnerability in backstage Software Catalog
Ecosystems: npm
Packages: @backstage/plugin-catalog-backend, @backstage/catalog-model, @backstage/core-components
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01amNyLTgyZmgtMzM5ds4AAxmS
Cross-Site-Scripting attack on `<RichTextField>`
Ecosystems: npm
Packages: ra-ui-materialui, react-admin
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zaGpoLTVoZ3gtZjV3aM4AAxkv
Path traversal vulnerability in glance
Ecosystems: npm
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qNTMzLTJnOHYtcG1wZ84AAxkV
Regular Expression Denial of Service in simple-markdown
Ecosystems: npm
Packages: simple-markdown
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ncHZqLWdwOGMtYzdwMs4AAxkL
Regular Expression Denial of Service in simple-markdown
Ecosystems: npm
Packages: simple-markdown
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jMmpjLTRmcHItNHZoZ84AAxfy
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability
Ecosystems: npm
Packages: @sideway/formula
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wYzJxLWpjeHEtcmpycs4AAxfT
Sensitive Information leak via Script File in TinaCMS
Ecosystems: npm
Packages: @tinacms/cli
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yajdtLTJwM2ctZmp4Z84AAxba
create-choo-app3 is vulnerable to Command Injection via the devInstall function
Ecosystems: npm
Packages: create-choo-app3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS04aDNnLWhjd3AtNmh4cc4AAxbb
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
Ecosystems: npm
Packages: semver-tags
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wOXc4LTJtcHEtNDloOc4AAxaw
is-url Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: is-url
Source: GitHub Advisory Database
Blast Radius: 41.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS13cXh3LThoNWctaHE1Ns4AAxVm
Switcher Client contains Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: switcher-client
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS01aDhjLThjY3AtOGdtaM4AAxUM
mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: mt7688-wiscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yMjc1LXJwZjUteHY4aM4AAxUK
is-http2 vulnerable to Improper Input Validation
Ecosystems: npm
Packages: is-http2
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS14cmg3LW01cHAtMzlyNs4AAxTf
XSS Attack with Express API
Ecosystems: npm
Packages: eta
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe
Parse Server option `masterKeyIps` vulnerability to IP spoofing
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNmMyLTg3OXItamZmaM4AAxTP
Joplin Desktop App vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yYzQ3LTY2NjctMmo1as4AAxS-
http-cache-semantics vulnerable to Regular Expression Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:http-cache-semantics, http-cache-semantics
Source: GitHub Advisory Database
Blast Radius: 46.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jNnJ4LWd4cXYtdnI1as4AAxTA
nemo-appium vulnerable to OS Command Injection
Ecosystems: npm
Packages: nemo-appium
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yNGhnLTRjcHEtcTU3Y84AAxS9
jSuites subect to Cross-site Scripting
Ecosystems: npm
Packages: jsuites
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tZjZ4LWhyZ3ItNjU4Zs4AAxPw
Eta vulnerable to Code Injection via templates rendered with user-defined data
Ecosystems: npm
Packages: eta
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS04OHY4LXY0NmctNmM5d84AAxPx
Servst vulnerable to Path Traversal
Ecosystems: npm
Packages: servst
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zNmZoLTg0ajctY3Y1aM4AAxPh
JSZip contains Path Traversal via loadAsync
Ecosystems: npm
Packages: jszip
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00anF3LXZmbWotOXJtaM4AAxMd
Cross-site Scripting in yapi-vendor
Ecosystems: npm
Packages: yapi-vendor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS01cXE0LW02YzMteHhtZs4AAxMF
Directory Traversal vulnerability in serve-lite
Ecosystems: npm
Packages: serve-lite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02OWYyLTQzNzUtcXY5aM4AAxMO
Command injection in smartctl
Ecosystems: npm
Packages: smartctl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qOHdyLWZ3ZjItdnZyOc4AAxM9
Command Injection in create-choo-electron
Ecosystems: npm
Packages: create-choo-electron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01NGp3LWpxcjktNmNqOc4AAxM2
Command injection in vagrant.js
Ecosystems: npm
Packages: vagrant.js
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05dzVqLTRtd3YtMndqOM4AAxNC
Remote code execution in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qOHg3LXFjdzQteHg4Nc4AAxM5
Cross-site Scripting (XSS) in serve-lite
Ecosystems: npm
Packages: serve-lite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nNXFyLXhnZzctOHEyd84AAxND
Command Injection in puppet-facter
Ecosystems: npm
Packages: puppet-facter
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1maGc3LW04OXEtMjVyM84AAxIw
ReDoS Vulnerability in ua-parser-js version
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14NzN3LWc4aHgtdjdycM4AAxGk
Code injection in electerm
Ecosystems: npm
Packages: electerm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1obTdmLXJxN3Etajl4cM4AAxFC
@builder.io/qwik vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @builder.io/qwik
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNDUyLTc5OTYtaDQ1aM4AAxDY
cookiejar Regular Expression Denial of Service via Cookie.parse function
Ecosystems: maven, npm
Packages: org.webjars.npm:cookiejar, cookiejar
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xam03LTU1dnYtM2M1Zs4AAxDO
mel-spintax has Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: mel-spintax
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zZndxLXF2NXYtMnd4Zs4AAxDR
Path Traversal in web-node-server
Ecosystems: npm
Packages: web-node-server
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jcmhnLXhncmctdnZjY84AAw-o
a12nserver vulnerable to potential SQL Injections via Knex dependency
Ecosystems: npm
Packages: @curveball/a12n-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12dmozLTg1dmYtZmdtd84AAw93
global-modules-path Command Injection vulnerability
Ecosystems: npm
Packages: global-modules-path
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: over 1 year ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 1,394
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 directus 16 sequelize 16 ghost 14 tinymce 14 swagger-ui 14 next 13 joplin 13 strapi 13 ckeditor4 13 vm2 12 undici 12 handlebars 11 nodebb 11 angular 11 marked 11 @evershop/evershop 9 serve 9 tinymce/tinymce 9 TinyMCE 9 jquery 9 next-auth 9 org.webjars.npm:jquery 9 jquery-rails 9 matrix-js-sdk 8 tar 8 node-forge 8 systeminformation 8 steal 8 npm 8 jQuery 8 @strapi/strapi 8 bootstrap 8 validator 8 urijs 8 express-cart 8 editor.md 8 jsrsasign 8 url-parse 8 jquery-ui-rails 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 shescape 7 sanitize-html 7 matrix-appservice-irc 7 hapi 7 jquery-ui 7 nocodb 7 lodash 7 uptime-kuma 7 total.js 7 matrix-react-sdk 7 hermes-engine 7 snyk-broker 7 parse-url 6 safe-eval 6 rsshub 6 aaptjs 6 ua-parser-js 5 rendertron 5 vditor 5 keystone 5 sweetalert2 5 prismjs 5 dojo 5 openpgp 5 ejs 5 yarn 5 mongoose 5 public 5 xlsx 5 total4 5 vite 5 lodash-es 5 @strapi/plugin-users-permissions 5 mongo-express 4 vega 4 valine 4 glance 4 moment 4 apostrophe 4 dompurify 4 safer-eval 4 @keystone-6/core 4 @backstage/plugin-scaffolder-backend 4 meshcentral 4 simple-markdown 4 axios 4 hummus 4 muhammara 4 remarkable 4 katex 4 jsonwebtoken 4 qs 4 follow-redirects 4 ws 4 engine.io 4 materialize-css 4 convert-svg-core 4 apollo-server-core 4 realms-shim 4 fastify 4 ecstatic 4 auth0-lock 4 auth0-js 4 simple-git 4 mysql2 4 awsiotsdk 4 aws-iot-device-sdk-v2 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 generator-jhipster 4 mermaid 4 @strapi/utils 3 typeorm 3 keycloak-connect 3 xmldom 3 locutus 3 m-server 3 apollo-server 3 @cubejs-backend/api-gateway 3 code-server 3 @sequelize/core 3 nodemailer 3 mysql 3 postcss 3 wrangler 3 node-opcua 3 slp-validate 3 feathers-sequelize 3 jspdf 3 dns-sync 3 org.webjars.npm:xlsx 3 node-red-dashboard 3 mathjs 3 grunt 3 passport-wsfed-saml2 3 codecov 3 jointjs 3 node-jose 3 node-ipc 3 js-yaml 3 loader-utils 3 @backstage/techdocs-common 3 jquery-validation 3 n8n 3 object-path 3 protobufjs 3 http-live-simulator 3 notevil 3 ses 3 uap-core 3 socket.io-parser 3 froala-editor 3 docsify 3 tough-cookie 3 raneto 3 jose-node-cjs-runtime 3 jose-node-esm-runtime 3 ids-enterprise 3 @materializecss/materialize 3 libxmljs 3 sails 3 parsel 3 @uppy/companion 3 @ckeditor/ckeditor5-markdown-gfm 3 nadesiko3 3 convict 3 bootstrap 3 dojox 3 blamer 3 simplehttpserver 3 buttle 3 slpjs 3 @commercial/subtext 3 serialize-to-js 3 lodash.defaultsdeep 3 browserify-shim 3 fast-xml-parser 3 socket.io-file 3 @vrite/sdk 3 jose 3 snyk 3 connect 3 mixme 3 @soketi/soketi 3 json-ptr 3 localhost-now 3 openmct 3 highcharts 3 @sveltejs/kit 3 fuxa-server 3 ftp-srv 3 xdLocalStorage 3 bin-links 3 node-fetch 3 @apollo/server 3 subtext 3
Filter by Repository
https://github.com/parse-community/parse-server 29 https://github.com/electron/electron 25 https://github.com/strapi/strapi 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/sequelize/sequelize 16 https://github.com/directus/directus 15 https://github.com/tinymce/tinymce 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/patriksimek/vm2 12 https://github.com/jquery/jquery 11 https://github.com/NodeBB/NodeBB 11 https://github.com/nextauthjs/next-auth 10 https://github.com/keystonejs/keystone 10 https://github.com/evershopcommerce/evershop 9 https://github.com/vercel/next.js 9 https://github.com/pandao/editor.md 8 https://github.com/digitalbazaar/forge 8 https://github.com/sebhildebrandt/systeminformation 8 https://github.com/matrix-org/matrix-js-sdk 8 https://github.com/apollographql/apollo-server 8 https://github.com/stealjs/steal 8 https://github.com/kjur/jsrsasign 8 https://github.com/nocodb/nocodb 7 https://github.com/unshiftio/url-parse 7 https://github.com/ericcornelissen/shescape 7 https://github.com/louislam/uptime-kuma 7 https://github.com/twbs/bootstrap 7 https://github.com/matrix-org/matrix-appservice-irc 7 https://github.com/matrix-org/matrix-react-sdk 7 https://github.com/lodash/lodash 7 https://github.com/npm/node-tar 6 https://github.com/totaljs/framework 6 https://github.com/eclipse-theia/theia 6 https://github.com/DIYgod/RSSHub 6 https://github.com/facebook/hermes 6 https://github.com/jquery/jquery-ui 6 https://github.com/ionicabizau/parse-url 6 https://github.com/panva/jose 6 https://github.com/shenzhim/aaptjs 6 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/vitejs/vite 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/openpgpjs/openpgpjs 5 https://github.com/gatsbyjs/gatsby 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/markedjs/marked 5 https://github.com/npm/cli 5 https://github.com/apostrophecms/sanitize-html 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/handlebars-lang/handlebars.js 5 https://github.com/GoogleChrome/rendertron 5 https://github.com/vega/vega 5 https://github.com/ofirdagan/cross-domain-local-storage 4 https://github.com/angular/angular.js 4 https://github.com/cloudflare/workers-sdk 4 https://github.com/sidorares/node-mysql2 4 https://github.com/npm/npm 4 https://github.com/steveukx/git-js 4 https://github.com/socketio/engine.io 4 https://github.com/KaTeX/KaTeX 4 https://github.com/axios/axios 4 https://github.com/PrismJS/prism 4 https://github.com/xCss/Valine 4 https://github.com/mrvautin/expressCart 4 https://github.com/auth0/node-jsonwebtoken 4 https://github.com/follow-redirects/follow-redirects 4 https://github.com/balderdashy/sails 4 https://github.com/Dogfalo/materialize 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/auth0/lock 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/yarnpkg/yarn 4 https://github.com/Ylianst/MeshCentral 4 https://github.com/jonschlinkert/remarkable 4 https://github.com/medialize/URI.js 4 https://github.com/medialize/uri.js 4 https://github.com/mde/ejs 4 https://github.com/fastify/fastify 4 https://github.com/hapijs/hapi 4 https://github.com/node-opcua/node-opcua 3 https://github.com/hapijs/subtext 3 https://github.com/transloadit/uppy 3 https://github.com/nodemailer/nodemailer 3 https://github.com/node-fetch/node-fetch 3 https://github.com/facebook/react 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/highcharts/highcharts 3 https://github.com/nodejs/llhttp 3 https://github.com/sveltejs/kit 3 https://github.com/immerjs/immer 3 https://github.com/beerpwn/CVE 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/kujirahand/nadesiko3 3 https://github.com/libxmljs/libxmljs 3 https://github.com/RIAEvangelist/node-ipc 3 https://github.com/renovatebot/renovate 3 https://github.com/moment/moment 3 https://github.com/docsifyjs/docsify 3 https://github.com/mongodb/js-bson 3 https://github.com/dojo/dojo 3 https://github.com/dojo/dojox 3 https://github.com/mongo-express/mongo-express 3 https://github.com/mozilla/node-convict 3 https://github.com/dwisiswant0/advisory 3 https://github.com/postcss/postcss 3 https://github.com/MrRio/jsPDF 3 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3 https://github.com/n8n-io/n8n 3 https://github.com/nasa/openmct 3 https://github.com/neocotic/convert-svg 3 https://github.com/soketi/soketi 3 https://github.com/socketio/socket.io-parser 3 https://github.com/manuelstofer/json-pointer 3 https://github.com/skoranga/node-dns-sync 3 https://github.com/Marak/colors.js 3 https://github.com/chjj/marked 3 https://github.com/cisco/node-jose 3 https://github.com/ckeditor/ckeditor5 3 https://github.com/mariocasciaro/object-path 3 https://github.com/simpleledger/slpjs 3 https://github.com/clientIO/joint 3 https://github.com/gruntjs/grunt 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/cure53/DOMPurify 3 https://github.com/salesforce/tough-cookie 3 https://github.com/mermaid-js/mermaid 3 https://github.com/NaturalIntelligence/fast-xml-parser 3 https://github.com/zeit/next.js 3 https://github.com/jquery-validation/jquery-validation 3 https://github.com/websockets/ws 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/apostrophecms/apostrophe 3 https://github.com/webpack/loader-utils 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/jarofghosts/glance 3 https://github.com/adaltas/node-mixme 3 https://github.com/ua-parser/uap-core 3 https://github.com/vriteio/vrite 3 https://github.com/josdejong/mathjs 3 https://github.com/zestedesavoir/zmarkdown 3 https://github.com/vanessa219/vditor 3 https://github.com/Automattic/mongoose 3 https://github.com/vendure-ecommerce/vendure 3 https://github.com/xmldom/xmldom 3 https://github.com/typeorm/typeorm 3 https://github.com/YMFE/yapi 3 https://github.com/matrix-org/matrix-appservice-bridge 2 https://github.com/shelljs/shelljs 2 https://github.com/mathjax/MathJax 2 https://github.com/jsuites/jsuites 2 https://github.com/codecov/codecov-node 2 https://github.com/cloudhead/node-static 2 https://github.com/commenthol/safer-eval 2 https://github.com/commenthol/serialize-to-js 2 https://github.com/senchalabs/connect 2 https://github.com/semantic-release/semantic-release 2 https://github.com/vvakame/fs-git 2 https://github.com/peerigon/angular-expressions 2 https://github.com/ahdinosaur/set-in 2 https://github.com/peterbraden/node-opencv 2 https://github.com/josdejong/jsoneditor 2 https://github.com/mysqljs/mysql 2 https://github.com/cronvel/tree-kit 2 https://github.com/snyk/cli 2 https://github.com/karma-runner/karma 2 https://github.com/Finastra/ssr-pages 2 https://github.com/jonschlinkert/mixin-deep 2 https://github.com/manvel-khnkoyan/jpv 2 https://github.com/jwadhams/json-logic-js 2 https://github.com/justmoon/node-bignum 2 https://github.com/chocobozzz/peertube 2 https://github.com/chriso/validator.js 2 https://github.com/sindresorhus/semver-regex 2 https://github.com/christian-bromann/rgb2hex 2 https://github.com/sindresorhus/is-svg 2 https://github.com/yahoo/serialize-javascript 2 https://github.com/aFarkas/lazysizes 2 https://github.com/jonschlinkert/set-value 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/julianhille/MuhammaraJS 2 https://github.com/markdown-it/markdown-it 2 https://github.com/simonh1000/angular-http-server 2 https://github.com/marudor/libxmljs2 2 https://github.com/vivaxy/here 2 https://github.com/endojs/endo 2 https://github.com/Agoric/realms-shim 2 https://github.com/payloadcms/payload 2 https://github.com/guardian/html-janitor 2 https://github.com/jameswlane/status-board 2 https://github.com/amitmerchant1990/electron-markdownify 2 https://github.com/froala/wysiwyg-editor 2 https://github.com/mozilla/nunjucks 2 https://github.com/dfinity/agent-js 2 https://github.com/mithunsatheesh/node-rules 2