Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Loading...
High
GSA_kwCzR0hTQS01cXE0LW02YzMteHhtZs4AAxMF
Directory Traversal vulnerability in serve-lite
Ecosystems: npm
Packages: serve-lite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02OWYyLTQzNzUtcXY5aM4AAxMO
Command injection in smartctl
Ecosystems: npm
Packages: smartctl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qOHdyLWZ3ZjItdnZyOc4AAxM9
Command Injection in create-choo-electron
Ecosystems: npm
Packages: create-choo-electron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01NGp3LWpxcjktNmNqOc4AAxM2
Command injection in vagrant.js
Ecosystems: npm
Packages: vagrant.js
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qOHg3LXFjdzQteHg4Nc4AAxM5
Cross-site Scripting (XSS) in serve-lite
Ecosystems: npm
Packages: serve-lite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05dzVqLTRtd3YtMndqOM4AAxNC
Remote code execution in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nNXFyLXhnZzctOHEyd84AAxND
Command Injection in puppet-facter
Ecosystems: npm
Packages: puppet-facter
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1maGc3LW04OXEtMjVyM84AAxIw
ReDoS Vulnerability in ua-parser-js version
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14NzN3LWc4aHgtdjdycM4AAxGk
Code injection in electerm
Ecosystems: npm
Packages: electerm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1obTdmLXJxN3Etajl4cM4AAxFC
@builder.io/qwik vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @builder.io/qwik
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNDUyLTc5OTYtaDQ1aM4AAxDY
cookiejar Regular Expression Denial of Service via Cookie.parse function
Ecosystems: maven, npm
Packages: org.webjars.npm:cookiejar, cookiejar
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zZndxLXF2NXYtMnd4Zs4AAxDR
Path Traversal in web-node-server
Ecosystems: npm
Packages: web-node-server
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xam03LTU1dnYtM2M1Zs4AAxDO
mel-spintax has Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: mel-spintax
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jcmhnLXhncmctdnZjY84AAw-o
a12nserver vulnerable to potential SQL Injections via Knex dependency
Ecosystems: npm
Packages: @curveball/a12n-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12dmozLTg1dmYtZmdtd84AAw93
global-modules-path Command Injection vulnerability
Ecosystems: npm
Packages: global-modules-path
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS02NHdwLWpoOXAtNWNnMs4AAw6f
RSSHub SSRF vulnerability
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS13NW13LWYyaHEtNWZ3OM4AAw6U
gry vulnerable to Command Injection
Ecosystems: npm
Packages: gry
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS03Y2g0LXJyOTktY3Fjd84AAw6Q
gatsby-transformer-remark has possible unsanitized JavaScript code injection
Ecosystems: npm
Packages: gatsby-transformer-remark
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS03OThoLWc0ajUtNTUzN84AAw6E
PapaParse Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: papaparse
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xdjY2LWY4NzYtdmp2cs4AAw6F
skeemas Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: skeemas
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS00anJtLWMzMngtdzRqZs4AAw3Y
convict vulnerable to Prototype Pollution
Ecosystems: npm
Packages: convict
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributes
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jbThoLXE5MnYteGNmY84AAw1D
mercurius has Uncaught Exception when using subscriptions
Ecosystems: npm
Packages: mercurius
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01OGg0LTltN20tajltNM4AAw0w
@okta/oidc-middlewareOpen Redirect vulnerability
Ecosystems: npm
Packages: @okta/oidc-middleware
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zeHE1LXdqZmgtcHBqY84AAw0p
Luxon Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: luxon
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS05dnZ3LWNjOXctZjI3aM4AAw0l
debug Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Blast Radius: 46.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14ajl2LTZxMmYtdnFoeM4AAw0A
wifey vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: wifey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13dnIyLXE4Nm0tNndocM4AAwzO
Baobab vulnerable to Prototype Pollution
Ecosystems: npm
Packages: baobab
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS13eGdoLThnbXItM3FoM84AAwzL
terminal-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: terminal-kit
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04cGg4LTlxMmotYzNycc4AAwx-
nodebatis SQL Injection vulnerability
Ecosystems: npm
Packages: nodebatis
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mMjU5LWg2bTgtaG04bc4AAwx2
exec-local-bin vulnerable to Command Injection
Ecosystems: npm
Packages: exec-local-bin
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS02ZzMzLTh3MnEtNGh4ds4AAwwq
robots-txt-guard Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: robots-txt-guard
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13OW1yLTRtZnItNDk5Zs4AAwww
Vercel ms Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: ms
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oODU3LTJnNTYtNDY4Z84AAwwo
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: @mattkrick/sanitize-svg
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS03bTM3LWN4MzUtcWdtcs4AAwvt
Uniswap Universal Router Incorrect Authorization vulnerability
Ecosystems: npm
Packages: @uniswap/universal-router
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS05bWp4LXdmcXAtajVwaM4AAwvv
window-control vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: window-control
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS12NjNxLWhncWMtcXZwZ84AAwuZ
MooTools Regular Expression Denial of Service
Ecosystems: npm
Packages: mootools
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wZnJtLTRyanctZzlxNc4AAwsv
string-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: string-kit
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS03NTk5LWZxZ20tdjg0cM4AAwrj
rgb2hex vulnerable to inefficient regular expression complexity
Ecosystems: npm
Packages: rgb2hex
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mcjU0LTcyd3ItY3F2cc4AAwri
express-param vulnerable to Improper Handling of Extra Parameters
Ecosystems: npm
Packages: express-param
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tNjg4LWN4MnAtcmdxOc4AAwp5
Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
Ecosystems: npm
Packages: twitter-fetcher-js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS05YzQ3LW02cXEtN3A0aM4AAwpn
Prototype Pollution in JSON5 via Parse Method
Ecosystems: npm
Packages: json5
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03OW1wLWN4cDQtOXA2cs4AAwo2
Json2html vulnerable to cross-site scripting
Ecosystems: npm
Packages: node-json2html
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wMjdoLTRjcGYtZnc0OM4AAwnR
email-existence Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: email-existence
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qNXA3LWpmNHEtNzQycc4AAwnP
markdown-it vulnerable to Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: markdown-it
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02eHJmLXE5NzctNXZnY84AAwmb
json-pointer vulnerable to Prototype Pollution
Ecosystems: npm
Packages: json-pointer
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS04Z2g4LWhxd2cteGYzNM4AAwl1
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability
Ecosystems: npm
Packages: fast-json-patch
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yajJ4LTJncHctZzhmbc4AAwl4
flat vulnerable to Prototype Pollution
Ecosystems: npm
Packages: flat
Source: GitHub Advisory Database
Blast Radius: 55.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tdzR4LWcyeDgtcWN2Zs4AAwlu
tree-kit vulnerable to Prototype Pollution
Ecosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wOGo4LXd4dnAtaDY5Nc4AAwln
SimbCo httpster vulnerable to Path Traversal
Ecosystems: npm
Packages: httpster
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NXJtLTI4OTMtNWY0Oc4AAwgi
liquidjs may leak properties of a prototype
Ecosystems: npm
Packages: liquidjs
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oanJmLTJtNjgtNTk1Oc4AAwgh
jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xd3BoLTQ5NTItN3hyNs4AAwgg
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04Y2Y3LTMyZ3ctd3IzM84AAwgf
jsonwebtoken unrestricted key type could lead to legacy keys usage
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jNnJwLXdycDktcXI0cc4AAwf6
dustjs-linkedin vulnerable to Prototype Pollution
Ecosystems: npm
Packages: dustjs-linkedin
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nNjYyLXFxNDUtcHB3bc4AAwd8
Smoothie vulnerable to Cross-site Scripting when tooltipLabel or strokeStyle are controlled by users
Ecosystems: npm
Packages: smoothie
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tNXY4LXdwdzQtcmozeM4AAwd9
abacus-ext-cmdline vulnerable to Command Injection
Ecosystems: npm
Packages: abacus-ext-cmdline
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wcHB2LWNoOHAtcnAyd84AAwd6
lite-dev-server vulnerable to Directory Traversal
Ecosystems: npm
Packages: lite-dev-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00dzJqLTJyZzQtNW1qd84AAweA
vm2 vulnerable to Arbitrary Code Execution
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zM3ZoLTd4OHEtbWczNc4AAwbl
safe-eval vulnerable to Prototype Pollution
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qZm04LWh3aGctcjZnZ84AAwbj
p4 vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: p4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS13Y3dtLWMzbXItcHhjcs4AAwbk
easy-static-server vulnerable to Directory Traversal
Ecosystems: npm
Packages: easy-static-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS04OXc3LTVxNDUtcjUzd84AAwbi
lite-server vulnerable to Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:lite-server, lite-server
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05N2p2LWMzNDItNXhoY84AAwaR
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Ecosystems: npm
Packages: whois
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12Mjc5LXYyeG0td2hxOc4AAwaQ
Oils JS vulnerable to Open Redirect
Ecosystems: npm
Packages: oils
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS00anY5LTM1NjMtMjNqM84AAwZv
Knex.js has a limited SQL injection vulnerability
Ecosystems: npm
Packages: knex
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yNTJoLTJjbXEtcG1yNs4AAwXI
easywebpack-cli Path Traversal vulnerability
Ecosystems: npm
Packages: @easy-team/easywebpack-cli
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1odzQ2LXZnNnctODhmas4AAwXM
replicator vulnerable to Deserialization of Untrusted Data
Ecosystems: npm
Packages: replicator
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wNDk1LWp4aDItd3JmZ84AAwYT
npm package rfc6902 vulnerable to Prototype Pollution
Ecosystems: npm
Packages: rfc6902
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05OTV4LTMzd3EtOGdjOc4AAwVt
cycle-import-check vulnerable to Command Injection
Ecosystems: npm
Packages: cycle-import-check
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wcGpxLXF4aHgtbTI1Zs4AAwSb
Authentication Bypass for passport-wsfed-saml2
Ecosystems: npm
Packages: passport-wsfed-saml2
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS02anFtLTNjOWctcGNoN84AAwRq
@cubejs-backend/api-gateway row level security bypass
Ecosystems: npm
Packages: @cubejs-backend/api-gateway
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nZzhyLXhqd3EtNHc5Ms4AAwOk
Cross-site scripting vulnerability in TinyMCE alerts
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mNDRxLTYzNGMtanZ3ds4AAwM5
libp2p DoS vulnerability from lack of resource management
Ecosystems: npm
Packages: libp2p
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS05cDk1LWZ4dmctcWdxMs4AAwKh
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yZjNnLXY4cDUtcDY3Nc4AAwJ4
NodeBB vulnerable to account takeover via prototype vulnerability
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS0ycjd2LWNtY2gtNXgyNs4AAwJT
muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference
Ecosystems: npm
Packages: muhammara, hummus
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14Mmp4LXczd20tOXAzcM4AAwI2
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03MjQ5LTh4MjItNHJnNM4AAwI3
nadesiko3 vulnerable to OS Command Injection
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tOHI1LTd3ZjQtNjNtd84AAwI7
Nadesiko3 OS Command Injection vulnerability
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00eDZnLTNjbXgtdzc2cs4AAwGD
Snyk plugins vulnerable to Command Injection
Ecosystems: npm
Packages: @snyk/snyk-cocoapods-plugin, snyk-docker-plugin, snyk-gradle-plugin, @snyk/snyk-hex-plugin, snyk-python-plugin, snyk-sbt-plugin, snyk-mvn-plugin, snyk
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS03ZnhtLWM4NDgtODlxOM4AAwEt
static-dev-server vulnerable to path traversal
Ecosystems: npm
Packages: static-dev-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB
ghost vulnerable to unauthorized newsletter modification via improper access controls
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS13NTczLTRoZzctN3dncc4AAwD1
decode-uri-component vulnerable to Denial of Service (DoS)
Ecosystems: npm
Packages: decode-uri-component
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ocnBwLWg5OTgtajNwcM4AAwDM
qs vulnerable to Prototype Pollution
Ecosystems: npm
Packages: qs
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ
Heap buffer overflow in GPU
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: over 1 year ago
Low
GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV
sweetalert2 v8.19.1 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
sweetalert2 v9.17.4 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00NTdyLWNxYzgtOXZqOc4AAwBT
sweetalert2 v10.16.10 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oZ3A4LXc4ZmotcjRjbc4AAv_v
ToolJet is vulnerable to Denial of Service (DoS)
Ecosystems: npm
Packages: tooljet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yN3FwLWNmaHYtcDg0d84AAv_b
Uncaught exception in engine.io
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zZmpqLXA3OWotYzloaM4AAv_I
Fastify: Incorrect Content-Type parsing can lead to CSRF attack
Ecosystems: npm
Packages: fastify
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01Z3d4LXdmOWctcjVteM4AAv2W
NodeBB vulnerable to Cross-Site Request Forgery
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mZndmLTQ3eDItanByOM4AAv2P
Matrix-appservice-irc vulnerable to sql injection via roomIds argument
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05OHBmLWdmaDMteDNtcM4AAv0C
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: readthedocs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zcW1jLTJyNzYtNHJxcM4AAv0B
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
Ecosystems: npm
Packages: @redwoodjs/api
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A
Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wMmpoLTQ0cWotcGYyds4AAvz_
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw
Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1,400
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 directus 18 sequelize 16 next 15 swagger-ui 14 tinymce 14 ghost 14 strapi 13 joplin 13 ckeditor4 13 undici 12 vm2 12 nodebb 11 handlebars 11 marked 11 angular 11 nocodb 10 @evershop/evershop 9 serve 9 next-auth 9 TinyMCE 9 tinymce/tinymce 9 node-forge 8 urijs 8 jsrsasign 8 express-cart 8 editor.md 8 validator 8 npm 8 @strapi/strapi 8 url-parse 8 tar 8 steal 8 systeminformation 8 bootstrap 8 matrix-js-sdk 8 org.webjars.npm:jquery 8 jquery 8 jquery-rails 8 total.js 7 sanitize-html 7 uptime-kuma 7 jquery-ui 7 jquery-ui-rails 7 matrix-appservice-irc 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 snyk-broker 7 jQuery 7 shescape 7 lodash 7 matrix-react-sdk 7 hermes-engine 7 hapi 7 safe-eval 6 aaptjs 6 rsshub 6 parse-url 6 lodash-es 5 total4 5 openpgp 5 sweetalert2 5 public 5 ejs 5 prismjs 5 vite 5 mongoose 5 dojo 5 yarn 5 vditor 5 ua-parser-js 5 @strapi/plugin-users-permissions 5 rendertron 5 xlsx 5 keystone 5 safer-eval 4 muhammara 4 remarkable 4 convert-svg-core 4 axios 4 hummus 4 simple-git 4 engine.io 4 jsonwebtoken 4 realms-shim 4 ws 4 fastify 4 katex 4 dompurify 4 apostrophe 4 vega 4 auth0-js 4 @keystone-6/core 4 materialize-css 4 moment 4 mongo-express 4 valine 4 mermaid 4 auth0-lock 4 @backstage/plugin-scaffolder-backend 4 qs 4 ecstatic 4 simple-markdown 4 generator-jhipster 4 mysql2 4 meshcentral 4 aws-iot-device-sdk-v2 4 glance 4 apollo-server-core 4 awsiotsdk 4 follow-redirects 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 ses 3 loader-utils 3 org.webjars.npm:xlsx 3 node-red-dashboard 3 notevil 3 object-path 3 passport-wsfed-saml2 3 js-yaml 3 grunt 3 jspdf 3 n8n 3 locutus 3 jointjs 3 codecov 3 feathers-sequelize 3 mysql 3 wrangler 3 yapi-vendor 3 @frangoteam/fuxa 3 ftp-srv 3 renovate 3 blamer 3 bootstrap 3 @ckeditor/ckeditor5-markdown-gfm 3 raneto 3 tough-cookie 3 froala-editor 3 highcharts 3 localhost-now 3 mixme 3 connect 3 jose 3 socket.io-file 3 fast-xml-parser 3 browserify-shim 3 slpjs 3 dns-sync 3 protobufjs 3 http-live-simulator 3 uap-core 3 xmldom 3 m-server 3 keycloak-connect 3 @strapi/utils 3 @cubejs-backend/api-gateway 3 nodemailer 3 slp-validate 3 apollo-server 3 node-opcua 3 postcss 3 jquery-validation 3 socket.io-parser 3 @backstage/techdocs-common 3 node-ipc 3 mathjs 3 node-jose 3 parsel 3 @uppy/companion 3 nadesiko3 3 convict 3 dojox 3 simplehttpserver 3 fuxa-server 3 mxgraph 3 statics-server 3 stimulsoft-dashboards-js 3 express-fileupload 3 node-fetch 3 xdLocalStorage 3 @hapi/subtext 3 subtext 3 @apollo/server 3 json-pointer 3 immer 3 serialize-to-js 3 buttle 3 typeorm 3 lodash.defaultsdeep 3 @vrite/sdk 3 @commercial/subtext 3 json-ptr 3 @sveltejs/kit 3 snyk 3 @soketi/soketi 3 ids-enterprise 3
Filter by Repository
https://github.com/parse-community/parse-server 29 https://github.com/electron/electron 25 https://github.com/strapi/strapi 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/directus/directus 17 https://github.com/sequelize/sequelize 16 https://github.com/tinymce/tinymce 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/patriksimek/vm2 12 https://github.com/nodejs/undici 12 https://github.com/NodeBB/NodeBB 11 https://github.com/vercel/next.js 11 https://github.com/jquery/jquery 10 https://github.com/nextauthjs/next-auth 10 https://github.com/keystonejs/keystone 10 https://github.com/nocodb/nocodb 10 https://github.com/evershopcommerce/evershop 9 https://github.com/stealjs/steal 8 https://github.com/kjur/jsrsasign 8 https://github.com/apollographql/apollo-server 8 https://github.com/pandao/editor.md 8 https://github.com/matrix-org/matrix-js-sdk 8 https://github.com/sebhildebrandt/systeminformation 8 https://github.com/digitalbazaar/forge 8 https://github.com/twbs/bootstrap 7 https://github.com/unshiftio/url-parse 7 https://github.com/lodash/lodash 7 https://github.com/louislam/uptime-kuma 7 https://github.com/matrix-org/matrix-appservice-irc 7 https://github.com/matrix-org/matrix-react-sdk 7 https://github.com/ericcornelissen/shescape 7 https://github.com/jquery/jquery-ui 6 https://github.com/facebook/hermes 6 https://github.com/DIYgod/RSSHub 6 https://github.com/npm/node-tar 6 https://github.com/panva/jose 6 https://github.com/totaljs/framework 6 https://github.com/shenzhim/aaptjs 6 https://github.com/ionicabizau/parse-url 6 https://github.com/eclipse-theia/theia 6 https://github.com/vitejs/vite 5 https://github.com/openpgpjs/openpgpjs 5 https://github.com/markedjs/marked 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/npm/cli 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/handlebars-lang/handlebars.js 5 https://github.com/GoogleChrome/rendertron 5 https://github.com/apostrophecms/sanitize-html 5 https://github.com/gatsbyjs/gatsby 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/vega/vega 5 https://github.com/follow-redirects/follow-redirects 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/xCss/Valine 4 https://github.com/jonschlinkert/remarkable 4 https://github.com/mrvautin/expressCart 4 https://github.com/hapijs/hapi 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/PrismJS/prism 4 https://github.com/sidorares/node-mysql2 4 https://github.com/steveukx/git-js 4 https://github.com/cloudflare/workers-sdk 4 https://github.com/ofirdagan/cross-domain-local-storage 4 https://github.com/axios/axios 4 https://github.com/KaTeX/KaTeX 4 https://github.com/auth0/lock 4 https://github.com/Ylianst/MeshCentral 4 https://github.com/socketio/engine.io 4 https://github.com/balderdashy/sails 4 https://github.com/medialize/URI.js 4 https://github.com/medialize/uri.js 4 https://github.com/yarnpkg/yarn 4 https://github.com/auth0/node-jsonwebtoken 4 https://github.com/angular/angular.js 4 https://github.com/mde/ejs 4 https://github.com/fastify/fastify 4 https://github.com/npm/npm 4 https://github.com/Dogfalo/materialize 4 https://github.com/nodejs/llhttp 3 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3 https://github.com/highcharts/highcharts 3 https://github.com/neocotic/convert-svg 3 https://github.com/sveltejs/kit 3 https://github.com/node-fetch/node-fetch 3 https://github.com/libxmljs/libxmljs 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/kujirahand/nadesiko3 3 https://github.com/beerpwn/CVE 3 https://github.com/immerjs/immer 3 https://github.com/node-opcua/node-opcua 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/transloadit/uppy 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/nodemailer/nodemailer 3 https://github.com/n8n-io/n8n 3 https://github.com/postcss/postcss 3 https://github.com/MrRio/jsPDF 3 https://github.com/dwisiswant0/advisory 3 https://github.com/mozilla/node-convict 3 https://github.com/mongo-express/mongo-express 3 https://github.com/dojo/dojox 3 https://github.com/dojo/dojo 3 https://github.com/docsifyjs/docsify 3 https://github.com/mongodb/js-bson 3 https://github.com/facebook/react 3 https://github.com/moment/moment 3 https://github.com/nasa/openmct 3 https://github.com/renovatebot/renovate 3 https://github.com/RIAEvangelist/node-ipc 3 https://github.com/mermaid-js/mermaid 3 https://github.com/salesforce/tough-cookie 3 https://github.com/cure53/DOMPurify 3 https://github.com/gruntjs/grunt 3 https://github.com/NaturalIntelligence/fast-xml-parser 3 https://github.com/clientIO/joint 3 https://github.com/simpleledger/slpjs 3 https://github.com/mariocasciaro/object-path 3 https://github.com/ckeditor/ckeditor5 3 https://github.com/cisco/node-jose 3 https://github.com/chjj/marked 3 https://github.com/skoranga/node-dns-sync 3 https://github.com/Marak/colors.js 3 https://github.com/manuelstofer/json-pointer 3 https://github.com/socketio/socket.io-parser 3 https://github.com/soketi/soketi 3 https://github.com/hapijs/subtext 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/webpack/loader-utils 3 https://github.com/ua-parser/uap-core 3 https://github.com/adaltas/node-mixme 3 https://github.com/typeorm/typeorm 3 https://github.com/zeit/next.js 3 https://github.com/websockets/ws 3 https://github.com/vriteio/vrite 3 https://github.com/xmldom/xmldom 3 https://github.com/jarofghosts/glance 3 https://github.com/apostrophecms/apostrophe 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/jquery-validation/jquery-validation 3 https://github.com/josdejong/mathjs 3 https://github.com/zestedesavoir/zmarkdown 3 https://github.com/Automattic/mongoose 3 https://github.com/vanessa219/vditor 3 https://github.com/vendure-ecommerce/vendure 3 https://github.com/YMFE/yapi 3 https://github.com/matrix-org/matrix-appservice-bridge 2 https://github.com/jsuites/jsuites 2 https://github.com/mathjax/MathJax 2 https://github.com/codecov/codecov-node 2 https://github.com/cloudhead/node-static 2 https://github.com/jameswlane/status-board 2 https://github.com/shelljs/shelljs 2 https://github.com/commenthol/safer-eval 2 https://github.com/commenthol/serialize-to-js 2 https://github.com/vvakame/fs-git 2 https://github.com/senchalabs/connect 2 https://github.com/semantic-release/semantic-release 2 https://github.com/peerigon/angular-expressions 2 https://github.com/peterbraden/node-opencv 2 https://github.com/ahdinosaur/set-in 2 https://github.com/josdejong/jsoneditor 2 https://github.com/cronvel/tree-kit 2 https://github.com/karma-runner/karma 2 https://github.com/snyk/cli 2 https://github.com/Finastra/ssr-pages 2 https://github.com/manvel-khnkoyan/jpv 2 https://github.com/jonschlinkert/mixin-deep 2 https://github.com/jwadhams/json-logic-js 2 https://github.com/justmoon/node-bignum 2 https://github.com/chocobozzz/peertube 2 https://github.com/chriso/validator.js 2 https://github.com/christian-bromann/rgb2hex 2 https://github.com/sindresorhus/semver-regex 2 https://github.com/sindresorhus/is-svg 2 https://github.com/yahoo/serialize-javascript 2 https://github.com/aFarkas/lazysizes 2 https://github.com/jonschlinkert/set-value 2 https://github.com/markdown-it/markdown-it 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/julianhille/MuhammaraJS 2 https://github.com/marudor/libxmljs2 2 https://github.com/simonh1000/angular-http-server 2 https://github.com/jcubic/jquery.terminal 2 https://github.com/endojs/endo 2 https://github.com/vivaxy/here 2 https://github.com/Agoric/realms-shim 2 https://github.com/payloadcms/payload 2 https://github.com/guardian/html-janitor 2 https://github.com/mysqljs/mysql 2 https://github.com/froala/wysiwyg-editor 2 https://github.com/mithunsatheesh/node-rules 2 https://github.com/dfinity/agent-js 2 https://github.com/mozilla/pdf.js 2