Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh
Remote code execution via MongoDB BSON parser through prototype pollution
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS00cGNnLXdyNmMtaDljcc4AAvu9
fastify/websocket vulnerable to uncaught exception via crash on malformed packet
Ecosystems: npm
Packages: @fastify/websocket, fastify-websocket
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mZjlqLXB3eGctcTVwMs4AAvsz
deep-parse-json vulnerable to Prototype Pollution
Ecosystems: npm
Packages: deep-parse-json
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xcWhmLXhmaHctNzg4NM4AAvtB
Markdownify has Files or Directories Accessible to External Parties
Ecosystems: npm
Packages: electron-markdownify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02NTN2LXJxeDktajg1cM4AAvtM
deep-object-diff vulnerable to Prototype Pollution
Ecosystems: npm
Packages: deep-object-diff
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wNWc5LXJqY2YtOTV2as4AAvs_
fastest-json-copy vulnerable to Prototype Pollution
Ecosystems: npm
Packages: fastest-json-copy
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yNW14LTJteG0tNjM0M84AAvsH
@keystone-6/core's NODE_ENV defaults to development with esbuild
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cjY5LTNjdnAtd3hjM84AAvrB
Batched HTTP requests may set incorrect `cache-control` response header
Ecosystems: npm
Packages: @apollo/server, apollo-server-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yY3J4LWZwanAtbWZyd84AAvq7
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
Ecosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jcmg2LWZwNjctNjg4M84AAvn0
xmldom allows multiple root nodes in a DOM
Ecosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 55.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cnY5LTN4M3ctZmZ4d84AAvna
node-red-dashboard vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: node-red-dashboard
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mcnA5LTJ2NnItZ2o5N84AAvnJ
muhammara and hummus vulnerable to null pointer dereference on bad response object
Ecosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS05Y3Y1LTR3cXYtOXc5NM4AAvnE
muhammara and hummus vulnerable to denial of service by NULL pointer dereference
Ecosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wZnE4LXJxNnYtdmY1bc4AAvm3
kangax html-minifier REDoS vulnerability
Ecosystems: npm
Packages: html-minifier
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jZmdyLTc1angtaDg4Z84AAvmz
thlorenz browserify-shim vulnerable to prototype pollution
Ecosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yNzM3LTM0N20td3FjN84AAvlu
thlorenz browserify-shim vulnerable to prototype pollution
Ecosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xcHY4LTRwanEtcXFoN84AAvis
feathers-sequelize contains improper input validation leading to SQL injection
Ecosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01aHE3LWo1d3EtcDIyN84AAviy
feathers-sequelize vulnerable to SQL injection due to improper parameter filtering
Ecosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wNW0zLTI3dmgtNTJqNM4AAvit
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution
Ecosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xbTk1LXBnY2ctcXFmcc4AAvix
Insufficient validation when decoding a Socket.IO packet
Ecosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 59.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jcjg0LXh2dzQtcXgzY84AAvio
Inefficient Regular Expression Complexity in shescape
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jMzN3LXBtNTItbXF2Zs4AAvij
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
Ecosystems: npm
Packages: @dependencytrack/frontend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13aHB4LXEzcnEtdzhqY84AAve6
Hardening of TypedArrays with non-canonical numeric property names in SES
Ecosystems: npm
Packages: ses
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jOTQyLW1mbXAtcDRmaM4AAvc5
Markdownify subject to Remote Code Execution via malicious markdown file
Ecosystems: npm
Packages: electron-markdownify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02bWhyLTUybXYtNnY2Zs4AAvaQ
Field-level access-control bypass for multiselect field
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP
parse-server crashes when receiving file download request with invalid byte range
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mOHE2LXA5NHgtMzd2M84AAvaI
minimatch ReDoS vulnerability
Ecosystems: npm
Packages: minimatch
Source: GitHub Advisory Database
Blast Radius: 47.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zcmZtLWpod2otNzQ4OM4AAvVB
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1oY2o0LXhmNngtNjN3as4AAvUC
Grunt-karma vulnerable to prototype pollution
Ecosystems: npm
Packages: grunt-karma
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03NnAzLThqeDMtanBmcc4AAvTd
Prototype pollution in webpack loader-utils
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 61.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS01cDh3LTJtdnctMzhwds4AAvTF
Signature bypass via multiple root elements
Ecosystems: npm
Packages: node-saml
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tOTc0LTY0N3Ytd2h2N84AAvTE
Signature bypass via multiple root elements
Ecosystems: npm
Packages: @node-saml/passport-saml, @node-saml/node-saml, node-saml, passport-saml
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nbXdwLTNwd2MtM2ozZ84AAvS-
mockery is vulnerable to prototype pollution
Ecosystems: npm
Packages: mockery
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ycDNjLXAzcXctNjlyNM4AAvS5
The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutations
Ecosystems: npm
Packages: apollo-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oaHEzLWZmNzgtanYzZ84AAvRq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qNHJ2LXByOWctcThqds4AAvP8
mxGraph vulnerable to cross-site scripting in setTooltips function
Ecosystems: npm
Packages: mxgraph
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04bW1tLTl2MnEteDNmOc4AAvPk
tschaub gh-pages vulnerable to prototype pollution
Ecosystems: npm
Packages: gh-pages
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04NjZ3LXdtNGgtOTVjNs4AAvP-
thlorenz browserify-shim vulnerable to prototype pollution
Ecosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02MzNyLXI0cDgtcHczd84AAvPU
Cross site scripting in Metro UI
Ecosystems: npm
Packages: metro4
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS00NTV3LWM0NXYtODZyZ84AAvO9
fastify vulnerable to denial of service via malicious Content-Type
Ecosystems: npm
Packages: fastify
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qam1nLXg0NTYtdzk3Ns4AAvOC
Incorrect default cookie name and recommendation
Ecosystems: npm
Packages: csrf-csrf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wajJjLWg3NnctdnY2Zs4AAvNW
tiny-csrf has openly visible CSRF tokens
Ecosystems: npm
Packages: tiny-csrf
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ncnY2LW03NTMtM3cyZ84AAvNO
NocoDB vulnerable to Denial of Service
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS14cng5LWdqMjYtNXd4Oc4AAvMH
v8n vulnerable to Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: v8n
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS04dzd3LTY3bXctcjVwN84AAvLq
generator-jhipster vulnerable to login check Regular Expression Denial of Service
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ocHFqLTdjajYtaGZqOM4AAvJ0
Snyk CLI affected by Command Injection vulnerability
Ecosystems: npm
Packages: snyk-go-plugin, snyk
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wMjhoLWNjN3EtYzRmZ84AAvJj
css-what vulnerable to ReDoS due to use of insecure regular expression
Ecosystems: npm
Packages: css-what
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yajc5LThwcWMtcjd4Ns4AAvJg
react-native-reanimated vulnerable to ReDoS
Ecosystems: npm
Packages: react-native-reanimated
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tanI1LXY5YzktbW03Z84AAvIt
Joplin Remote Code Execution
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yampxLXg1NDgtcmhwds4AAvIq
isolated-vm has vulnerable CachedDataOptions in API
Ecosystems: npm
Packages: isolated-vm
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS01dzhyLThwZ2otNWptZs4AAvIn
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00cnhyLTI3bW0tbXhxOc4AAvIm
Upstash Adapter missing token verification
Ecosystems: npm
Packages: @next-auth/upstash-redis-adapter
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yNDhyLWo4ZngtbXEyY84AAvIf
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS02MjYzLXg5N2MtYzRnZ84AAvIe
matrix-js-sdk subject to impersonated messages due to permissive key forwarding
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1odnY4LTV2ODYtcjQ1eM4AAvHM
Improper beacon events in matrix-js-sdk can result in availability issues
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zNmpyLW1oNGgtMmc1OM4AAvHL
d3-color vulnerable to ReDoS
Ecosystems: npm
Packages: d3-color
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tcmdwLW1yaGMtNWpycc4AAvGK
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 47.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS00cGhnLWhwcW0tYzNqNM4AAvGG
Strapi mishandles hidden attributes within admin API responses
Ecosystems: npm
Packages: @strapi/strapi, strapi
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ncmpwLTRqbXItbWpjd84AAvFW
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
Ecosystems: npm
Packages: express-xss-sanitizer
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jNDI5LTVwN3YtdmdqcM4AAvB6
hoek subject to prototype pollution via the clone function.
Ecosystems: npm
Packages: hoek, @hapi/hoek
Source: GitHub Advisory Database
Blast Radius: 51.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00Mmh4LXZyeHgtNXI2ds4AAvAf
Jodit Editor vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: jodit
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xM2Y0LTloNHAtdmdyM84AAvAe
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
Ecosystems: npm
Packages: @lionello/secp256k1-js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05cndqLTlqMmgtZmh2bc4AAu_c
Toast UI Grid vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: tui-grid
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05amp2LTUyNG0tam05OM4AAu-A
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation
Ecosystems: npm
Packages: @netlify/ipx
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumvented
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12djd4LTd3NG0tcTcyZs4AAu99
fhir-works-on-aws-authz-smart handles permissions improperly
Ecosystems: npm
Packages: fhir-works-on-aws-authz-smart
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98
parse-server's session object properties can be updated by foreign user if object ID is known
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13YzR4LXFtcjItcmo4aM4AAu82
steal vulnerable to Prototype Pollution via alias variable
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yZ3F4LTIyNmYtMnhwNM4AAu81
steal Inefficient Regular Expression Complexity vulnerability via string variable
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jbXI4LTV3NGMtNDR2OM4AAu8P
Fastly Compute@Edge JS Runtime has fixed random number seed during compilation
Ecosystems: npm
Packages: @fastly/js-compute
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tY3ZnLWc5d3gtdjV2eM4AAu6Y
Valine code injection vulnerability
Ecosystems: npm
Packages: valine
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xNHE1LWM1Y3YtMnA2OM4AAu6M
Vuetify Cross-site Scripting vulnerability
Ecosystems: maven, npm
Packages: org.webjars.npm:vuetify, vuetify
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14OTJnLTQ5Z2gtNjNxbc4AAu45
Budibase Improper Access Control vulnerability
Ecosystems: npm
Packages: @budibase/bbui, @budibase/builder, @budibase/worker
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1ndmp3LThtbXItOGY2Z84AAu3_
steal vulnerable to Prototype Pollution
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I
Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS14bWdnLWZ4OXAtcHJxNs4AAu1o
NodeBB account takeover via SSO plugins
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qdjNnLWo1OGYtOW1xOc4AAu1m
JOSE vulnerable to resource exhaustion via specifically crafted JWE
Ecosystems: npm
Packages: jose-node-esm-runtime, jose-node-cjs-runtime, jose-browser-runtime, jose
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xbTR3LTQ5OTUtdmc3Zs4AAu1l
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch
Ecosystems: npm
Packages: cruddl
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wcXc1LWptcDUtcHg0ds4AAu1E
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12d2hxLXBtM3ItZmptOc4AAu0V
steal vulnerable to Prototype Pollution via key variable in babel.js
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05M3E1LTN4cGMtOHZnM84AAu0v
steal vulnerable to Prototype Pollution via requestedVersion variable
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04ZjhnLTlqNzMtN3A4Ms4AAu0C
steal vulnerable to Prototype Pollution via optionName variable
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yOHY0LWpmODItanZqOM4AAu0A
steal vulnerable to Regular Expression Denial of Service via source and sourceWithComments
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS03ZjN4LTJ3Y3gtaHd3OM4AAuz9
steal vulnerable to Regular Expression Denial of Service via input variable
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jcTdxLTVjNjctdzM5d84AAuzx
matrix-appservice-irc vulnerable to IRC mode parameter confusion
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS14dnFnLW12MjUtcnd2d84AAuzw
Parsing issue in matrix-org/node-irc leading to room takeovers
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qOWZxLXZ3cXYtMmZtMs4AAuza
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 48.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NjJyLXd4dm0tanZ4aM4AAus8
Markdown-Nice v1.8.22 vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: markdown-nice
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qcWhxLXBmZzMtZmc1cM4AAuq_
Blink1Control2 uses weak password encryption
Ecosystems: npm
Packages: Blink1Control2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1ydmdtLTM1anctcTYyOM4AAujy
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Ecosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS12cWM0LXY4aGMtaDJqZ84AAujx
Polynomial regular expression used on uncontrolled data in nitrado.js
Ecosystems: npm
Packages: nitrado.js
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jZ2ZtLXh3cDctMmN2cs4AAuje
Sanitize-html Vulnerable To REDoS Attacks
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14NWN3LTg0M2YtcjM2Ns4AAujc
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: x-data-spreadsheet
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04bWdxLTZyMnEtODJ3Oc4AAui5
Captcha Bypass in strapi-plugin-ezforms
Ecosystems: npm
Packages: strapi-plugin-ezforms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13ZmY0LWZwd2ctcXF2M84AAui2
Unexpected server crash in Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wNGNjLXc1OTctNmNwbc4AAui1
Cryptographically weak PRNG in `utils.generateUUID`
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01Nng0LWo3cDktZmNmOc4AAui0
Command Injection in moment-timezone
Ecosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12NzhjLTRwNjMtMmo2Y84AAuiz
Cleartext Transmission of Sensitive Information in moment-timezone
Ecosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03N3FtLXd2cXEtZmc3Oc4AAuiy
Directus vulnerable to unhandled exception on illegal filename_disk value
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS00cmc2LWZtMjUtZ2MzNM4AAuiV
oauth2-server through 3.1.1 vulnerable to Open Redirect
Ecosystems: npm
Packages: oauth2-server
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1,400
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
parse-server 29 electron 26 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 directus 18 sequelize 16 next 15 swagger-ui 14 tinymce 14 ghost 14 strapi 13 joplin 13 ckeditor4 13 undici 12 vm2 12 nodebb 11 handlebars 11 marked 11 angular 11 nocodb 10 @evershop/evershop 9 serve 9 next-auth 9 TinyMCE 9 tinymce/tinymce 9 node-forge 8 urijs 8 jsrsasign 8 express-cart 8 editor.md 8 validator 8 npm 8 @strapi/strapi 8 url-parse 8 tar 8 steal 8 systeminformation 8 bootstrap 8 matrix-js-sdk 8 org.webjars.npm:jquery 8 jquery 8 jquery-rails 8 total.js 7 sanitize-html 7 uptime-kuma 7 jquery-ui 7 jquery-ui-rails 7 matrix-appservice-irc 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 snyk-broker 7 jQuery 7 shescape 7 lodash 7 matrix-react-sdk 7 hermes-engine 7 hapi 7 safe-eval 6 aaptjs 6 rsshub 6 parse-url 6 lodash-es 5 total4 5 openpgp 5 sweetalert2 5 public 5 ejs 5 prismjs 5 vite 5 mongoose 5 dojo 5 yarn 5 vditor 5 ua-parser-js 5 @strapi/plugin-users-permissions 5 rendertron 5 xlsx 5 keystone 5 safer-eval 4 muhammara 4 remarkable 4 convert-svg-core 4 axios 4 hummus 4 simple-git 4 engine.io 4 jsonwebtoken 4 realms-shim 4 ws 4 fastify 4 katex 4 dompurify 4 apostrophe 4 vega 4 auth0-js 4 @keystone-6/core 4 materialize-css 4 moment 4 mongo-express 4 valine 4 mermaid 4 auth0-lock 4 @backstage/plugin-scaffolder-backend 4 qs 4 ecstatic 4 simple-markdown 4 generator-jhipster 4 mysql2 4 meshcentral 4 aws-iot-device-sdk-v2 4 glance 4 apollo-server-core 4 awsiotsdk 4 follow-redirects 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 ses 3 loader-utils 3 org.webjars.npm:xlsx 3 node-red-dashboard 3 notevil 3 object-path 3 passport-wsfed-saml2 3 js-yaml 3 grunt 3 jspdf 3 n8n 3 locutus 3 jointjs 3 codecov 3 feathers-sequelize 3 mysql 3 wrangler 3 yapi-vendor 3 @frangoteam/fuxa 3 ftp-srv 3 renovate 3 blamer 3 bootstrap 3 @ckeditor/ckeditor5-markdown-gfm 3 raneto 3 tough-cookie 3 froala-editor 3 highcharts 3 localhost-now 3 mixme 3 connect 3 jose 3 socket.io-file 3 fast-xml-parser 3 browserify-shim 3 slpjs 3 dns-sync 3 protobufjs 3 http-live-simulator 3 uap-core 3 xmldom 3 m-server 3 keycloak-connect 3 @strapi/utils 3 @cubejs-backend/api-gateway 3 nodemailer 3 slp-validate 3 apollo-server 3 node-opcua 3 postcss 3 jquery-validation 3 socket.io-parser 3 @backstage/techdocs-common 3 node-ipc 3 mathjs 3 node-jose 3 parsel 3 @uppy/companion 3 nadesiko3 3 convict 3 dojox 3 simplehttpserver 3 fuxa-server 3 mxgraph 3 statics-server 3 stimulsoft-dashboards-js 3 express-fileupload 3 node-fetch 3 xdLocalStorage 3 @hapi/subtext 3 subtext 3 @apollo/server 3 json-pointer 3 immer 3 serialize-to-js 3 buttle 3 typeorm 3 lodash.defaultsdeep 3 @vrite/sdk 3 @commercial/subtext 3 json-ptr 3 @sveltejs/kit 3 snyk 3 @soketi/soketi 3 ids-enterprise 3
Filter by Repository
https://github.com/parse-community/parse-server 29 https://github.com/electron/electron 25 https://github.com/strapi/strapi 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/directus/directus 17 https://github.com/sequelize/sequelize 16 https://github.com/tinymce/tinymce 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/patriksimek/vm2 12 https://github.com/nodejs/undici 12 https://github.com/NodeBB/NodeBB 11 https://github.com/vercel/next.js 11 https://github.com/jquery/jquery 10 https://github.com/nextauthjs/next-auth 10 https://github.com/keystonejs/keystone 10 https://github.com/nocodb/nocodb 10 https://github.com/evershopcommerce/evershop 9 https://github.com/stealjs/steal 8 https://github.com/kjur/jsrsasign 8 https://github.com/apollographql/apollo-server 8 https://github.com/pandao/editor.md 8 https://github.com/matrix-org/matrix-js-sdk 8 https://github.com/sebhildebrandt/systeminformation 8 https://github.com/digitalbazaar/forge 8 https://github.com/twbs/bootstrap 7 https://github.com/unshiftio/url-parse 7 https://github.com/lodash/lodash 7 https://github.com/louislam/uptime-kuma 7 https://github.com/matrix-org/matrix-appservice-irc 7 https://github.com/matrix-org/matrix-react-sdk 7 https://github.com/ericcornelissen/shescape 7 https://github.com/jquery/jquery-ui 6 https://github.com/facebook/hermes 6 https://github.com/DIYgod/RSSHub 6 https://github.com/npm/node-tar 6 https://github.com/panva/jose 6 https://github.com/totaljs/framework 6 https://github.com/shenzhim/aaptjs 6 https://github.com/ionicabizau/parse-url 6 https://github.com/eclipse-theia/theia 6 https://github.com/vitejs/vite 5 https://github.com/openpgpjs/openpgpjs 5 https://github.com/markedjs/marked 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/npm/cli 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/handlebars-lang/handlebars.js 5 https://github.com/GoogleChrome/rendertron 5 https://github.com/apostrophecms/sanitize-html 5 https://github.com/gatsbyjs/gatsby 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/vega/vega 5 https://github.com/follow-redirects/follow-redirects 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/xCss/Valine 4 https://github.com/jonschlinkert/remarkable 4 https://github.com/mrvautin/expressCart 4 https://github.com/hapijs/hapi 4 https://github.com/aws/aws-iot-device-sdk-java-v2 4 https://github.com/PrismJS/prism 4 https://github.com/sidorares/node-mysql2 4 https://github.com/steveukx/git-js 4 https://github.com/cloudflare/workers-sdk 4 https://github.com/ofirdagan/cross-domain-local-storage 4 https://github.com/axios/axios 4 https://github.com/KaTeX/KaTeX 4 https://github.com/auth0/lock 4 https://github.com/Ylianst/MeshCentral 4 https://github.com/socketio/engine.io 4 https://github.com/balderdashy/sails 4 https://github.com/medialize/URI.js 4 https://github.com/medialize/uri.js 4 https://github.com/yarnpkg/yarn 4 https://github.com/auth0/node-jsonwebtoken 4 https://github.com/angular/angular.js 4 https://github.com/mde/ejs 4 https://github.com/fastify/fastify 4 https://github.com/npm/npm 4 https://github.com/Dogfalo/materialize 4 https://github.com/nodejs/llhttp 3 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 3 https://github.com/highcharts/highcharts 3 https://github.com/neocotic/convert-svg 3 https://github.com/sveltejs/kit 3 https://github.com/node-fetch/node-fetch 3 https://github.com/libxmljs/libxmljs 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/kujirahand/nadesiko3 3 https://github.com/beerpwn/CVE 3 https://github.com/immerjs/immer 3 https://github.com/node-opcua/node-opcua 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/transloadit/uppy 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/nodemailer/nodemailer 3 https://github.com/n8n-io/n8n 3 https://github.com/postcss/postcss 3 https://github.com/MrRio/jsPDF 3 https://github.com/dwisiswant0/advisory 3 https://github.com/mozilla/node-convict 3 https://github.com/mongo-express/mongo-express 3 https://github.com/dojo/dojox 3 https://github.com/dojo/dojo 3 https://github.com/docsifyjs/docsify 3 https://github.com/mongodb/js-bson 3 https://github.com/facebook/react 3 https://github.com/moment/moment 3 https://github.com/nasa/openmct 3 https://github.com/renovatebot/renovate 3 https://github.com/RIAEvangelist/node-ipc 3 https://github.com/mermaid-js/mermaid 3 https://github.com/salesforce/tough-cookie 3 https://github.com/cure53/DOMPurify 3 https://github.com/gruntjs/grunt 3 https://github.com/NaturalIntelligence/fast-xml-parser 3 https://github.com/clientIO/joint 3 https://github.com/simpleledger/slpjs 3 https://github.com/mariocasciaro/object-path 3 https://github.com/ckeditor/ckeditor5 3 https://github.com/cisco/node-jose 3 https://github.com/chjj/marked 3 https://github.com/skoranga/node-dns-sync 3 https://github.com/Marak/colors.js 3 https://github.com/manuelstofer/json-pointer 3 https://github.com/socketio/socket.io-parser 3 https://github.com/soketi/soketi 3 https://github.com/hapijs/subtext 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/webpack/loader-utils 3 https://github.com/ua-parser/uap-core 3 https://github.com/adaltas/node-mixme 3 https://github.com/typeorm/typeorm 3 https://github.com/zeit/next.js 3 https://github.com/websockets/ws 3 https://github.com/vriteio/vrite 3 https://github.com/xmldom/xmldom 3 https://github.com/jarofghosts/glance 3 https://github.com/apostrophecms/apostrophe 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/jquery-validation/jquery-validation 3 https://github.com/josdejong/mathjs 3 https://github.com/zestedesavoir/zmarkdown 3 https://github.com/Automattic/mongoose 3 https://github.com/vanessa219/vditor 3 https://github.com/vendure-ecommerce/vendure 3 https://github.com/YMFE/yapi 3 https://github.com/matrix-org/matrix-appservice-bridge 2 https://github.com/jsuites/jsuites 2 https://github.com/mathjax/MathJax 2 https://github.com/codecov/codecov-node 2 https://github.com/cloudhead/node-static 2 https://github.com/jameswlane/status-board 2 https://github.com/shelljs/shelljs 2 https://github.com/commenthol/safer-eval 2 https://github.com/commenthol/serialize-to-js 2 https://github.com/vvakame/fs-git 2 https://github.com/senchalabs/connect 2 https://github.com/semantic-release/semantic-release 2 https://github.com/peerigon/angular-expressions 2 https://github.com/peterbraden/node-opencv 2 https://github.com/ahdinosaur/set-in 2 https://github.com/josdejong/jsoneditor 2 https://github.com/cronvel/tree-kit 2 https://github.com/karma-runner/karma 2 https://github.com/snyk/cli 2 https://github.com/Finastra/ssr-pages 2 https://github.com/manvel-khnkoyan/jpv 2 https://github.com/jonschlinkert/mixin-deep 2 https://github.com/jwadhams/json-logic-js 2 https://github.com/justmoon/node-bignum 2 https://github.com/chocobozzz/peertube 2 https://github.com/chriso/validator.js 2 https://github.com/christian-bromann/rgb2hex 2 https://github.com/sindresorhus/semver-regex 2 https://github.com/sindresorhus/is-svg 2 https://github.com/yahoo/serialize-javascript 2 https://github.com/aFarkas/lazysizes 2 https://github.com/jonschlinkert/set-value 2 https://github.com/markdown-it/markdown-it 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/julianhille/MuhammaraJS 2 https://github.com/marudor/libxmljs2 2 https://github.com/simonh1000/angular-http-server 2 https://github.com/jcubic/jquery.terminal 2 https://github.com/endojs/endo 2 https://github.com/vivaxy/here 2 https://github.com/Agoric/realms-shim 2 https://github.com/payloadcms/payload 2 https://github.com/guardian/html-janitor 2 https://github.com/mysqljs/mysql 2 https://github.com/froala/wysiwyg-editor 2 https://github.com/mithunsatheesh/node-rules 2 https://github.com/dfinity/agent-js 2 https://github.com/mozilla/pdf.js 2