Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
npm Security Advisories
Loading...
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 1 year ago
GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh
Remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: over 1 year ago
High
Ecosystems: npm
Packages: @fastify/websocket, fastify-websocket
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 1 year ago
GSA_kwCzR0hTQS00cGNnLXdyNmMtaDljcc4AAvu9
fastify/websocket vulnerable to uncaught exception via crash on malformed packetEcosystems: npm
Packages: @fastify/websocket, fastify-websocket
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: deep-parse-json
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago
GSA_kwCzR0hTQS1mZjlqLXB3eGctcTVwMs4AAvsz
deep-parse-json vulnerable to Prototype PollutionEcosystems: npm
Packages: deep-parse-json
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: electron-markdownify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1xcWhmLXhmaHctNzg4NM4AAvtB
Markdownify has Files or Directories Accessible to External PartiesEcosystems: npm
Packages: electron-markdownify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: deep-object-diff
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: over 1 year ago
GSA_kwCzR0hTQS02NTN2LXJxeDktajg1cM4AAvtM
deep-object-diff vulnerable to Prototype PollutionEcosystems: npm
Packages: deep-object-diff
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: fastest-json-copy
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
GSA_kwCzR0hTQS1wNWc5LXJqY2YtOTV2as4AAvs_
fastest-json-copy vulnerable to Prototype PollutionEcosystems: npm
Packages: fastest-json-copy
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 1 year ago
GSA_kwCzR0hTQS0yNW14LTJteG0tNjM0M84AAvsH
@keystone-6/core's NODE_ENV defaults to development with esbuildEcosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @apollo/server, apollo-server-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS04cjY5LTNjdnAtd3hjM84AAvrB
Batched HTTP requests may set incorrect `cache-control` response headerEcosystems: npm
Packages: @apollo/server, apollo-server-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
GSA_kwCzR0hTQS1yY3J4LWZwanAtbWZyd84AAvq7
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cppEcosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 55.2
Published: over 1 year ago
GSA_kwCzR0hTQS1jcmg2LWZwNjctNjg4M84AAvn0
xmldom allows multiple root nodes in a DOMEcosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 55.2
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: node-red-dashboard
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 1 year ago
GSA_kwCzR0hTQS12cnY5LTN4M3ctZmZ4d84AAvna
node-red-dashboard vulnerable to Cross-site ScriptingEcosystems: npm
Packages: node-red-dashboard
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 1 year ago
High
Ecosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
GSA_kwCzR0hTQS1mcnA5LTJ2NnItZ2o5N84AAvnJ
muhammara and hummus vulnerable to null pointer dereference on bad response objectEcosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
High
Ecosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
GSA_kwCzR0hTQS05Y3Y1LTR3cXYtOXc5NM4AAvnE
muhammara and hummus vulnerable to denial of service by NULL pointer dereferenceEcosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
High
Ecosystems: npm
Packages: html-minifier
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: over 1 year ago
GSA_kwCzR0hTQS1wZnE4LXJxNnYtdmY1bc4AAvm3
kangax html-minifier REDoS vulnerabilityEcosystems: npm
Packages: html-minifier
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
GSA_kwCzR0hTQS1jZmdyLTc1angtaDg4Z84AAvmz
thlorenz browserify-shim vulnerable to prototype pollutionEcosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
GSA_kwCzR0hTQS1yNzM3LTM0N20td3FjN84AAvlu
thlorenz browserify-shim vulnerable to prototype pollutionEcosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
GSA_kwCzR0hTQS1xcHY4LTRwanEtcXFoN84AAvis
feathers-sequelize contains improper input validation leading to SQL injectionEcosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
GSA_kwCzR0hTQS01aHE3LWo1d3EtcDIyN84AAviy
feathers-sequelize vulnerable to SQL injection due to improper parameter filteringEcosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
GSA_kwCzR0hTQS1wNW0zLTI3dmgtNTJqNM4AAvit
Feather-Sequelize cleanQuery method vulnerable to Prototype PollutionEcosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 59.8
Published: over 1 year ago
GSA_kwCzR0hTQS1xbTk1LXBnY2ctcXFmcc4AAvix
Insufficient validation when decoding a Socket.IO packetEcosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 59.8
Published: over 1 year ago
High
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
GSA_kwCzR0hTQS1jcjg0LXh2dzQtcXgzY84AAvio
Inefficient Regular Expression Complexity in shescapeEcosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @dependencytrack/frontend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1jMzN3LXBtNTItbXF2Zs4AAvij
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability DetailsEcosystems: npm
Packages: @dependencytrack/frontend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
Ecosystems: npm
Packages: ses
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS13aHB4LXEzcnEtdzhqY84AAve6
Hardening of TypedArrays with non-canonical numeric property names in SESEcosystems: npm
Packages: ses
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: electron-markdownify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1jOTQyLW1mbXAtcDRmaM4AAvc5
Markdownify subject to Remote Code Execution via malicious markdown fileEcosystems: npm
Packages: electron-markdownify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 1 year ago
GSA_kwCzR0hTQS02bWhyLTUybXYtNnY2Zs4AAvaQ
Field-level access-control bypass for multiselect fieldEcosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 1 year ago
GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP
parse-server crashes when receiving file download request with invalid byte rangeEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 1 year ago
High
Ecosystems: npm
Packages: minimatch
Source: GitHub Advisory Database
Blast Radius: 47.6
Published: over 1 year ago
GSA_kwCzR0hTQS1mOHE2LXA5NHgtMzd2M84AAvaI
minimatch ReDoS vulnerabilityEcosystems: npm
Packages: minimatch
Source: GitHub Advisory Database
Blast Radius: 47.6
Published: over 1 year ago
High
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 1 year ago
GSA_kwCzR0hTQS0zcmZtLWpod2otNzQ4OM4AAvVB
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variableEcosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: grunt-karma
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: over 1 year ago
GSA_kwCzR0hTQS1oY2o0LXhmNngtNjN3as4AAvUC
Grunt-karma vulnerable to prototype pollutionEcosystems: npm
Packages: grunt-karma
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 61.1
Published: over 1 year ago
GSA_kwCzR0hTQS03NnAzLThqeDMtanBmcc4AAvTd
Prototype pollution in webpack loader-utilsEcosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 61.1
Published: over 1 year ago
High
Ecosystems: npm
Packages: node-saml
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
GSA_kwCzR0hTQS01cDh3LTJtdnctMzhwds4AAvTF
Signature bypass via multiple root elementsEcosystems: npm
Packages: node-saml
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
High
Ecosystems: npm
Packages: @node-saml/passport-saml, @node-saml/node-saml, node-saml, passport-saml
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 1 year ago
GSA_kwCzR0hTQS1tOTc0LTY0N3Ytd2h2N84AAvTE
Signature bypass via multiple root elementsEcosystems: npm
Packages: @node-saml/passport-saml, @node-saml/node-saml, node-saml, passport-saml
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: mockery
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 1 year ago
GSA_kwCzR0hTQS1nbXdwLTNwd2MtM2ozZ84AAvS-
mockery is vulnerable to prototype pollutionEcosystems: npm
Packages: mockery
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: apollo-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS0ycDNjLXAzcXctNjlyNM4AAvS5
The graphql-upload library included in Apollo Server 2 is vulnerable to CSRF mutationsEcosystems: npm
Packages: apollo-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 1 year ago
GSA_kwCzR0hTQS1oaHEzLWZmNzgtanYzZ84AAvRq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: mxgraph
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 1 year ago
GSA_kwCzR0hTQS1qNHJ2LXByOWctcThqds4AAvP8
mxGraph vulnerable to cross-site scripting in setTooltips functionEcosystems: npm
Packages: mxgraph
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: gh-pages
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 1 year ago
GSA_kwCzR0hTQS04bW1tLTl2MnEteDNmOc4AAvPk
tschaub gh-pages vulnerable to prototype pollutionEcosystems: npm
Packages: gh-pages
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
GSA_kwCzR0hTQS04NjZ3LXdtNGgtOTVjNs4AAvP-
thlorenz browserify-shim vulnerable to prototype pollutionEcosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: metro4
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
GSA_kwCzR0hTQS02MzNyLXI0cDgtcHczd84AAvPU
Cross site scripting in Metro UIEcosystems: npm
Packages: metro4
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: fastify
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 1 year ago
GSA_kwCzR0hTQS00NTV3LWM0NXYtODZyZ84AAvO9
fastify vulnerable to denial of service via malicious Content-TypeEcosystems: npm
Packages: fastify
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 1 year ago
Low
Ecosystems: npm
Packages: csrf-csrf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1qam1nLXg0NTYtdzk3Ns4AAvOC
Incorrect default cookie name and recommendationEcosystems: npm
Packages: csrf-csrf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: tiny-csrf
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 1 year ago
GSA_kwCzR0hTQS1wajJjLWg3NnctdnY2Zs4AAvNW
tiny-csrf has openly visible CSRF tokensEcosystems: npm
Packages: tiny-csrf
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
GSA_kwCzR0hTQS1ncnY2LW03NTMtM3cyZ84AAvNO
NocoDB vulnerable to Denial of ServiceEcosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: v8n
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: over 1 year ago
GSA_kwCzR0hTQS14cng5LWdqMjYtNXd4Oc4AAvMH
v8n vulnerable to Inefficient Regular Expression ComplexityEcosystems: npm
Packages: v8n
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: over 1 year ago
High
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS04dzd3LTY3bXctcjVwN84AAvLq
generator-jhipster vulnerable to login check Regular Expression Denial of ServiceEcosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: snyk-go-plugin, snyk
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
GSA_kwCzR0hTQS1ocHFqLTdjajYtaGZqOM4AAvJ0
Snyk CLI affected by Command Injection vulnerabilityEcosystems: npm
Packages: snyk-go-plugin, snyk
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
High
Ecosystems: npm
Packages: css-what
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: over 1 year ago
GSA_kwCzR0hTQS1wMjhoLWNjN3EtYzRmZ84AAvJj
css-what vulnerable to ReDoS due to use of insecure regular expressionEcosystems: npm
Packages: css-what
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: over 1 year ago
High
Ecosystems: npm
Packages: react-native-reanimated
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: over 1 year ago
GSA_kwCzR0hTQS0yajc5LThwcWMtcjd4Ns4AAvJg
react-native-reanimated vulnerable to ReDoSEcosystems: npm
Packages: react-native-reanimated
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: over 1 year ago
High
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
GSA_kwCzR0hTQS1tanI1LXY5YzktbW03Z84AAvIt
Joplin Remote Code ExecutionEcosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: isolated-vm
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
GSA_kwCzR0hTQS0yampxLXg1NDgtcmhwds4AAvIq
isolated-vm has vulnerable CachedDataOptions in APIEcosystems: npm
Packages: isolated-vm
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
High
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 1 year ago
GSA_kwCzR0hTQS01dzhyLThwZ2otNWptZs4AAvIn
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verificationEcosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @next-auth/upstash-redis-adapter
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 1 year ago
GSA_kwCzR0hTQS00cnhyLTI3bW0tbXhxOc4AAvIm
Upstash Adapter missing token verificationEcosystems: npm
Packages: @next-auth/upstash-redis-adapter
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 1 year ago
High
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 1 year ago
GSA_kwCzR0hTQS1yNDhyLWo4ZngtbXEyY84AAvIf
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusionEcosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 1 year ago
High
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 1 year ago
GSA_kwCzR0hTQS02MjYzLXg5N2MtYzRnZ84AAvIe
matrix-js-sdk subject to impersonated messages due to permissive key forwardingEcosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 1 year ago
GSA_kwCzR0hTQS1odnY4LTV2ODYtcjQ1eM4AAvHM
Improper beacon events in matrix-js-sdk can result in availability issuesEcosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: d3-color
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS0zNmpyLW1oNGgtMmc1OM4AAvHL
d3-color vulnerable to ReDoSEcosystems: npm
Packages: d3-color
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 47.2
Published: over 1 year ago
GSA_kwCzR0hTQS1tcmdwLW1yaGMtNWpycc4AAvGK
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on hostEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 47.2
Published: over 1 year ago
High
Ecosystems: npm
Packages: @strapi/strapi, strapi
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: over 1 year ago
GSA_kwCzR0hTQS00cGhnLWhwcW0tYzNqNM4AAvGG
Strapi mishandles hidden attributes within admin API responsesEcosystems: npm
Packages: @strapi/strapi, strapi
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: express-xss-sanitizer
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago
GSA_kwCzR0hTQS1ncmpwLTRqbXItbWpjd84AAvFW
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attributeEcosystems: npm
Packages: express-xss-sanitizer
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago
High
Ecosystems: npm
Packages: hoek, @hapi/hoek
Source: GitHub Advisory Database
Blast Radius: 51.1
Published: over 1 year ago
GSA_kwCzR0hTQS1jNDI5LTVwN3YtdmdqcM4AAvB6
hoek subject to prototype pollution via the clone function.Ecosystems: npm
Packages: hoek, @hapi/hoek
Source: GitHub Advisory Database
Blast Radius: 51.1
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: jodit
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 1 year ago
GSA_kwCzR0hTQS00Mmh4LXZyeHgtNXI2ds4AAvAf
Jodit Editor vulnerable to Cross-site ScriptingEcosystems: npm
Packages: jodit
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 1 year ago
High
Ecosystems: npm
Packages: @lionello/secp256k1-js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1xM2Y0LTloNHAtdmdyM84AAvAe
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgeryEcosystems: npm
Packages: @lionello/secp256k1-js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: tui-grid
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 1 year ago
GSA_kwCzR0hTQS05cndqLTlqMmgtZmh2bc4AAu_c
Toast UI Grid vulnerable to Cross-site ScriptingEcosystems: npm
Packages: tui-grid
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @netlify/ipx
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 1 year ago
GSA_kwCzR0hTQS05amp2LTUyNG0tam05OM4AAu-A
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host ValidationEcosystems: npm
Packages: @netlify/ipx
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 1 year ago
Low
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumventedEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: fhir-works-on-aws-authz-smart
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS12djd4LTd3NG0tcTcyZs4AAu99
fhir-works-on-aws-authz-smart handles permissions improperlyEcosystems: npm
Packages: fhir-works-on-aws-authz-smart
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 1 year ago
GSA_kwCzR0hTQS02dzRxLTIzY2YtajlqcM4AAu98
parse-server's session object properties can be updated by foreign user if object ID is knownEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
GSA_kwCzR0hTQS13YzR4LXFtcjItcmo4aM4AAu82
steal vulnerable to Prototype Pollution via alias variableEcosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
High
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
GSA_kwCzR0hTQS1yZ3F4LTIyNmYtMnhwNM4AAu81
steal Inefficient Regular Expression Complexity vulnerability via string variableEcosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
High
Ecosystems: npm
Packages: @fastly/js-compute
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
GSA_kwCzR0hTQS1jbXI4LTV3NGMtNDR2OM4AAu8P
Fastly Compute@Edge JS Runtime has fixed random number seed during compilationEcosystems: npm
Packages: @fastly/js-compute
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: valine
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 1 year ago
GSA_kwCzR0hTQS1tY3ZnLWc5d3gtdjV2eM4AAu6Y
Valine code injection vulnerabilityEcosystems: npm
Packages: valine
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 1 year ago
Moderate
Ecosystems: maven, npm
Packages: org.webjars.npm:vuetify, vuetify
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
GSA_kwCzR0hTQS1xNHE1LWM1Y3YtMnA2OM4AAu6M
Vuetify Cross-site Scripting vulnerabilityEcosystems: maven, npm
Packages: org.webjars.npm:vuetify, vuetify
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: @budibase/bbui, @budibase/builder, @budibase/worker
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
GSA_kwCzR0hTQS14OTJnLTQ5Z2gtNjNxbc4AAu45
Budibase Improper Access Control vulnerabilityEcosystems: npm
Packages: @budibase/bbui, @budibase/builder, @budibase/worker
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
GSA_kwCzR0hTQS1ndmp3LThtbXItOGY2Z84AAu3_
steal vulnerable to Prototype PollutionEcosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
High
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 1 year ago
GSA_kwCzR0hTQS0ybTZnLWNydjgtcDNjNs4AAu2I
Parse Server vulnerable to brute force guessing of user sensitive data via search patternsEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 1 year ago
High
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 1 year ago
GSA_kwCzR0hTQS14bWdnLWZ4OXAtcHJxNs4AAu1o
NodeBB account takeover via SSO pluginsEcosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: jose-node-esm-runtime, jose-node-cjs-runtime, jose-browser-runtime, jose
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
GSA_kwCzR0hTQS1qdjNnLWo1OGYtOW1xOc4AAu1m
JOSE vulnerable to resource exhaustion via specifically crafted JWEEcosystems: npm
Packages: jose-node-esm-runtime, jose-node-cjs-runtime, jose-browser-runtime, jose
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: cruddl
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
GSA_kwCzR0hTQS1xbTR3LTQ5OTUtdmc3Zs4AAu1l
cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearchEcosystems: npm
Packages: cruddl
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: over 1 year ago
GSA_kwCzR0hTQS1wcXc1LWptcDUtcHg0ds4AAu1E
parse-url parses http URLs incorrectly, making it vulnerable to host name spoofingEcosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
GSA_kwCzR0hTQS12d2hxLXBtM3ItZmptOc4AAu0V
steal vulnerable to Prototype Pollution via key variable in babel.jsEcosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
GSA_kwCzR0hTQS05M3E1LTN4cGMtOHZnM84AAu0v
steal vulnerable to Prototype Pollution via requestedVersion variableEcosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
GSA_kwCzR0hTQS04ZjhnLTlqNzMtN3A4Ms4AAu0C
steal vulnerable to Prototype Pollution via optionName variableEcosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
High
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
GSA_kwCzR0hTQS0yOHY0LWpmODItanZqOM4AAu0A
steal vulnerable to Regular Expression Denial of Service via source and sourceWithCommentsEcosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
High
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
GSA_kwCzR0hTQS03ZjN4LTJ3Y3gtaHd3OM4AAuz9
steal vulnerable to Regular Expression Denial of Service via input variableEcosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1jcTdxLTVjNjctdzM5d84AAuzx
matrix-appservice-irc vulnerable to IRC mode parameter confusionEcosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS14dnFnLW12MjUtcnd2d84AAuzw
Parsing issue in matrix-org/node-irc leading to room takeoversEcosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 48.3
Published: over 1 year ago
GSA_kwCzR0hTQS1qOWZxLXZ3cXYtMmZtMs4AAuza
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-urlEcosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 48.3
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: markdown-nice
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
GSA_kwCzR0hTQS00NjJyLXd4dm0tanZ4aM4AAus8
Markdown-Nice v1.8.22 vulnerable to Cross-site ScriptingEcosystems: npm
Packages: markdown-nice
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
High
Ecosystems: npm
Packages: Blink1Control2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1qcWhxLXBmZzMtZmc1cM4AAuq_
Blink1Control2 uses weak password encryptionEcosystems: npm
Packages: Blink1Control2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
Ecosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
GSA_kwCzR0hTQS1ydmdtLTM1anctcTYyOM4AAujy
Improper Control of Generation of Code ('Code Injection') in mdx-mermaidEcosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
High
Ecosystems: npm
Packages: nitrado.js
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS12cWM0LXY4aGMtaDJqZ84AAujx
Polynomial regular expression used on uncontrolled data in nitrado.jsEcosystems: npm
Packages: nitrado.js
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 1 year ago
GSA_kwCzR0hTQS1jZ2ZtLXh3cDctMmN2cs4AAuje
Sanitize-html Vulnerable To REDoS AttacksEcosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: x-data-spreadsheet
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
GSA_kwCzR0hTQS14NWN3LTg0M2YtcjM2Ns4AAujc
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site ScriptingEcosystems: npm
Packages: x-data-spreadsheet
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: strapi-plugin-ezforms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS04bWdxLTZyMnEtODJ3Oc4AAui5
Captcha Bypass in strapi-plugin-ezformsEcosystems: npm
Packages: strapi-plugin-ezforms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: over 1 year ago
GSA_kwCzR0hTQS13ZmY0LWZwd2ctcXF2M84AAui2
Unexpected server crash in Next.jsEcosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
GSA_kwCzR0hTQS1wNGNjLXc1OTctNmNwbc4AAui1
Cryptographically weak PRNG in `utils.generateUUID`Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Low
Ecosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS01Nng0LWo3cDktZmNmOc4AAui0
Command Injection in moment-timezoneEcosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS12NzhjLTRwNjMtMmo2Y84AAuiz
Cleartext Transmission of Sensitive Information in moment-timezoneEcosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
GSA_kwCzR0hTQS03N3FtLXd2cXEtZmc3Oc4AAuiy
Directus vulnerable to unhandled exception on illegal filename_disk valueEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 1 year ago
High
Ecosystems: npm
Packages: oauth2-server
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
GSA_kwCzR0hTQS00cmc2LWZtMjUtZ2MzNM4AAuiV
oauth2-server through 3.1.1 vulnerable to Open RedirectEcosystems: npm
Packages: oauth2-server
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1,400
Ecosystems: 12
Packages: 8,381
Repositories: 1,400
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
parse-server
29
electron
26
@openzeppelin/contracts-upgradeable
21
@openzeppelin/contracts
20
directus
18
sequelize
16
next
15
swagger-ui
14
tinymce
14
ghost
14
strapi
13
joplin
13
ckeditor4
13
undici
12
vm2
12
nodebb
11
handlebars
11
marked
11
angular
11
nocodb
10
@evershop/evershop
9
serve
9
next-auth
9
TinyMCE
9
tinymce/tinymce
9
node-forge
8
urijs
8
jsrsasign
8
express-cart
8
editor.md
8
validator
8
npm
8
@strapi/strapi
8
url-parse
8
tar
8
steal
8
systeminformation
8
bootstrap
8
matrix-js-sdk
8
org.webjars.npm:jquery
8
jquery
8
jquery-rails
8
total.js
7
sanitize-html
7
uptime-kuma
7
jquery-ui
7
jquery-ui-rails
7
matrix-appservice-irc
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
snyk-broker
7
jQuery
7
shescape
7
lodash
7
matrix-react-sdk
7
hermes-engine
7
hapi
7
safe-eval
6
aaptjs
6
rsshub
6
parse-url
6
lodash-es
5
total4
5
openpgp
5
sweetalert2
5
public
5
ejs
5
prismjs
5
vite
5
mongoose
5
dojo
5
yarn
5
vditor
5
ua-parser-js
5
@strapi/plugin-users-permissions
5
rendertron
5
xlsx
5
keystone
5
safer-eval
4
muhammara
4
remarkable
4
convert-svg-core
4
axios
4
hummus
4
simple-git
4
engine.io
4
jsonwebtoken
4
realms-shim
4
ws
4
fastify
4
katex
4
dompurify
4
apostrophe
4
vega
4
auth0-js
4
@keystone-6/core
4
materialize-css
4
moment
4
mongo-express
4
valine
4
mermaid
4
auth0-lock
4
@backstage/plugin-scaffolder-backend
4
qs
4
ecstatic
4
simple-markdown
4
generator-jhipster
4
mysql2
4
meshcentral
4
aws-iot-device-sdk-v2
4
glance
4
apollo-server-core
4
awsiotsdk
4
follow-redirects
4
software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
4
ses
3
loader-utils
3
org.webjars.npm:xlsx
3
node-red-dashboard
3
notevil
3
object-path
3
passport-wsfed-saml2
3
js-yaml
3
grunt
3
jspdf
3
n8n
3
locutus
3
jointjs
3
codecov
3
feathers-sequelize
3
mysql
3
wrangler
3
yapi-vendor
3
@frangoteam/fuxa
3
ftp-srv
3
renovate
3
blamer
3
bootstrap
3
@ckeditor/ckeditor5-markdown-gfm
3
raneto
3
tough-cookie
3
froala-editor
3
highcharts
3
localhost-now
3
mixme
3
connect
3
jose
3
socket.io-file
3
fast-xml-parser
3
browserify-shim
3
slpjs
3
dns-sync
3
protobufjs
3
http-live-simulator
3
uap-core
3
xmldom
3
m-server
3
keycloak-connect
3
@strapi/utils
3
@cubejs-backend/api-gateway
3
nodemailer
3
slp-validate
3
apollo-server
3
node-opcua
3
postcss
3
jquery-validation
3
socket.io-parser
3
@backstage/techdocs-common
3
node-ipc
3
mathjs
3
node-jose
3
parsel
3
@uppy/companion
3
nadesiko3
3
convict
3
dojox
3
simplehttpserver
3
fuxa-server
3
mxgraph
3
statics-server
3
stimulsoft-dashboards-js
3
express-fileupload
3
node-fetch
3
xdLocalStorage
3
@hapi/subtext
3
subtext
3
@apollo/server
3
json-pointer
3
immer
3
serialize-to-js
3
buttle
3
typeorm
3
lodash.defaultsdeep
3
@vrite/sdk
3
@commercial/subtext
3
json-ptr
3
@sveltejs/kit
3
snyk
3
@soketi/soketi
3
ids-enterprise
3
Filter by Repository
https://github.com/parse-community/parse-server
29
https://github.com/electron/electron
25
https://github.com/strapi/strapi
21
https://github.com/OpenZeppelin/openzeppelin-contracts
20
https://github.com/directus/directus
17
https://github.com/sequelize/sequelize
16
https://github.com/tinymce/tinymce
14
https://github.com/swagger-api/swagger-ui
13
https://github.com/TryGhost/Ghost
12
https://github.com/backstage/backstage
12
https://github.com/laurent22/joplin
12
https://github.com/ckeditor/ckeditor4
12
https://github.com/patriksimek/vm2
12
https://github.com/nodejs/undici
12
https://github.com/NodeBB/NodeBB
11
https://github.com/vercel/next.js
11
https://github.com/jquery/jquery
10
https://github.com/nextauthjs/next-auth
10
https://github.com/keystonejs/keystone
10
https://github.com/nocodb/nocodb
10
https://github.com/evershopcommerce/evershop
9
https://github.com/stealjs/steal
8
https://github.com/kjur/jsrsasign
8
https://github.com/apollographql/apollo-server
8
https://github.com/pandao/editor.md
8
https://github.com/matrix-org/matrix-js-sdk
8
https://github.com/sebhildebrandt/systeminformation
8
https://github.com/digitalbazaar/forge
8
https://github.com/twbs/bootstrap
7
https://github.com/unshiftio/url-parse
7
https://github.com/lodash/lodash
7
https://github.com/louislam/uptime-kuma
7
https://github.com/matrix-org/matrix-appservice-irc
7
https://github.com/matrix-org/matrix-react-sdk
7
https://github.com/ericcornelissen/shescape
7
https://github.com/jquery/jquery-ui
6
https://github.com/facebook/hermes
6
https://github.com/DIYgod/RSSHub
6
https://github.com/npm/node-tar
6
https://github.com/panva/jose
6
https://github.com/totaljs/framework
6
https://github.com/shenzhim/aaptjs
6
https://github.com/ionicabizau/parse-url
6
https://github.com/eclipse-theia/theia
6
https://github.com/vitejs/vite
5
https://github.com/openpgpjs/openpgpjs
5
https://github.com/markedjs/marked
5
https://github.com/BlackFan/client-side-prototype-pollution
5
https://github.com/npm/cli
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/faisalman/ua-parser-js
5
https://github.com/handlebars-lang/handlebars.js
5
https://github.com/GoogleChrome/rendertron
5
https://github.com/apostrophecms/sanitize-html
5
https://github.com/gatsbyjs/gatsby
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/vega/vega
5
https://github.com/follow-redirects/follow-redirects
4
https://github.com/jhipster/generator-jhipster
4
https://github.com/xCss/Valine
4
https://github.com/jonschlinkert/remarkable
4
https://github.com/mrvautin/expressCart
4
https://github.com/hapijs/hapi
4
https://github.com/aws/aws-iot-device-sdk-java-v2
4
https://github.com/PrismJS/prism
4
https://github.com/sidorares/node-mysql2
4
https://github.com/steveukx/git-js
4
https://github.com/cloudflare/workers-sdk
4
https://github.com/ofirdagan/cross-domain-local-storage
4
https://github.com/axios/axios
4
https://github.com/KaTeX/KaTeX
4
https://github.com/auth0/lock
4
https://github.com/Ylianst/MeshCentral
4
https://github.com/socketio/engine.io
4
https://github.com/balderdashy/sails
4
https://github.com/medialize/URI.js
4
https://github.com/medialize/uri.js
4
https://github.com/yarnpkg/yarn
4
https://github.com/auth0/node-jsonwebtoken
4
https://github.com/angular/angular.js
4
https://github.com/mde/ejs
4
https://github.com/fastify/fastify
4
https://github.com/npm/npm
4
https://github.com/Dogfalo/materialize
4
https://github.com/nodejs/llhttp
3
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
3
https://github.com/highcharts/highcharts
3
https://github.com/neocotic/convert-svg
3
https://github.com/sveltejs/kit
3
https://github.com/node-fetch/node-fetch
3
https://github.com/libxmljs/libxmljs
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/kujirahand/nadesiko3
3
https://github.com/beerpwn/CVE
3
https://github.com/immerjs/immer
3
https://github.com/node-opcua/node-opcua
3
https://github.com/infor-design/enterprise-ng
3
https://github.com/transloadit/uppy
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/nodemailer/nodemailer
3
https://github.com/n8n-io/n8n
3
https://github.com/postcss/postcss
3
https://github.com/MrRio/jsPDF
3
https://github.com/dwisiswant0/advisory
3
https://github.com/mozilla/node-convict
3
https://github.com/mongo-express/mongo-express
3
https://github.com/dojo/dojox
3
https://github.com/dojo/dojo
3
https://github.com/docsifyjs/docsify
3
https://github.com/mongodb/js-bson
3
https://github.com/facebook/react
3
https://github.com/moment/moment
3
https://github.com/nasa/openmct
3
https://github.com/renovatebot/renovate
3
https://github.com/RIAEvangelist/node-ipc
3
https://github.com/mermaid-js/mermaid
3
https://github.com/salesforce/tough-cookie
3
https://github.com/cure53/DOMPurify
3
https://github.com/gruntjs/grunt
3
https://github.com/NaturalIntelligence/fast-xml-parser
3
https://github.com/clientIO/joint
3
https://github.com/simpleledger/slpjs
3
https://github.com/mariocasciaro/object-path
3
https://github.com/ckeditor/ckeditor5
3
https://github.com/cisco/node-jose
3
https://github.com/chjj/marked
3
https://github.com/skoranga/node-dns-sync
3
https://github.com/Marak/colors.js
3
https://github.com/manuelstofer/json-pointer
3
https://github.com/socketio/socket.io-parser
3
https://github.com/soketi/soketi
3
https://github.com/hapijs/subtext
3
https://github.com/jfhbrook/node-ecstatic
3
https://github.com/webpack/loader-utils
3
https://github.com/ua-parser/uap-core
3
https://github.com/adaltas/node-mixme
3
https://github.com/typeorm/typeorm
3
https://github.com/zeit/next.js
3
https://github.com/websockets/ws
3
https://github.com/vriteio/vrite
3
https://github.com/xmldom/xmldom
3
https://github.com/jarofghosts/glance
3
https://github.com/apostrophecms/apostrophe
3
https://github.com/auth0/passport-wsfed-saml2
3
https://github.com/jquery-validation/jquery-validation
3
https://github.com/josdejong/mathjs
3
https://github.com/zestedesavoir/zmarkdown
3
https://github.com/Automattic/mongoose
3
https://github.com/vanessa219/vditor
3
https://github.com/vendure-ecommerce/vendure
3
https://github.com/YMFE/yapi
3
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/jsuites/jsuites
2
https://github.com/mathjax/MathJax
2
https://github.com/codecov/codecov-node
2
https://github.com/cloudhead/node-static
2
https://github.com/jameswlane/status-board
2
https://github.com/shelljs/shelljs
2
https://github.com/commenthol/safer-eval
2
https://github.com/commenthol/serialize-to-js
2
https://github.com/vvakame/fs-git
2
https://github.com/senchalabs/connect
2
https://github.com/semantic-release/semantic-release
2
https://github.com/peerigon/angular-expressions
2
https://github.com/peterbraden/node-opencv
2
https://github.com/ahdinosaur/set-in
2
https://github.com/josdejong/jsoneditor
2
https://github.com/cronvel/tree-kit
2
https://github.com/karma-runner/karma
2
https://github.com/snyk/cli
2
https://github.com/Finastra/ssr-pages
2
https://github.com/manvel-khnkoyan/jpv
2
https://github.com/jonschlinkert/mixin-deep
2
https://github.com/jwadhams/json-logic-js
2
https://github.com/justmoon/node-bignum
2
https://github.com/chocobozzz/peertube
2
https://github.com/chriso/validator.js
2
https://github.com/christian-bromann/rgb2hex
2
https://github.com/sindresorhus/semver-regex
2
https://github.com/sindresorhus/is-svg
2
https://github.com/yahoo/serialize-javascript
2
https://github.com/aFarkas/lazysizes
2
https://github.com/jonschlinkert/set-value
2
https://github.com/markdown-it/markdown-it
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/julianhille/MuhammaraJS
2
https://github.com/marudor/libxmljs2
2
https://github.com/simonh1000/angular-http-server
2
https://github.com/jcubic/jquery.terminal
2
https://github.com/endojs/endo
2
https://github.com/vivaxy/here
2
https://github.com/Agoric/realms-shim
2
https://github.com/payloadcms/payload
2
https://github.com/guardian/html-janitor
2
https://github.com/mysqljs/mysql
2
https://github.com/froala/wysiwyg-editor
2
https://github.com/mithunsatheesh/node-rules
2
https://github.com/dfinity/agent-js
2
https://github.com/mozilla/pdf.js
2