Browse Security Advisories
Moderate Security Advisories in npm Clear Filters
Moderate
8 days ago
HAX CMS application pages vulnerable to clickjacking
packagist, npm
elmsln/haxcms, @haxtheweb/haxcms-nodejs
Moderate
12 days ago
OpenZeppelin Contracts Bytes's lastIndexOf function with position argument performs out-of-bound memory access on empty buffers
npm
@openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
12 days ago
DiracX-Web is vulnerable to attack through an Open Redirect on its login page
npm
@dirac-grid/diracx-web-components
Moderate
13 days ago
vue-i18n's escapeParameterHtml does not prevent DOM-based XSS through its tag attributes
npm
petite-vue-i18n, @intlify/vue-i18n-core, @intlify/core-base, @intlify/core, vue-i18n
Moderate
14 days ago
Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows
npm
directus
Moderate
14 days ago
Directus tokens are not redacted in flow logs, exposing session credentials to all admin
npm
directus
Moderate
14 days ago
Directus is vulnerable to sensitive data exposure as user data is not being redacted when logged
npm
directus
Moderate
19 days ago
@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation
npm
@pdfme/common
Moderate
21 days ago
Cloudflare Vite plugin exposes secrets over the built-in dev server
npm
@cloudflare/vite-plugin
Moderate
26 days ago
n8n is vulnerable to Improper Authorization through its `/stop` endpoint
npm
n8n
Moderate
26 days ago
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript
npm
tarteaucitronjs
Moderate
about 1 month ago
iOS Simulator MCP Command Injection allowed via exec API
npm
ios-simulator-mcp
Moderate
about 1 month ago
OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer
npm
@openlist-frontend/openlist-frontend
Moderate
about 2 months ago
@vue/cli-plugin-pwa Regular Expression Denial of Service vulnerability
npm
@vue/cli-plugin-pwa
Moderate
about 2 months ago
taro-css-to-react-native Regular Expression Denial of Service vulnerability
npm
taro-css-to-react-native
Moderate
about 2 months ago
@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability
npm
@haxtheweb/haxcms-nodejs
Moderate
about 2 months ago
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
npm
@haxtheweb/open-apis
Moderate
about 2 months ago
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
npm
webpack-dev-server
Moderate
about 2 months ago
webpack-dev-server users' source code may be stolen when they access a malicious web site
npm
webpack-dev-server
Moderate
about 2 months ago
AngularJS Incomplete Filtering of Special Elements vulnerability
npm
angular-sanitize
Moderate
2 months ago
Markdownify MCP Server allows attackers to read arbitrary files
npm
mcp-markdownify-server
Moderate
2 months ago
Markdownify MCP Server allows Server-Side Request Forgery (SSRF) via the Markdownify.get() function
npm
mcp-markdownify-server
Moderate
2 months ago
Strapi allows Server-Side Request Forgery in Webhook function
npm
@strapi/admin
Moderate
2 months ago
radashi Allows Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
npm
radashi
Moderate
2 months ago
lockfile-lint-api Vulnerable to Incorrect Behavior Order
npm
lockfile-lint-api
Moderate
3 months ago
Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data
npm
bootstrap-multiselect
Moderate
3 months ago
@lumieducation/h5p-server Fails to Sanitize Plain Text Strings
npm
@lumieducation/h5p-server
Moderate
3 months ago
@misskey-dev/summaly allows IP Filter Bypass via Redirect
npm
@misskey-dev/summaly
Moderate
3 months ago
@cloudflare/workers-oauth-provider PKCE bypass via downgrade attack
npm
@cloudflare/workers-oauth-provider
Moderate
3 months ago
@cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint
npm
@cloudflare/workers-oauth-provider
Moderate
3 months ago
@account-kit/smart-contracts Allowlist Module Bypass Vulnerability
npm
@account-kit/smart-contracts
Moderate
3 months ago
GraphQL Armor Cost-Limit Plugin Bypass via Introspection Query Obfuscation
npm
@escape.tech/graphql-armor-cost-limit
Moderate
3 months ago
pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting
npm
pnpm
Moderate
3 months ago
QMarkdown Cross-Site Scripting (XSS) vulnerability
npm
@quasar/quasar-ui-qmarkdown
Moderate
3 months ago
Permission policy information leakage in Backstage permission system
npm
@backstage/plugin-permission-backend
Moderate
4 months ago
http-proxy-middleware can call writeBody twice because "else if" is not used
npm
http-proxy-middleware
Moderate
4 months ago
http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed
npm
http-proxy-middleware
Moderate
4 months ago
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params
npm
@sveltejs/kit
Moderate
4 months ago
Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function
npm
koa
Moderate
4 months ago
ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation
npm
@apeleghq/asn1-der
Moderate
4 months ago
estree-util-value-to-estree allows prototype pollution in generated ESTree
npm
estree-util-value-to-estree
Moderate
4 months ago
tarteaucitron.js allows url scheme injection via unfiltered inputs
npm
tarteaucitronjs
Moderate
4 months ago
tarteaucitron.js allows prototype pollution via custom text injection
npm
tarteaucitronjs
Moderate
4 months ago
tarteaucitron.js allows UI manipulation via unrestricted CSS injection
npm
tarteaucitronjs
Moderate
4 months ago
Vite allows server.fs.deny to be bypassed with .svg or relative paths
npm
vite
Moderate
4 months ago
expand-object Vulnerable to Prototype Pollution via the expand() Function
npm
expand-object
Moderate
4 months ago
aws-cdk-lib has Insertion of Sensitive Information into Log File vulnerability when using Cognito UserPoolClient Construct
npm
aws-cdk-lib
Moderate
4 months ago
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
npm
vite
Moderate
4 months ago
Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
npm
uptime-kuma
Moderate
4 months ago
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
npm
vega-functions, vega
Moderate
4 months ago
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
npm
vega-functions, vega
Moderate
4 months ago
Directus `search` query parameter allows enumeration of non permitted fields
npm
directus
Moderate
4 months ago
Directus's S3 assets become unavailable after a burst of HEAD requests
npm
directus, @directus/storage-driver-s3
Moderate
4 months ago
Directus's S3 assets become unavailable after a burst of malformed transformations
npm
directus, @directus/storage-driver-s3
Moderate
4 months ago
AWS CDK CLI prints AWS credentials retrieved by custom credential plugins
npm
cdk, aws-cdk
Moderate
5 months ago
JS Html Sanitizer allows XSS when used with contentEditable
npm
@jitbit/htmlsanitizer
Moderate
5 months ago
nest allows a remote attacker to execute arbitrary code via the Content-Type header
npm
@nestjs/common
Moderate
5 months ago
Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups
npm
@babel/runtime-corejs3, @babel/runtime-corejs2, @babel/runtime, @babel/helpers
Moderate
5 months ago
NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page
npm
nocodb
Moderate
5 months ago
MongoDB Shell may be susceptible to control character injection via pasting
npm
mongosh
Moderate
5 months ago
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter
npm
better-auth
Moderate
5 months ago
Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package
npm
ckeditor5-premium-features, @ckeditor/ckeditor5-real-time-collaboration
Moderate
5 months ago
Directus allows updates to non-allowed fields due to overlapping policies
npm
@directus/api, directus
Moderate
6 months ago
@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
npm
@octokit/request
Moderate
6 months ago
@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
npm
@octokit/request-error
Moderate
6 months ago
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
npm
@octokit/plugin-paginate-rest
Moderate
6 months ago
@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
npm
@octokit/endpoint
Moderate
6 months ago
Vega allows Cross-site Scripting via the vlSelectionTuples function
npm
vega-selections, vega
Filter by Severity
Filter by Ecosystem
maven
3,135
packagist
3,007
pypi
2,022
npm
1,354
go
1,272
nuget
659
rubygems
437
cargo
411
hex
16
swift
13
actions
7
pub
3
Filter by Package
directus
23
tinymce
14
@openzeppelin/contracts
11
bootstrap
11
ckeditor4
11
tinymce/tinymce
11
@openzeppelin/contracts-upgradeable
11
TinyMCE
11
vite
10
ghost
10
joplin
10
angular
9
bootstrap
9
twbs/bootstrap
9
org.webjars:bootstrap
9
electron
9
bootstrap
9
next
9
swagger-ui
9
parse-server
8
editor.md
8
nocodb
7
nodebb
7
bootstrap-sass
7
org.webjars.npm:jquery
7
validator
7
org.webjars.npm:jquery-ui
7
marked
7
uptime-kuma
7
jquery-rails
7
jquery-ui-rails
7
jquery-ui
7
jquery
7
bootstrap-sass
7
bootstrap.sass
7
jQuery.UI.Combined
7
urijs
6
flowise
6
vega
6
jQuery
6
url-parse
6
undici
6
sanitize-html
6
snyk-broker
6
matrix-appservice-irc
5
katex
5
tarteaucitronjs
5
matrix-js-sdk
5
n8n
5
vditor
5
@evershop/evershop
5
froala-editor
5
vega-functions
4
rsshub
4
matrix-react-sdk
4
materialize-css
4
serve
4
yui
4
dompurify
4
@directus/api
4
trix
4
glance
4
@materializecss/materialize
3
vue-i18n
3
@saltcorn/server
3
postcss
3
statics-server
3
org.webjars.npm:xlsx
3
jose
3
dojo
3
renovate
3
docsify
3
layui
3
next-auth
3
systeminformation
3
hono
3
moodle/moodle
3
express
3
@backstage/techdocs-common
3
public
3
@intlify/vue-i18n-core
3
mattermost-desktop
3
hapi
3
jose-node-cjs-runtime
3
jose-node-esm-runtime
3
apollo-server-core
3
@ckeditor/ckeditor5-markdown-gfm
3
m-server
3
follow-redirects
3
@lobehub/chat
3
yapi-vendor
3
petite-vue-i18n
3
strapi
3
@jmondi/url-to-png
3
django-tinymce
3
sequelize
3
valine
3
parse-url
3
mysql
3
lodash
3
xlsx
3
@directus/app
2
nodemailer
2
mapbox.js
2
@fedify/fedify
2
keystone
2
@strapi/utils
2
notevil
2
connect
2
pug-code-gen
2
simditor
2
status-board
2
jsonwebtoken
2
mongo-express
2
mcp-markdownify-server
2
karma
2
i18next
2
@intlify/core
2
@finastra/nestjs-proxy
2
mysql2
2
handlebars
2
engine.io
2
froala/wysiwyg-editor
2
drupal/drupal
2
jsrsasign
2
jsoneditor
2
wrangler
2
aws-cdk
2
@strapi/plugin-content-manager
2
stimulsoft-dashboards-js
2
@directus/storage-driver-s3
2
jellyfin-web
2
google-closure-library
2
@excalidraw/excalidraw
2
matrix-appservice-bridge
2
nunjucks
2
jose-browser-runtime
2
openmct
2
nanoid
2
@vrite/sdk
2
auth0-lock
2
fast-jwt
2
erxes
2
sockjs
2
node-sass
2
http-proxy-middleware
2
xmldom
2
@intlify/core-base
2
psitransfer
2
typo3/cms
2
bl
2
drupal/core
2
@openc3/tool-common
2
@adobe/css-tools
2
reveal.js
2
astro
2
tough-cookie
2
http-file-server
2
jspdf
2
@strapi/admin
2
typo3/cms-core
2
pnpm
2
Umbraco.Cms.StaticAssets
2
@auth0/nextjs-auth0
2
summernote
2
node-red-dashboard
2
simple-markdown
2
ckeditor/ckeditor
2
bootbox
2
jszip
2
gitbook
2
html-janitor
2
aws-cdk-lib
2
quill
2
simplehttpserver
2
fastify
2
converse.js
2
highlight.js
2
openc3
2
querymen
2
swagger-ui-dist
2
@strapi/strapi
2
uap-core
2
socket.io
2
keycloak-connect
2
openpgp
2
@builder.io/qwik
2
mapbox-rails
2
mermaid
2
node-forge
2
apostrophe
2
bodymen
2
openc3
2
org.webjars.npm:bootstrap
2
ggit
2
request
2
jodit
2
@cloudflare/workers-oauth-provider
2
svelte
2
@umbraco-cms/backoffice
2
Filter by Repository
https://github.com/directus/directus
24
https://github.com/tinymce/tinymce
14
https://github.com/OpenZeppelin/openzeppelin-contracts
11
https://github.com/strapi/strapi
11
https://github.com/electron/electron
10
https://github.com/backstage/backstage
10
https://github.com/vitejs/vite
10
https://github.com/ckeditor/ckeditor4
10
https://github.com/laurent22/joplin
10
https://github.com/jquery/jquery
9
https://github.com/TryGhost/Ghost
9
https://github.com/swagger-api/swagger-ui
8
https://github.com/pandao/editor.md
8
https://github.com/parse-community/parse-server
8
https://github.com/twbs/bootstrap
7
https://github.com/nocodb/nocodb
7
https://github.com/louislam/uptime-kuma
7
https://github.com/vercel/next.js
7
https://github.com/vega/vega
7
https://github.com/NodeBB/NodeBB
6
https://github.com/panva/jose
6
https://github.com/FlowiseAI/Flowise
6
https://github.com/nodejs/undici
6
https://github.com/jquery/jquery-ui
6
https://github.com/unshiftio/url-parse
5
https://github.com/evershopcommerce/evershop
5
https://github.com/ckeditor/ckeditor5
5
https://github.com/n8n-io/n8n
5
https://github.com/KaTeX/KaTeX
5
https://github.com/matrix-org/matrix-appservice-irc
5
https://github.com/matrix-org/matrix-js-sdk
5
https://github.com/apollographql/apollo-server
4
https://github.com/apostrophecms/sanitize-html
4
https://github.com/keystonejs/keystone
4
https://github.com/DIYgod/RSSHub
4
https://github.com/nextauthjs/next-auth
4
https://github.com/Dogfalo/materialize
4
https://github.com/matrix-org/matrix-react-sdk
4
https://github.com/AmauriC/tarteaucitron.js
4
https://github.com/markedjs/marked
4
https://github.com/aws/aws-cdk
4
https://github.com/basecamp/trix
4
https://github.com/docsifyjs/docsify
3
https://github.com/sequelize/sequelize
3
https://github.com/postcss/postcss
3
https://github.com/YMFE/yapi
3
https://github.com/eclipse-theia/theia
3
https://github.com/vanessa219/vditor
3
https://github.com/nuxt/nuxt
3
https://github.com/jarofghosts/glance
3
https://github.com/jasonraimondi/url-to-png
3
https://github.com/lodash/lodash
3
https://github.com/haxtheweb/issues
3
https://github.com/hapijs/hapi
3
https://github.com/lobehub/lobe-chat
3
https://github.com/xCss/Valine
3
https://github.com/saltcorn/saltcorn
3
https://github.com/cloudflare/workers-sdk
3
https://github.com/angular/angular.js
3
https://github.com/honojs/hono
3
https://github.com/renovatebot/renovate
3
https://github.com/medialize/uri.js
3
https://github.com/medialize/URI.js
3
https://github.com/cure53/DOMPurify
3
https://github.com/ionicabizau/parse-url
3
https://github.com/sebhildebrandt/systeminformation
3
https://github.com/intlify/vue-i18n
3
https://github.com/froala/wysiwyg-editor
3
https://github.com/follow-redirects/follow-redirects
3
https://github.com/sass/node-sass
2
https://github.com/chimurai/http-proxy-middleware
2
https://github.com/sidorares/node-mysql2
2
https://github.com/openpgpjs/openpgpjs
2
https://github.com/caolan/forms
2
https://github.com/chocobozzz/peertube
2
https://github.com/salesforce/tough-cookie
2
https://github.com/rvagg/bl
2
https://github.com/cloudflare/workers-oauth-provider
2
https://github.com/request/request
2
https://github.com/pnpm/pnpm
2
https://github.com/dahlia/fedify
2
https://github.com/quilljs/quill
2
https://github.com/digitalbazaar/forge
2
https://github.com/punkave/sanitize-html
2
https://github.com/psi-4ward/psitransfer
2
https://github.com/pugjs/pug
2
https://github.com/givanz/VvvebJs
2
https://github.com/mermaid-js/mermaid
2
https://github.com/mde/ejs
2
https://github.com/GoogleChrome/rendertron
2
https://github.com/google/closure-library
2
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/guardian/html-janitor
2
https://github.com/manuelstofer/json-pointer
2
https://github.com/highlightjs/highlight.js
2
https://github.com/i18next/i18next
2
https://github.com/koush/scrypted
2
https://github.com/kjur/jsrsasign
2
https://github.com/Khan/simple-markdown
2
https://github.com/keycloak/keycloak-nodejs-connect
2
https://github.com/karma-runner/karma
2
https://github.com/jameswlane/status-board
2
https://github.com/josdejong/jsoneditor
2
https://github.com/jellyfin/jellyfin-web
2
https://github.com/OpenC3/cosmos
2
https://github.com/erxes/erxes
2
https://github.com/excalidraw/excalidraw
2
https://github.com/nodemailer/nodemailer
2
https://github.com/expressjs/express
2
https://github.com/facebook/react
2
https://github.com/fastify/fastify
2
https://github.com/nestjs/nest
2
https://github.com/nearform/fast-jwt
2
https://github.com/nasa/openmct
2
https://github.com/mysqljs/mysql
2
https://github.com/Finastra/finastra-nodejs-libs
2
https://github.com/firebase/firebase-js-sdk
2
https://github.com/MrRio/jsPDF
2
https://github.com/mozilla/nunjucks
2
https://github.com/moxiecode/plupload
2
https://github.com/gatsbyjs/gatsby
2
https://github.com/axios/axios
2
https://github.com/adobe/css-tools
2
https://github.com/withastro/astro
2
https://github.com/yahoo/serialize-javascript
2
https://github.com/apostrophecms/apostrophe
2
https://github.com/zcaceres/markdownify-mcp
2
https://github.com/sveltejs/svelte
2
https://github.com/ai/nanoid
2
https://github.com/vriteio/vrite
2
https://github.com/zeit/next.js
2
https://github.com/socketio/socket.io
2
https://github.com/summernote/summernote
2
https://github.com/socketio/engine.io
2
https://github.com/vendure-ecommerce/vendure
2
https://github.com/auth0/node-jsonwebtoken
2
https://github.com/braintree/sanitize-url
2
https://github.com/auth0/nextjs-auth0
2
https://github.com/Vanessa219/vditor
2
https://github.com/getsentry/sentry-javascript
2
https://github.com/webpack/webpack-dev-server
2
https://github.com/auth0/lock
2
https://github.com/Stuk/jszip
2
https://github.com/Urigo/graphql-mesh
2
https://github.com/validatorjs/validator.js
2
https://github.com/ua-parser/uap-core
2
https://github.com/xmldom/xmldom
2
https://github.com/umbraco/Umbraco-CMS
2
https://github.com/google/zx
1
https://github.com/googleapis/nodejs-firestore
1
https://github.com/GoogleChromeLabs/critters
1
https://github.com/angular/angular
1
https://github.com/ansman/validate.js
1
https://github.com/GoogleChrome/puppeteer
1
https://github.com/antfu/utils
1
https://github.com/AntSwordProject/antSword
1
https://github.com/grafana/grafana
1
https://github.com/graphql/graphql-js
1
https://github.com/gregof/fsa
1
https://github.com/andzdroid/paypal-ipn
1
https://github.com/amitmerchant1990/electron-markdownify
1
https://github.com/amauric/tarteaucitron.js
1
https://github.com/alvarotrigo/fullpage.js
1
https://github.com/grpc/grpc-node
1
https://github.com/gruntjs/grunt
1
https://github.com/AllenFang/react-bootstrap-table
1
https://github.com/GuyMograbi/kill-by-port
1
https://github.com/auth0/angular-jwt
1
https://github.com/Finastra/ssr-pages
1
https://github.com/aurelia/templating-resources
1
https://github.com/flitbit/json-ptr
1
https://github.com/floridoo/concat-with-sourcemaps
1
https://github.com/asjdf/element-table-xss-test
1
https://github.com/artf/grapesjs
1
https://github.com/Formstone/Formstone
1
https://github.com/foundation/foundation-sites
1
https://github.com/fraction/oasis
1
https://github.com/franciscop/translate
1
https://github.com/arnog/mathlive
1
https://github.com/ftonato/nope-validator
1
https://github.com/futurepress/epub.js
1
https://github.com/garycourt/uri-js
1
https://github.com/gchq/CyberChef
1
https://github.com/apexcharts/apexcharts.js
1
https://github.com/gf3/sandbox
1
https://github.com/giggio/node-chromedriver
1
https://github.com/GitbookIO/gitbook
1
https://github.com/github/paste-markdown
1
https://github.com/ApelegHQ/ts-asn1-der
1
https://github.com/GladysAssistant/Gladys
1
https://github.com/goauthentik/authentik
1
https://github.com/godaddy/node-config-shield
1
https://github.com/anzhiyu-c/hexo-theme-anzhiyu
1
https://github.com/gvarsanyi/sync-exec
1
https://github.com/imsebao/404team
1
https://github.com/indutny/elliptic
1
https://github.com/AgeOfLearning/aofl
1
https://github.com/aFarkas/lazysizes
1
https://github.com/AdamPflug/express-brute
1