Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

npm

5,162,107 packages · npmjs.org

Moderate Security Advisories in npm Clear Filters

Moderate
5 months ago

QMarkdown Cross-Site Scripting (XSS) vulnerability GSA_kwCzR0hTQS13bTY1LXBoM3ctNTg3Y84ABHDi

npm @quasar/quasar-ui-qmarkdown
Moderate
6 months ago

Permission policy information leakage in Backstage permission system GSA_kwCzR0hTQS1mOGo0LXA1Y3ItcDc3N84ABG2B

npm @backstage/plugin-permission-backend
Moderate
6 months ago

jquery-validation vulnerable to Cross-site Scripting GSA_kwCzR0hTQS1ycmoyLXBoNXEtanh3Ms4ABGxg

npm jquery-validation
Moderate
6 months ago

http-proxy-middleware allows fixRequestBody to proceed even if bodyParser has failed GSA_kwCzR0hTQS05Z3F2LXdwNTktZnE0Ms4ABGxU

npm http-proxy-middleware
Moderate
6 months ago

http-proxy-middleware can call writeBody twice because "else if" is not used GSA_kwCzR0hTQS00d3d3LTVwOWgtOTVtaM4ABGxX

npm http-proxy-middleware
Moderate
6 months ago

@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params GSA_kwCzR0hTQS02cTg3LTg0anctY2pocM4ABGwR

npm @sveltejs/kit
Moderate
6 months ago

Directus inserts access token from query string into logs GSA_kwCzR0hTQS12dzU4LXBoNjUtNnJ4cM4ABGvt

npm @directus/api
Moderate
6 months ago

Vite has an `server.fs.deny` bypass with an invalid `request-target` GSA_kwCzR0hTQS0zNTZ3LTYzdjUtOHdmNM4ABGt0

npm vite
Moderate
6 months ago

Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function GSA_kwCzR0hTQS14MnJnLXE2NDYtN20yds4ABGn_

npm koa
Moderate
6 months ago

ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value Representation GSA_kwCzR0hTQS1wNHF3LTdqOWctNWg1M84ABGhK

npm @apeleghq/asn1-der
Moderate
6 months ago

estree-util-value-to-estree allows prototype pollution in generated ESTree GSA_kwCzR0hTQS1mN2Y2LTlqcTctM3Jxas4ABGhI

npm estree-util-value-to-estree
Moderate
6 months ago

FlowiseDB vulnerable to SQL Injection by authenticated users GSA_kwCzR0hTQS05YzRjLWc5NW0tYzhjcM4ABGhA

npm flowise
Moderate
6 months ago

tarteaucitron.js allows url scheme injection via unfiltered inputs GSA_kwCzR0hTQS1wNWc0LXY3NDgtNmZoOM4ABGgl

npm tarteaucitronjs
Moderate
6 months ago

tarteaucitron.js allows prototype pollution via custom text injection GSA_kwCzR0hTQS00aHd4LXhjYzUtMmhmY84ABGgj

npm tarteaucitronjs
Moderate
6 months ago

tarteaucitron.js allows UI manipulation via unrestricted CSS injection GSA_kwCzR0hTQS03NTI0LTMzOTYtZnF2M84ABGgi

npm tarteaucitronjs
Moderate
6 months ago

Vite allows server.fs.deny to be bypassed with .svg or relative paths GSA_kwCzR0hTQS14Y2o2LXBxNmctcWo0eM4ABGau

npm vite
Moderate
6 months ago

expand-object Vulnerable to Prototype Pollution via the expand() Function GSA_kwCzR0hTQS00dmpyLWhmcHAtMm03d84ABGaE

npm expand-object
Moderate
6 months ago

aws-cdk-lib has Insertion of Sensitive Information into Log File vulnerability when using Cognito UserPoolClient Construct GSA_kwCzR0hTQS1xcTR4LWM2aDYtcmZ4aM4ABGJ2

npm aws-cdk-lib
Moderate
6 months ago

gifplayer XSS vulnerability GSA_kwCzR0hTQS1ncjd3LWhtY2gtMjVnN84ABGJz

npm gifplayer
Moderate
6 months ago

Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query GSA_kwCzR0hTQS00cjRtLXF3NTctY2hyOM4ABGJV

npm vite
Moderate
6 months ago

Uptime Kuma's Regular Expression in pushdeeer and whapi file Leads to ReDoS Vulnerability Due to Catastrophic Backtracking GSA_kwCzR0hTQS1oeDdoLTl2ZjctNXhoZ84ABGJR

npm uptime-kuma
Moderate
6 months ago

Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] GSA_kwCzR0hTQS05NjNoLTN2MzktM3BxZs4ABGAX

npm vega-functions, vega
Moderate
6 months ago

Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter GSA_kwCzR0hTQS1yY3czLXdteDctY3Bocs4ABF-7

npm vega-functions, vega
Moderate
6 months ago

Directus `search` query parameter allows enumeration of non permitted fields GSA_kwCzR0hTQS03d3EzLWpyMzUtMjc1Y84ABF8H

npm directus
Moderate
6 months ago

Directus's S3 assets become unavailable after a burst of HEAD requests GSA_kwCzR0hTQS1ydjc4LXFxcnEtNzNtNc4ABF78

npm directus, @directus/storage-driver-s3
Moderate
6 months ago

Directus's S3 assets become unavailable after a burst of malformed transformations GSA_kwCzR0hTQS1qOHhqLTdqZmYtNDZteM4ABF77

npm directus, @directus/storage-driver-s3
Moderate
6 months ago

Vite bypasses server.fs.deny when using ?raw?? GSA_kwCzR0hTQS14NTc0LW04MjMtNHg3d84ABF5T

npm vite
Moderate
6 months ago

GetmeUK ContentTools Cross-Site Scripting (XSS) GSA_kwCzR0hTQS00ZjJ2LTJncHEtcWhqZ84ABFzg

npm ContentTools
Moderate
6 months ago

AWS CDK CLI prints AWS credentials retrieved by custom credential plugins GSA_kwCzR0hTQS12NjNtLXg5cjktOGdxcM4ABFxX

npm cdk, aws-cdk
Moderate
6 months ago

Parse Server has an OAuth login vulnerability GSA_kwCzR0hTQS04MzdxLWpod3gtY21wds4ABFxW

npm parse-server
Moderate
7 months ago

Fast-JWT Improperly Validates iss Claims GSA_kwCzR0hTQS1nbTQ1LXEzdjItNmNmOM4ABFpe

npm fast-jwt
Moderate
7 months ago

JS Html Sanitizer allows XSS when used with contentEditable GSA_kwCzR0hTQS12aHY0LWZoOTQtam01eM4ABFfP

npm @jitbit/htmlsanitizer
Moderate
7 months ago

nest allows a remote attacker to execute arbitrary code via the Content-Type header GSA_kwCzR0hTQS1jajd2LXcyYzctY3A3Y84ABFfH

npm @nestjs/common
Moderate
7 months ago

Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups GSA_kwCzR0hTQS05NjhwLTR3dmgtY3FjOM4ABFUd

npm @babel/runtime-corejs3, @babel/runtime-corejs2, @babel/runtime, @babel/helpers
Moderate
7 months ago

NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page GSA_kwCzR0hTQS13ZjZjLWhyaGYtODZjd84ABFLV

npm nocodb
Moderate
7 months ago

Manifest Uses a One-Way Hash without a Salt GSA_kwCzR0hTQS1oOGg2LTc3NTItZzI4Y84ABFBI

npm manifest
Moderate
7 months ago

mavo DOM Clobbering vulnerability GSA_kwCzR0hTQS0zbWY1LXI0aGctaGZ4Oc4ABFA1

npm mavo
Moderate
7 months ago

Stage.js DOM Clobbering vulnerabilty GSA_kwCzR0hTQS1mcDNtLWc1cmMtNGMyOM4ABE9I

npm stage-js
Moderate
7 months ago

PrismJS DOM Clobbering vulnerability GSA_kwCzR0hTQS14N2hyLXc1cjItaDZ3Z84ABE9E

npm prismjs
Moderate
7 months ago

MongoDB Shell may be susceptible to control character injection via pasting GSA_kwCzR0hTQS05NzNoLTN4NnAtcWczN84ABE03

npm mongosh
Moderate
7 months ago

Beter Auth has an Open Redirect via Scheme-Less Callback Parameter GSA_kwCzR0hTQS1oanBtLTdtcm0tMjZ3OM4ABEvD

npm better-auth
Moderate
7 months ago

Cross-site scripting (XSS) in the CKEditor 5 real-time collaboration package GSA_kwCzR0hTQS1qM21tLXdtZm0tbXd2aM4ABEq5

npm ckeditor5-premium-features, @ckeditor/ckeditor5-real-time-collaboration
Moderate
7 months ago

Directus allows updates to non-allowed fields due to overlapping policies GSA_kwCzR0hTQS05OXZtLTV2MmgtaDZyNs4ABEoi

npm @directus/api, directus
Moderate
8 months ago

@octokit/request has a Regular Expression in fetchWrapper that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking GSA_kwCzR0hTQS1ybXZyLTJwcDIteGozOM4ABEfs

npm @octokit/request
Moderate
8 months ago

@octokit/request-error has a Regular Expression in index that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking GSA_kwCzR0hTQS14eDR2LXByZmgtNmNnY84ABEfr

npm @octokit/request-error
Moderate
8 months ago

@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking GSA_kwCzR0hTQS1oNWMzLTVyM3ItcnI4cc4ABEfq

npm @octokit/plugin-paginate-rest
Moderate
8 months ago

@octokit/endpoint has a Regular Expression in parse that Leads to ReDoS Vulnerability Due to Catastrophic Backtracking GSA_kwCzR0hTQS14NGM1LWM3cmYtampnds4ABEfp

npm @octokit/endpoint
Moderate
8 months ago

Vega allows Cross-site Scripting via the vlSelectionTuples function GSA_kwCzR0hTQS1tcDd3LW1oY3YtNjczas4ABEfo

npm vega-selections, vega
Moderate
8 months ago

DOMPurify allows Cross-site Scripting (XSS) GSA_kwCzR0hTQS12aHhmLTd2cXItbXJqZ84ABEeY

npm dompurify
Moderate
8 months ago

Cross-site Scripting (XSS) in serialize-javascript GSA_kwCzR0hTQS03NnA3LTc3M2YtcjRxNc4ABEQm

npm serialize-javascript
Moderate
8 months ago

esbuild enables any website to send any requests to the development server and read the response GSA_kwCzR0hTQS02N21oLTR3djgtMmY5Oc4ABEQY

npm esbuild
Moderate
8 months ago

Vitest browser mode serves arbitrary files GSA_kwCzR0hTQS04Z3ZjLWoyNzMtNHdtNc4ABEIy

npm @vitest/browser
Moderate
8 months ago

ZX Allows Environment Variable Injection for dotenv API GSA_kwCzR0hTQS1xd3A4LXg0ZmYtNWg4N84ABEHK

npm zx
Moderate
8 months ago

files.photo.gallery command injection GSA_kwCzR0hTQS01d2p3LXFqaG0tdjQzaM4ABD8W

npm files.photo.gallery
Moderate
8 months ago

snowflake-sdk may incorrectly validate temporary credential cache file permissions GSA_kwCzR0hTQS14Zmh2LXdxajYtcng5Oc4ABD7I

npm snowflake-sdk
Moderate
8 months ago

Opening a malicious website while running a Nuxt dev server could allow read-only access to code GSA_kwCzR0hTQS00Z2Y3LWZmOHgtaHE5Oc4ABD1p

npm @nuxt/rspack-builder, @nuxt/webpack-builder
Moderate
8 months ago

Opening a malicious website while running a Nuxt dev server could allow read-only access to code GSA_kwCzR0hTQS0yNDUyLTZ4ajgtamg0N84ABD1o

npm @nuxt/vite-builder
Moderate
8 months ago

NodeBB Cross-site scripting (XSS) vulnerability GSA_kwCzR0hTQS12cXIzLXZycmctZjNqaM4ABDz9

npm nodebb
Moderate
8 months ago

Cross Site Scripting vulnerability in store2 GSA_kwCzR0hTQS13NWhxLWhtNW0tNDU0OM4ABDw5

npm store2
Moderate
8 months ago

Directus allows privilege escalation using Share feature GSA_kwCzR0hTQS1wbWY0LXY4MzgtMjloZ84ABDwm

npm directus
Moderate
8 months ago

MathLive's Lack of Escaping of HTML allows for XSS GSA_kwCzR0hTQS1xd2o2LXE5NGYtODQyNc4ABDo7

npm mathlive
Moderate
8 months ago

Use of Insufficiently Random Values in undici GSA_kwCzR0hTQS1jNzZoLTJjY3AtNDk3Nc4ABDo4

npm undici
Moderate
8 months ago

XSS/HTML Injection Vulnerability in Umbraco Backoffice Components GSA_kwCzR0hTQS13djh2LXJtdzItMjV3Y84ABDow

npm, nuget @umbraco-cms/backoffice, Umbraco.Cms.StaticAssets
Moderate
8 months ago

Infinite loop and Blind SSRF found inside the Webfinger mechanism in @fedify/fedify GSA_kwCzR0hTQS1jNTlwLXdxNjctMjR3eM4ABDov

npm @fedify/fedify
Moderate
8 months ago

Websites were able to send any requests to the development server and read the response in vite GSA_kwCzR0hTQS12ZzZ4LXJjZ2ctcmp4Ns4ABDou

npm vite
Moderate
9 months ago

KaTeX \htmlData does not validate attribute names GSA_kwCzR0hTQS1jZzg3LXdteDQtdjU0Ns4ABDg9

npm katex
Moderate
9 months ago

parse-uri Regular expression Denial of Service (ReDoS) GSA_kwCzR0hTQS02Zng4LWg3am0tNjYzas4ABDbG

npm parseuri, parse-uri
Moderate
9 months ago

Next.js Allows a Denial of Service (DoS) with Server Actions GSA_kwCzR0hTQS03bTI3LTdnaGMtNDR3Oc4ABC8r

npm next
Moderate
9 months ago

Trix allows Cross-site Scripting via `javascript:` url in a link GSA_kwCzR0hTQS1qMzg2LTM0NDQtcWd3Z84ABC8g

npm trix
Moderate
9 months ago

Marp Core allows XSS by improper neutralization of HTML sanitization GSA_kwCzR0hTQS14NTJmLWg1ZzQtOHF2Nc4ABCti

npm @marp-team/marp-core
Moderate
10 months ago

uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor GSA_kwCzR0hTQS0ycWdtLW0yOW0tY2oyaM4ABCpp

npm uptime-kuma
Moderate
10 months ago

Atro CSRF Middleware Bypass (security.checkOrigin) GSA_kwCzR0hTQS1jNHB3LTMzaDMtMzV4d84ABCjF

npm astro
Moderate
10 months ago

Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo GSA_kwCzR0hTQS12OW14LTRwcXEtaDIzMs4ABCie

npm bun
Moderate
10 months ago

pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion GSA_kwCzR0hTQS12bTMyLTlycWYtcmgzcs4ABCQL

npm pnpm
Moderate
10 months ago

Trix editor subject to XSS vulnerabilities on copy & paste GSA_kwCzR0hTQS02dng0LXYyanctcXdxaM4ABCNC

npm trix
Moderate
10 months ago

Predictable results in nanoid generation when given non-integer values GSA_kwCzR0hTQS1td2N3LWMyeDQtOGM1Nc4ABCJV

npm nanoid
Moderate
10 months ago

Directus has an HTML Injection in Comment GSA_kwCzR0hTQS1yNnd4LTYyN3YtZ2gyZs4ABCFr

npm directus, @directus/app
Moderate
10 months ago

Backstage Scaffolder plugin vulnerable to Server-Side Request Forgery GSA_kwCzR0hTQS1xbWMyLWpwcjUtN3JnOc4ABB_p

npm @backstage/plugin-scaffolder-node
Moderate
10 months ago

@intlify/shared Prototype Pollution vulnerability GSA_kwCzR0hTQS1oandxLW1qd2otNHg2Y84ABB_H

npm vue-i18n, @intlify/vue-i18n-core, @intlify/shared, petite-vue-i18n
Moderate
10 months ago

vue-i18n has cross-site scripting vulnerability with prototype pollution GSA_kwCzR0hTQS05cjltLWZmcDYtOXg0ds4ABB_G

npm @intlify/vue-i18n-core, @intlify/core, vue-i18n, @intlify/core-base, petite-vue-i18n
Moderate
10 months ago

@dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling GSA_kwCzR0hTQS13NXJxLWc5cjYtdnJjZ84ABBym

npm @dapperduckling/keycloak-connector-server
Moderate
10 months ago

smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables GSA_kwCzR0hTQS1wcWhwLTI1ajQtNmhxOc4ABBnm

npm smol-toml
Moderate
11 months ago

Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server GSA_kwCzR0hTQS0zd2Y0LTY4Z3gtbXBoOM4ABBdB

npm firebase
Moderate
11 months ago

dom-iterator code execution vulnerability GSA_kwCzR0hTQS1qcnZtLW1jeGMtbWY2bc4ABBSa

npm dom-iterator
Moderate
11 months ago

matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal GSA_kwCzR0hTQS14dmc4LW00eDMtdzZ4cs4ABBP2

npm matrix-js-sdk
Moderate
11 months ago

Froala WYSIWYG editor allows cross-site scripting (XSS) GSA_kwCzR0hTQS01NDlwLTVjN2YtYzVwNM4ABBEz

packagist, npm froala/wysiwyg-editor, froala-editor
Moderate
11 months ago

Glossarizer Cross-site Scripting vulnerability GSA_kwCzR0hTQS1oaGh2LWdnangtcTlqMs4ABA2O

npm glossarizer
Moderate
11 months ago

Express ressource injection GSA_kwCzR0hTQS1jbTVnLTNwZ2MtOHJnNM4ABAyy

npm express
Moderate
11 months ago

Langchain Path Traversal vulnerability GSA_kwCzR0hTQS1oYzV3LWM5ZjgtOWNjNM4ABAyR

npm langchain
Moderate
11 months ago

CycloneDX cdxgen may execute code contained within build-related files GSA_kwCzR0hTQS1oeGYzLXZncG0tZnY5cM4ABAsl

npm @cyclonedx/cdxgen
Moderate
11 months ago

useragent Regular Expression Denial of Service vulnerability GSA_kwCzR0hTQS1tZ2Z2LW00N3gtNHdxcM4ABAsG

npm useragent
Moderate
11 months ago

insane vulnerable to Regular Expression Denial of Service GSA_kwCzR0hTQS13NDU1LW1mcTktaGY3NM4ABAsC

npm insane
Moderate
11 months ago

nope-validator Regular Expression Denial of Service vulnerability GSA_kwCzR0hTQS0zcGh2LTgzY2otcDhwN84ABAsK

npm nope-validator
Moderate
11 months ago

validate.js Regular Expression Denial of Service vulnerability GSA_kwCzR0hTQS1ydjczLTljOHctanA0Y84ABAsE

npm validate.js
Moderate
11 months ago

Knwl.js Regular Expression Denial of Service vulnerability GSA_kwCzR0hTQS02OHFnLWc3ODctM3JwNc4ABAsI

npm knwl.js
Moderate
11 months ago

CommonRegexJS Regular Expression Denial of Service vulnerability GSA_kwCzR0hTQS1wbXZ2LTU3cmctNWc4Ns4ABAsF

npm commonregex
Moderate
11 months ago

Foundation Regular Expression Denial of Service vulnerability GSA_kwCzR0hTQS1wOHBjLTNmN3ctanI1cc4ABAsH

npm foundation-sites
Moderate
11 months ago

Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section GSA_kwCzR0hTQS1jNWc2LTZ4ZjctcXhwM84ABAkf

npm, nuget @umbraco-cms/backoffice, Umbraco.Cms.StaticAssets
Moderate
12 months ago

Hono allows bypass of CSRF Middleware by a request without Content-Type header. GSA_kwCzR0hTQS0yMjM0LWZtdzctNDN3cs4ABARc

npm hono
Moderate
12 months ago

Cross site scripting in markdown-to-jsx GSA_kwCzR0hTQS00d3gzLTU0Z2gtOWZyOc4ABAQx

npm markdown-to-jsx

Filter by Severity

High 1,587 Moderate 1,257 Critical 1,007 Low 212

Filter by Package

directus 23 tinymce 14 next 12 TinyMCE 11 tinymce/tinymce 11 @openzeppelin/contracts-upgradeable 11 @openzeppelin/contracts 11 ghost 11 ckeditor4 11 electron 10 vite 10 joplin 10 angular 9 swagger-ui 9 editor.md 8 parse-server 8 n8n 7 validator 7 sanitize-html 7 nocodb 7 nodebb 7 marked 7 urijs 6 jquery-ui 6 url-parse 6 uptime-kuma 6 vega 6 bootstrap 6 org.webjars.npm:jquery-ui 6 jQuery.UI.Combined 6 snyk-broker 6 matrix-js-sdk 6 flowise 6 undici 6 @lobehub/chat 5 froala-editor 5 jquery 5 katex 5 @evershop/evershop 5 bootstrap-sass 5 matrix-appservice-irc 5 tarteaucitronjs 5 vditor 5 astro 4 vega-functions 4 materialize-css 4 dompurify 4 hono 4 rsshub 4 bootstrap 4 mermaid 4 yui 4 serve 4 trix 4 glance 4 @directus/api 4 matrix-react-sdk 4 jQuery 4 jose-node-cjs-runtime 3 moodle/moodle 3 systeminformation 3 strapi 3 jquery-ui-rails 3 next-auth 3 xlsx 3 sequelize 3 org.webjars:bootstrap 3 @intlify/vue-i18n-core 3 statics-server 3 jose 3 valine 3 @saltcorn/server 3 docsify 3 bootstrap-sass 3 follow-redirects 3 apollo-server-core 3 renovate 3 @jmondi/url-to-png 3 mattermost-desktop 3 jose-node-esm-runtime 3 @backstage/techdocs-common 3 parse-url 3 layui 3 dojo 3 public 3 bootstrap 3 org.webjars.npm:jquery 3 yapi-vendor 3 postcss 3 mysql 3 express 3 bootstrap.sass 3 petite-vue-i18n 3 m-server 3 @ckeditor/ckeditor5-markdown-gfm 3 hapi 3 vue-i18n 3 twbs/bootstrap 3 node-sass 2 express-xss-sanitizer 2 @escape.tech/graphql-armor-max-depth 2 @strapi/admin 2 element-plus 2 lodash 2 engine.io 2 @intlify/core-base 2 node-red-dashboard 2 pug-code-gen 2 lodash-es 2 request 2 http-file-server 2 status-board 2 html-janitor 2 nanoid 2 @openc3/tool-common 2 @strapi/strapi 2 handlebars 2 psitransfer 2 summernote 2 jszip 2 gitbook 2 svelte 2 i18next 2 reveal.js 2 querymen 2 aws-cdk-lib 2 simplehttpserver 2 apollo-server 2 pnpm 2 Umbraco.Cms.StaticAssets 2 @auth0/nextjs-auth0 2 openc3 2 simple-markdown 2 @adobe/css-tools 2 @astrojs/node 2 lodash-rails 2 bootbox 2 bodymen 2 bl 2 node-forge 2 axios 2 quill 2 notevil 2 @materializecss/materialize 2 highlight.js 2 swagger-ui-dist 2 ejs 2 ggit 2 @haxtheweb/haxcms-nodejs 2 openpgp 2 keycloak-connect 2 @fedify/fedify 2 @directus/storage-driver-s3 2 @braintree/sanitize-url 2 apostrophe 2 prismjs 2 @cloudflare/workers-oauth-provider 2 rendertron 2 @umbraco-cms/backoffice 2 stimulsoft-dashboards-js 2 jodit 2 forms 2 erxes 2 jsonwebtoken 2 jellyfin-web 2 serialize-javascript 2 mxgraph 2 parse 2 jspdf 2 saml2-js 2 nunjucks 2 harp 2 connect 2 webpack-dev-server 2 express-gateway 2 simditor 2 @vrite/sdk 2 @strapi/utils 2 nodemailer 2 karma 2 google-closure-library 2 @intlify/core 2 converse.js 2 @excalidraw/excalidraw 2 @strapi/plugin-content-manager 2 mcp-markdownify-server 2 http-proxy-middleware 2 aws-cdk 2 mongo-express 2 xmldom 2 @builder.io/qwik 2 tough-cookie 2 jsrsasign 2 @finastra/nestjs-proxy 2 mysql2 2 fastify 2 matrix-appservice-bridge 2 fast-jwt 2 sockjs 2 jose-browser-runtime 2

Filter by Repository

https://github.com/directus/directus 24 https://github.com/tinymce/tinymce 14 https://github.com/electron/electron 11 https://github.com/OpenZeppelin/openzeppelin-contracts 11 https://github.com/strapi/strapi 11 https://github.com/TryGhost/Ghost 10 https://github.com/ckeditor/ckeditor4 10 https://github.com/laurent22/joplin 10 https://github.com/vitejs/vite 10 https://github.com/backstage/backstage 10 https://github.com/vercel/next.js 10 https://github.com/parse-community/parse-server 8 https://github.com/pandao/editor.md 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/vega/vega 7 https://github.com/jquery/jquery 7 https://github.com/n8n-io/n8n 7 https://github.com/nocodb/nocodb 7 https://github.com/matrix-org/matrix-js-sdk 6 https://github.com/NodeBB/NodeBB 6 https://github.com/nodejs/undici 6 https://github.com/louislam/uptime-kuma 6 https://github.com/FlowiseAI/Flowise 6 https://github.com/panva/jose 6 https://github.com/ckeditor/ckeditor5 5 https://github.com/unshiftio/url-parse 5 https://github.com/evershopcommerce/evershop 5 https://github.com/matrix-org/matrix-appservice-irc 5 https://github.com/lobehub/lobe-chat 5 https://github.com/withastro/astro 5 https://github.com/jquery/jquery-ui 5 https://github.com/apostrophecms/sanitize-html 5 https://github.com/KaTeX/KaTeX 5 https://github.com/apollographql/apollo-server 4 https://github.com/keystonejs/keystone 4 https://github.com/basecamp/trix 4 https://github.com/Dogfalo/materialize 4 https://github.com/honojs/hono 4 https://github.com/twbs/bootstrap 4 https://github.com/nextauthjs/next-auth 4 https://github.com/AmauriC/tarteaucitron.js 4 https://github.com/matrix-org/matrix-react-sdk 4 https://github.com/markedjs/marked 4 https://github.com/mermaid-js/mermaid 4 https://github.com/DIYgod/RSSHub 4 https://github.com/aws/aws-cdk 4 https://github.com/jasonraimondi/url-to-png 3 https://github.com/vanessa219/vditor 3 https://github.com/ionicabizau/parse-url 3 https://github.com/angular/angular.js 3 https://github.com/xCss/Valine 3 https://github.com/renovatebot/renovate 3 https://github.com/hapijs/hapi 3 https://github.com/sequelize/sequelize 3 https://github.com/froala/wysiwyg-editor 3 https://github.com/YMFE/yapi 3 https://github.com/sebhildebrandt/systeminformation 3 https://github.com/docsifyjs/docsify 3 https://github.com/follow-redirects/follow-redirects 3 https://github.com/postcss/postcss 3 https://github.com/haxtheweb/issues 3 https://github.com/cure53/DOMPurify 3 https://github.com/medialize/uri.js 3 https://github.com/jarofghosts/glance 3 https://github.com/eclipse-theia/theia 3 https://github.com/Escape-Technologies/graphql-armor 3 https://github.com/intlify/vue-i18n 3 https://github.com/cloudflare/workers-sdk 3 https://github.com/saltcorn/saltcorn 3 https://github.com/medialize/URI.js 3 https://github.com/nuxt/nuxt 3 https://github.com/kjur/jsrsasign 2 https://github.com/digitalbazaar/forge 2 https://github.com/moxiecode/plupload 2 https://github.com/highlightjs/highlight.js 2 https://github.com/mysqljs/mysql 2 https://github.com/keycloak/keycloak-nodejs-connect 2 https://github.com/pnpm/pnpm 2 https://github.com/webpack/webpack-dev-server 2 https://github.com/sidorares/node-mysql2 2 https://github.com/lodash/lodash 2 https://github.com/givanz/VvvebJs 2 https://github.com/yahoo/serialize-javascript 2 https://github.com/caolan/forms 2 https://github.com/chimurai/http-proxy-middleware 2 https://github.com/mde/ejs 2 https://github.com/openpgpjs/openpgpjs 2 https://github.com/rvagg/bl 2 https://github.com/expressjs/express 2 https://github.com/request/request 2 https://github.com/ai/nanoid 2 https://github.com/nestjs/nest 2 https://github.com/firebase/firebase-js-sdk 2 https://github.com/sass/node-sass 2 https://github.com/zcaceres/markdownify-mcp 2 https://github.com/google/closure-library 2 https://github.com/GoogleChrome/rendertron 2 https://github.com/VulnSageAgent/PoCs 2 https://github.com/guardian/html-janitor 2 https://github.com/fastify/fastify 2 https://github.com/excalidraw/excalidraw 2 https://github.com/facebook/react 2 https://github.com/punkave/sanitize-html 2 https://github.com/axios/axios 2 https://github.com/sveltejs/svelte 2 https://github.com/pugjs/pug 2 https://github.com/vendure-ecommerce/vendure 2 https://github.com/getsentry/sentry-javascript 2 https://github.com/koush/scrypted 2 https://github.com/Stuk/jszip 2 https://github.com/zeit/next.js 2 https://github.com/auth0/lock 2 https://github.com/quilljs/quill 2 https://github.com/mozilla/nunjucks 2 https://github.com/dahlia/fedify 2 https://github.com/payloadcms/payload 2 https://github.com/Vanessa219/vditor 2 https://github.com/summernote/summernote 2 https://github.com/auth0/node-jsonwebtoken 2 https://github.com/adobe/css-tools 2 https://github.com/vriteio/vrite 2 https://github.com/Urigo/graphql-mesh 2 https://github.com/chocobozzz/peertube 2 https://github.com/freshfish-hust/my-cves 2 https://github.com/nasa/openmct 2 https://github.com/karma-runner/karma 2 https://github.com/socketio/engine.io 2 https://github.com/MrRio/jsPDF 2 https://github.com/Khan/simple-markdown 2 https://github.com/josdejong/jsoneditor 2 https://github.com/umbraco/Umbraco-CMS 2 https://github.com/socketio/socket.io 2 https://github.com/braintree/sanitize-url 2 https://github.com/Finastra/finastra-nodejs-libs 2 https://github.com/salesforce/tough-cookie 2 https://github.com/apostrophecms/apostrophe 2 https://github.com/cloudflare/workers-oauth-provider 2 https://github.com/matrix-org/matrix-appservice-bridge 2 https://github.com/OpenC3/cosmos 2 https://github.com/nodemailer/nodemailer 2 https://github.com/jellyfin/jellyfin-web 2 https://github.com/i18next/i18next 2 https://github.com/xmldom/xmldom 2 https://github.com/AhmedAdelFahim/express-xss-sanitizer 2 https://github.com/erxes/erxes 2 https://github.com/auth0/nextjs-auth0 2 https://github.com/gatsbyjs/gatsby 2 https://github.com/psi-4ward/psitransfer 2 https://github.com/validatorjs/validator.js 2 https://github.com/jameswlane/status-board 2 https://github.com/nearform/fast-jwt 2 https://github.com/Uniswap/web3-react 1 https://github.com/GladysAssistant/Gladys 1 https://github.com/ajv-validator/ajv 1 https://github.com/colinhacks/zod 1 https://github.com/Zireael-N/node-weakauras-parser 1 https://github.com/auth0/angular-jwt 1 https://github.com/tristao-marinho/CVE-2023-41646 1 https://github.com/squirrelchat/smol-toml 1 https://github.com/manuelstofer/json-pointer 1 https://github.com/zowe/zowe-cli 1 https://github.com/knockout/knockout 1 https://github.com/indutny/elliptic 1 https://github.com/tj/node-cookie-signature 1 https://github.com/simonh1000/angular-http-server 1 https://github.com/hayageek/jquery-upload-file 1 https://github.com/TooTallNate/node-https-proxy-agent 1 https://github.com/DependencyTrack/frontend 1 https://github.com/LemonLDAPNG/node-lemonldap-ng-handler 1 https://github.com/arnog/mathlive 1 https://github.com/isomorphic-git/isomorphic-git 1 https://github.com/lukeed/dset 1 https://github.com/NetEase/pomelo 1 https://github.com/vuetifyjs/vuetify 1 https://github.com/netlify/netlify-ipx 1 https://github.com/algolia/algoliasearch-helper-js 1 https://github.com/silverwind/droppy 1 https://github.com/openwhisk/openwhisk-client-js 1 https://github.com/radashi-org/radashi 1 https://github.com/makeusabrew/bootbox 1 https://github.com/marp-team/marp-core 1 https://github.com/jpuri/react-draft-wysiwyg 1 https://github.com/autovance/ftp-srv 1 https://github.com/bpmn-io/diagram-js 1 https://github.com/okta/okta-oidc-middleware 1 https://github.com/koajs/koa 1 https://github.com/mhart/StringStream 1 https://github.com/auth0/passport-wsfed-saml2 1 https://github.com/minimistjs/minimist 1 https://github.com/BorisMoore/jsrender 1 https://github.com/fastify/fastify-swagger-ui 1 https://github.com/ceolter/ag-grid 1 https://github.com/ospfranco/link-preview-js 1 https://github.com/rhysd/Shiba 1 https://github.com/node-saml/passport-saml 1 https://github.com/samholmes/node-open-graph 1 https://github.com/directus/api 1 https://github.com/NervJS/taro 1 https://github.com/deoxxa/dotty 1