npm
5,162,107 packages · npmjs.org
Moderate Security Advisories in npm Clear Filters
Moderate
12 months ago
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
npm
astro
Moderate
12 months ago
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
npm
ggit
Moderate
12 months ago
SAP HANA Node.js client package vulnerable to Prototype Pollution
npm
@sap/hana-client
Moderate
12 months ago
ggit is vulnerable to Command Injection via the fetchTags(branch) API
npm
ggit
Moderate
12 months ago
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
npm
@saltcorn/server
Moderate
12 months ago
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
npm
@saltcorn/server
Moderate
12 months ago
@saltcorn/server arbitrary file zip read and download when downloading auto backups
npm
@saltcorn/server
Moderate
12 months ago
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
npm
@backstage/plugin-app-backend
Moderate
12 months ago
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
npm, rubygems
@openc3/tool-common, openc3
Moderate
12 months ago
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
npm, rubygems
@openc3/tool-common, openc3
Moderate
about 1 year ago
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
npm
layui
Moderate
about 1 year ago
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting
npm
flowise, flowise-embed
Moderate
about 1 year ago
Denial of service in rocket chat message parser
npm
@rocket.chat/message-parser
Moderate
about 1 year ago
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
npm
@lobehub/chat
Moderate
about 1 year ago
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS
npm
@rspack/core
Moderate
about 1 year ago
Directus vulnerable to SSRF Loopback IP filter bypass
npm
@directus/api, directus
Moderate
about 1 year ago
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection
npm
@backstage/plugin-techdocs-backend
Moderate
about 1 year ago
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
npm
vite
Moderate
about 1 year ago
Mattermost Desktop App fails to safeguard screen capture functionality
npm
mattermost-desktop
Moderate
about 1 year ago
Mattermost Desktop App Uncontrolled Search Path Vulnerability
npm
mattermost-desktop
Moderate
about 1 year ago
@blakeembrey/template vulnerable to code injection when attacker controls template input
npm
@blakeembrey/template
Moderate
about 1 year ago
DOM clobbering could escalate to Cross-site Scripting (XSS)
cargo, npm
pagefind, @pagefind/modular-ui, @pagefind/default-ui
Moderate
about 1 year ago
Svelte has a potential mXSS vulnerability due to improper HTML escaping
npm
svelte
Moderate
about 1 year ago
AWS CDK RestApi not generating authorizationScope correctly in resultant CFN template
npm
aws-cdk
Moderate
about 1 year ago
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
npm
webpack
Moderate
about 1 year ago
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
npm
ckeditor4
Moderate
about 1 year ago
Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
npm
ckeditor4
Moderate
about 1 year ago
Ghost's improper authentication allows access to member information and actions
npm
@tryghost/portal, ghost
Moderate
about 1 year ago
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
npm
matrix-js-sdk
Moderate
about 1 year ago
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
npm
webcrack
Moderate
about 1 year ago
Qwik has a potential mXSS vulnerability due to improper HTML escaping
npm
@builder.io/qwik
Moderate
about 1 year ago
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
npm
matrix-react-sdk
Moderate
about 1 year ago
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
npm
flowise
Moderate
about 1 year ago
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
npm
nuxt
Moderate
about 1 year ago
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
npm
vue-template-compiler
Moderate
about 1 year ago
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
npm
@zowe/cli
Moderate
about 1 year ago
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
npm
@jmondi/url-to-png
Moderate
about 1 year ago
@jmondi/url-to-png contains a Path Traversal vulnerability
npm
@jmondi/url-to-png
Moderate
about 1 year ago
Bootstrap Cross-Site Scripting (XSS) vulnerability
nuget, rubygems, npm
bootstrap.sass, bootstrap
Moderate
about 1 year ago
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
npm
bootstrap
Moderate
about 1 year ago
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
npm
matrix-appservice-irc
Moderate
over 1 year ago
@cat5th/key-serializer Prototype Pollution vulnerability
npm
@cat5th/key-serializer
Moderate
over 1 year ago
ag-grid packages vulnerable to Prototype Pollution
npm
ag-grid-enterprise, ag-grid-community, @ag-grid-enterprise/charts
Moderate
over 1 year ago
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
npm
@adolph_dudu/ratio-swiper
Moderate
over 1 year ago
@fastly/js-compute has a use-after-free in some host call implementations
npm
@fastly/js-compute
Moderate
over 1 year ago
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
packagist, nuget, npm
tinymce/tinymce, TinyMCE, tinymce
Moderate
over 1 year ago
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
packagist, nuget, npm
tinymce/tinymce, TinyMCE, tinymce
Moderate
over 1 year ago
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
npm
@strapi/plugin-upload
Moderate
over 1 year ago
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
npm
@grpc/grpc-js
Moderate
over 1 year ago
Generation of Error Message Containing Sensitive Information in zsa
npm
zsa
Moderate
over 1 year ago
Arbitrary file read via Playwright's screenshot feature exploiting file wrapper
npm
@jmondi/url-to-png
Moderate
over 1 year ago
wangEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function
npm
@wangeditor/editor
Moderate
over 1 year ago
Pug allows JavaScript code execution if an application accepts untrusted input
npm
pug-code-gen
Moderate
over 1 year ago
Oceanic allows unsanitized user input to lead to path traversal in URLs
npm
oceanic.js
Moderate
over 1 year ago
Directus allows redacted data extraction on the API through "alias"
npm
directus
Moderate
over 1 year ago
kurwov vulnerable to Denial of Service due to improper data sanitization
npm
kurwov
Moderate
over 1 year ago
Vditor allows Cross-site Scripting via an attribute of an `A` element
npm
vditor
Moderate
over 1 year ago
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
npm
uptime-kuma
Moderate
over 1 year ago
Passbolt Browser Extension leaks password information
npm
passbolt-browser-extension
Moderate
over 1 year ago
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
npm
renovate
Moderate
over 1 year ago
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
npm
hono
Moderate
over 1 year ago
Stored Cross-site Scripting (XSS) in excalidraw's web embed component
npm
@excalidraw/excalidraw
Moderate
over 1 year ago
phin may include sensitive headers in subsequent requests after redirect
npm
phin
Moderate
over 1 year ago
Matrix IRC Bridge truncated content of messages can be leaked
npm
matrix-appservice-irc
Filter by Severity
Filter by Package
directus
23
tinymce
14
next
12
@openzeppelin/contracts-upgradeable
11
TinyMCE
11
tinymce/tinymce
11
ckeditor4
11
@openzeppelin/contracts
11
ghost
11
joplin
10
vite
10
electron
10
angular
9
swagger-ui
9
parse-server
8
editor.md
8
n8n
7
validator
7
sanitize-html
7
nocodb
7
nodebb
7
marked
7
urijs
6
jquery-ui
6
url-parse
6
uptime-kuma
6
vega
6
bootstrap
6
org.webjars.npm:jquery-ui
6
matrix-js-sdk
6
snyk-broker
6
jQuery.UI.Combined
6
flowise
6
undici
6
@lobehub/chat
5
froala-editor
5
jquery
5
katex
5
@evershop/evershop
5
bootstrap-sass
5
matrix-appservice-irc
5
tarteaucitronjs
5
vditor
5
vega-functions
4
materialize-css
4
dompurify
4
hono
4
rsshub
4
trix
4
astro
4
bootstrap
4
mermaid
4
serve
4
yui
4
glance
4
@directus/api
4
matrix-react-sdk
4
jQuery
4
jose-node-cjs-runtime
3
moodle/moodle
3
systeminformation
3
strapi
3
jquery-ui-rails
3
next-auth
3
xlsx
3
sequelize
3
org.webjars:bootstrap
3
@intlify/vue-i18n-core
3
statics-server
3
follow-redirects
3
jose
3
valine
3
@saltcorn/server
3
docsify
3
bootstrap-sass
3
apollo-server-core
3
renovate
3
@jmondi/url-to-png
3
mattermost-desktop
3
jose-node-esm-runtime
3
@backstage/techdocs-common
3
parse-url
3
layui
3
dojo
3
public
3
bootstrap
3
org.webjars.npm:jquery
3
yapi-vendor
3
postcss
3
mysql
3
express
3
bootstrap.sass
3
petite-vue-i18n
3
m-server
3
@ckeditor/ckeditor5-markdown-gfm
3
hapi
3
vue-i18n
3
twbs/bootstrap
3
express-xss-sanitizer
2
keystone
2
@escape.tech/graphql-armor-max-depth
2
@strapi/admin
2
element-plus
2
lodash
2
engine.io
2
@intlify/core-base
2
node-red-dashboard
2
pug-code-gen
2
lodash-es
2
request
2
http-file-server
2
status-board
2
html-janitor
2
nanoid
2
@openc3/tool-common
2
@strapi/strapi
2
handlebars
2
psitransfer
2
summernote
2
jszip
2
gitbook
2
svelte
2
i18next
2
reveal.js
2
querymen
2
aws-cdk-lib
2
simplehttpserver
2
apollo-server
2
pnpm
2
Umbraco.Cms.StaticAssets
2
@auth0/nextjs-auth0
2
openc3
2
simple-markdown
2
@adobe/css-tools
2
@astrojs/node
2
lodash-rails
2
bootbox
2
bodymen
2
bl
2
node-forge
2
axios
2
quill
2
notevil
2
@materializecss/materialize
2
highlight.js
2
swagger-ui-dist
2
ejs
2
ggit
2
@haxtheweb/haxcms-nodejs
2
openpgp
2
keycloak-connect
2
@fedify/fedify
2
@directus/storage-driver-s3
2
@braintree/sanitize-url
2
apostrophe
2
prismjs
2
@cloudflare/workers-oauth-provider
2
rendertron
2
@umbraco-cms/backoffice
2
stimulsoft-dashboards-js
2
jodit
2
forms
2
erxes
2
jsonwebtoken
2
jellyfin-web
2
serialize-javascript
2
mxgraph
2
parse
2
saml2-js
2
jspdf
2
nunjucks
2
harp
2
connect
2
webpack-dev-server
2
express-gateway
2
simditor
2
@vrite/sdk
2
@strapi/utils
2
nodemailer
2
karma
2
google-closure-library
2
@intlify/core
2
converse.js
2
@excalidraw/excalidraw
2
@strapi/plugin-content-manager
2
mcp-markdownify-server
2
http-proxy-middleware
2
aws-cdk
2
mongo-express
2
xmldom
2
@builder.io/qwik
2
tough-cookie
2
jsrsasign
2
@finastra/nestjs-proxy
2
mysql2
2
fastify
2
matrix-appservice-bridge
2
fast-jwt
2
sockjs
2
jose-browser-runtime
2
Filter by Repository
https://github.com/directus/directus
24
https://github.com/tinymce/tinymce
14
https://github.com/electron/electron
11
https://github.com/OpenZeppelin/openzeppelin-contracts
11
https://github.com/strapi/strapi
11
https://github.com/TryGhost/Ghost
10
https://github.com/ckeditor/ckeditor4
10
https://github.com/laurent22/joplin
10
https://github.com/vitejs/vite
10
https://github.com/backstage/backstage
10
https://github.com/vercel/next.js
10
https://github.com/parse-community/parse-server
8
https://github.com/pandao/editor.md
8
https://github.com/swagger-api/swagger-ui
8
https://github.com/vega/vega
7
https://github.com/jquery/jquery
7
https://github.com/n8n-io/n8n
7
https://github.com/nocodb/nocodb
7
https://github.com/matrix-org/matrix-js-sdk
6
https://github.com/NodeBB/NodeBB
6
https://github.com/nodejs/undici
6
https://github.com/louislam/uptime-kuma
6
https://github.com/FlowiseAI/Flowise
6
https://github.com/panva/jose
6
https://github.com/ckeditor/ckeditor5
5
https://github.com/unshiftio/url-parse
5
https://github.com/evershopcommerce/evershop
5
https://github.com/matrix-org/matrix-appservice-irc
5
https://github.com/lobehub/lobe-chat
5
https://github.com/withastro/astro
5
https://github.com/jquery/jquery-ui
5
https://github.com/apostrophecms/sanitize-html
5
https://github.com/KaTeX/KaTeX
5
https://github.com/apollographql/apollo-server
4
https://github.com/keystonejs/keystone
4
https://github.com/basecamp/trix
4
https://github.com/Dogfalo/materialize
4
https://github.com/honojs/hono
4
https://github.com/twbs/bootstrap
4
https://github.com/nextauthjs/next-auth
4
https://github.com/AmauriC/tarteaucitron.js
4
https://github.com/matrix-org/matrix-react-sdk
4
https://github.com/markedjs/marked
4
https://github.com/mermaid-js/mermaid
4
https://github.com/DIYgod/RSSHub
4
https://github.com/aws/aws-cdk
4
https://github.com/jasonraimondi/url-to-png
3
https://github.com/vanessa219/vditor
3
https://github.com/ionicabizau/parse-url
3
https://github.com/angular/angular.js
3
https://github.com/xCss/Valine
3
https://github.com/renovatebot/renovate
3
https://github.com/hapijs/hapi
3
https://github.com/sequelize/sequelize
3
https://github.com/froala/wysiwyg-editor
3
https://github.com/YMFE/yapi
3
https://github.com/sebhildebrandt/systeminformation
3
https://github.com/docsifyjs/docsify
3
https://github.com/follow-redirects/follow-redirects
3
https://github.com/postcss/postcss
3
https://github.com/haxtheweb/issues
3
https://github.com/cure53/DOMPurify
3
https://github.com/medialize/uri.js
3
https://github.com/jarofghosts/glance
3
https://github.com/eclipse-theia/theia
3
https://github.com/Escape-Technologies/graphql-armor
3
https://github.com/intlify/vue-i18n
3
https://github.com/cloudflare/workers-sdk
3
https://github.com/saltcorn/saltcorn
3
https://github.com/medialize/URI.js
3
https://github.com/nuxt/nuxt
3
https://github.com/kjur/jsrsasign
2
https://github.com/digitalbazaar/forge
2
https://github.com/moxiecode/plupload
2
https://github.com/highlightjs/highlight.js
2
https://github.com/mysqljs/mysql
2
https://github.com/keycloak/keycloak-nodejs-connect
2
https://github.com/pnpm/pnpm
2
https://github.com/webpack/webpack-dev-server
2
https://github.com/sidorares/node-mysql2
2
https://github.com/lodash/lodash
2
https://github.com/givanz/VvvebJs
2
https://github.com/yahoo/serialize-javascript
2
https://github.com/caolan/forms
2
https://github.com/chimurai/http-proxy-middleware
2
https://github.com/mde/ejs
2
https://github.com/openpgpjs/openpgpjs
2
https://github.com/rvagg/bl
2
https://github.com/expressjs/express
2
https://github.com/request/request
2
https://github.com/ai/nanoid
2
https://github.com/nestjs/nest
2
https://github.com/firebase/firebase-js-sdk
2
https://github.com/sass/node-sass
2
https://github.com/zcaceres/markdownify-mcp
2
https://github.com/google/closure-library
2
https://github.com/GoogleChrome/rendertron
2
https://github.com/VulnSageAgent/PoCs
2
https://github.com/guardian/html-janitor
2
https://github.com/fastify/fastify
2
https://github.com/excalidraw/excalidraw
2
https://github.com/facebook/react
2
https://github.com/punkave/sanitize-html
2
https://github.com/axios/axios
2
https://github.com/sveltejs/svelte
2
https://github.com/pugjs/pug
2
https://github.com/vendure-ecommerce/vendure
2
https://github.com/getsentry/sentry-javascript
2
https://github.com/koush/scrypted
2
https://github.com/Stuk/jszip
2
https://github.com/zeit/next.js
2
https://github.com/auth0/lock
2
https://github.com/quilljs/quill
2
https://github.com/mozilla/nunjucks
2
https://github.com/dahlia/fedify
2
https://github.com/payloadcms/payload
2
https://github.com/Vanessa219/vditor
2
https://github.com/summernote/summernote
2
https://github.com/auth0/node-jsonwebtoken
2
https://github.com/adobe/css-tools
2
https://github.com/vriteio/vrite
2
https://github.com/Urigo/graphql-mesh
2
https://github.com/chocobozzz/peertube
2
https://github.com/freshfish-hust/my-cves
2
https://github.com/nasa/openmct
2
https://github.com/karma-runner/karma
2
https://github.com/socketio/engine.io
2
https://github.com/MrRio/jsPDF
2
https://github.com/Khan/simple-markdown
2
https://github.com/josdejong/jsoneditor
2
https://github.com/umbraco/Umbraco-CMS
2
https://github.com/socketio/socket.io
2
https://github.com/braintree/sanitize-url
2
https://github.com/Finastra/finastra-nodejs-libs
2
https://github.com/salesforce/tough-cookie
2
https://github.com/apostrophecms/apostrophe
2
https://github.com/cloudflare/workers-oauth-provider
2
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/OpenC3/cosmos
2
https://github.com/nodemailer/nodemailer
2
https://github.com/jellyfin/jellyfin-web
2
https://github.com/i18next/i18next
2
https://github.com/xmldom/xmldom
2
https://github.com/AhmedAdelFahim/express-xss-sanitizer
2
https://github.com/erxes/erxes
2
https://github.com/auth0/nextjs-auth0
2
https://github.com/gatsbyjs/gatsby
2
https://github.com/psi-4ward/psitransfer
2
https://github.com/validatorjs/validator.js
2
https://github.com/jameswlane/status-board
2
https://github.com/nearform/fast-jwt
2
https://github.com/Uniswap/web3-react
1
https://github.com/GladysAssistant/Gladys
1
https://github.com/ajv-validator/ajv
1
https://github.com/colinhacks/zod
1
https://github.com/Zireael-N/node-weakauras-parser
1
https://github.com/auth0/angular-jwt
1
https://github.com/tristao-marinho/CVE-2023-41646
1
https://github.com/squirrelchat/smol-toml
1
https://github.com/manuelstofer/json-pointer
1
https://github.com/zowe/zowe-cli
1
https://github.com/knockout/knockout
1
https://github.com/indutny/elliptic
1
https://github.com/tj/node-cookie-signature
1
https://github.com/simonh1000/angular-http-server
1
https://github.com/hayageek/jquery-upload-file
1
https://github.com/TooTallNate/node-https-proxy-agent
1
https://github.com/DependencyTrack/frontend
1
https://github.com/LemonLDAPNG/node-lemonldap-ng-handler
1
https://github.com/arnog/mathlive
1
https://github.com/isomorphic-git/isomorphic-git
1
https://github.com/lukeed/dset
1
https://github.com/NetEase/pomelo
1
https://github.com/vuetifyjs/vuetify
1
https://github.com/netlify/netlify-ipx
1
https://github.com/algolia/algoliasearch-helper-js
1
https://github.com/silverwind/droppy
1
https://github.com/openwhisk/openwhisk-client-js
1
https://github.com/radashi-org/radashi
1
https://github.com/makeusabrew/bootbox
1
https://github.com/marp-team/marp-core
1
https://github.com/jpuri/react-draft-wysiwyg
1
https://github.com/autovance/ftp-srv
1
https://github.com/bpmn-io/diagram-js
1
https://github.com/okta/okta-oidc-middleware
1
https://github.com/koajs/koa
1
https://github.com/mhart/StringStream
1
https://github.com/auth0/passport-wsfed-saml2
1
https://github.com/minimistjs/minimist
1
https://github.com/BorisMoore/jsrender
1
https://github.com/fastify/fastify-swagger-ui
1
https://github.com/ceolter/ag-grid
1
https://github.com/ospfranco/link-preview-js
1
https://github.com/rhysd/Shiba
1
https://github.com/node-saml/passport-saml
1
https://github.com/samholmes/node-open-graph
1
https://github.com/directus/api
1
https://github.com/NervJS/taro
1
https://github.com/deoxxa/dotty
1