Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

npm

5,204,719 packages · npmjs.org

High Security Advisories in npm Clear Filters

High
over 2 years ago

SvelteKit vulnerable to Cross-Site Request Forgery GSA_kwCzR0hTQS01cDc1LXZjNWctOHJ2Ms4AAyiw

npm @sveltejs/kit
High
over 2 years ago

Prototype pollution in matrix-js-sdk (part 2) GSA_kwCzR0hTQS1td3E4LWZqcGYtYzJncs4AAydt

npm matrix-js-sdk
High
over 2 years ago

Prototype pollution in matrix-react-sdk GSA_kwCzR0hTQS02ZzQzLTg4Y3AtdzVnds4AAyaU

npm matrix-react-sdk
High
over 2 years ago

matrix-react-sdk Prototype pollution vulnerability GSA_kwCzR0hTQS0yeDljLXF3Z2YtOTR4cs4AAyX5

npm matrix-react-sdk
High
over 2 years ago

matrix-js-sdk Prototype Pollution vulnerability GSA_kwCzR0hTQS1yZnY5LXg3aGgteGMzMs4AAyX4

npm matrix-js-sdk
High
over 2 years ago

Collection.js vulnerable to Prototype Pollution GSA_kwCzR0hTQS00N3BqLXEydm0tNDZ4Y84AAyLM

npm collection.js
High
over 2 years ago

Arbitrary local file read vulnerability during template rendering GSA_kwCzR0hTQS0ycnE1LTY5OWoteDdwNs4AAyIl

npm swig, swig-templates
High
over 2 years ago

Missing proper state, nonce and PKCE checks for OAuth authentication GSA_kwCzR0hTQS03cjd4LTRjNHEtYzRxZs4AAyE2

npm next-auth
High
over 2 years ago

sqlite vulnerable to code execution due to Object coercion GSA_kwCzR0hTQS1qcXY1LTd4cHgtcWo3NM4AAyEw

npm sqlite3
High
over 2 years ago

directus vulnerable to HTML Injection in Password Reset email to custom Reset URL GSA_kwCzR0hTQS00aG1xLWdncm0tcWZjNs4AAx-d

npm directus
High
over 2 years ago

dot-lens vulnerable to Prototype Pollution GSA_kwCzR0hTQS1ybWhnLTJjdnYtcTd2eM4AAx8U

npm dot-lens
High
over 2 years ago

SketchSVG Arbitrary Code Injection vulnerability GSA_kwCzR0hTQS02NzIyLXh2cTgtMzI1NM4AAx8O

npm sketchsvg
High
over 2 years ago

node-static and @nubosoftware/node-static vulnerable to Directory Traversal GSA_kwCzR0hTQS01Zzk3LXdoYzktOGc3as4AAx8P

npm @nubosoftware/node-static, node-static
High
over 2 years ago

mde utilities contains Prototype Pollution GSA_kwCzR0hTQS13eGZqLTg0eGYtN2d4ds4AAx2l

npm utilities
High
over 2 years ago

Denial of Service vulnerability in lite-web-server GSA_kwCzR0hTQS04MjM3LTNxNWctOTlmds4AAxzz

npm lite-web-server
High
over 2 years ago

ecdh vulnerable to Exposure of Resource to Wrong Sphere GSA_kwCzR0hTQS1wMmhwLTN3djMtNHc3NM4AAxzi

npm ecdh
High
over 2 years ago

rangy vulnerable to Prototype Pollution GSA_kwCzR0hTQS02NXJwLW1ocWYtOGdqM84AAxy9

npm rangy
High
over 2 years ago

Regular Expression Denial of Service in Headers GSA_kwCzR0hTQS1yNmNoLW1xZjktcWM5d84AAxq-

npm undici
High
over 2 years ago

Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS) GSA_kwCzR0hTQS01aDRqLXFydmctOXhod84AAxq8

npm node-jose
High
over 2 years ago

Denial of service due to unlimited number of parts GSA_kwCzR0hTQS1ocHAyLTJjcjUtcGY2Z84AAxo9

npm @fastify/multipart
High
over 2 years ago

Regular Expression Denial of Service in simple-markdown GSA_kwCzR0hTQS1qNTMzLTJnOHYtcG1wZ84AAxkV

npm simple-markdown
High
over 2 years ago

Regular Expression Denial of Service in simple-markdown GSA_kwCzR0hTQS1ncHZqLWdwOGMtYzdwMs4AAxkL

npm simple-markdown
High
over 2 years ago

Sensitive Information leak via Script File in TinaCMS GSA_kwCzR0hTQS1wYzJxLWpjeHEtcmpycs4AAxfT

npm @tinacms/cli
High
over 2 years ago

semver-tags is vulnerable to Command Injection via the getGitTagsRemote function GSA_kwCzR0hTQS04aDNnLWhjd3AtNmh4cc4AAxbb

npm semver-tags
High
over 2 years ago

create-choo-app3 is vulnerable to Command Injection via the devInstall function GSA_kwCzR0hTQS1yajdtLTJwM2ctZmp4Z84AAxba

npm create-choo-app3
High
over 2 years ago

is-url Inefficient Regular Expression Complexity vulnerability GSA_kwCzR0hTQS1wOXc4LTJtcHEtNDloOc4AAxaw

npm is-url
High
almost 3 years ago

Switcher Client contains Regular Expression Denial of Service (ReDoS) GSA_kwCzR0hTQS13cXh3LThoNWctaHE1Ns4AAxVm

npm switcher-client
High
almost 3 years ago

is-http2 vulnerable to Improper Input Validation GSA_kwCzR0hTQS0yMjc1LXJwZjUteHY4aM4AAxUK

npm is-http2
High
almost 3 years ago

mt7688-wiscan is vulnerable to Command Injection due to improper input sanitization GSA_kwCzR0hTQS01aDhjLThjY3AtOGdtaM4AAxUM

npm mt7688-wiscan
High
almost 3 years ago

XSS Attack with Express API GSA_kwCzR0hTQS14cmg3LW01cHAtMzlyNs4AAxTf

npm eta
High
almost 3 years ago

Parse Server option `masterKeyIps` vulnerability to IP spoofing GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe

npm parse-server
High
almost 3 years ago

http-cache-semantics vulnerable to Regular Expression Denial of Service GSA_kwCzR0hTQS1yYzQ3LTY2NjctMmo1as4AAxS-

maven, npm org.webjars.npm:http-cache-semantics, http-cache-semantics
High
almost 3 years ago

Eta vulnerable to Code Injection via templates rendered with user-defined data GSA_kwCzR0hTQS1tZjZ4LWhyZ3ItNjU4Zs4AAxPw

npm eta
High
almost 3 years ago

Servst vulnerable to Path Traversal GSA_kwCzR0hTQS04OHY4LXY0NmctNmM5d84AAxPx

npm servst
High
almost 3 years ago

Directory Traversal vulnerability in serve-lite GSA_kwCzR0hTQS01cXE0LW02YzMteHhtZs4AAxMF

npm serve-lite
High
almost 3 years ago

Command injection in smartctl GSA_kwCzR0hTQS02OWYyLTQzNzUtcXY5aM4AAxMO

npm smartctl
High
almost 3 years ago

Command Injection in puppet-facter GSA_kwCzR0hTQS1nNXFyLXhnZzctOHEyd84AAxND

npm puppet-facter
High
almost 3 years ago

ReDoS Vulnerability in ua-parser-js version GSA_kwCzR0hTQS1maGc3LW04OXEtMjVyM84AAxIw

npm ua-parser-js
High
almost 3 years ago

Path Traversal in web-node-server GSA_kwCzR0hTQS0zZndxLXF2NXYtMnd4Zs4AAxDR

npm web-node-server
High
almost 3 years ago

RSSHub SSRF vulnerability GSA_kwCzR0hTQS02NHdwLWpoOXAtNWNnMs4AAw6f

npm rsshub
High
almost 3 years ago

gry vulnerable to Command Injection GSA_kwCzR0hTQS13NW13LWYyaHEtNWZ3OM4AAw6U

npm gry
High
almost 3 years ago

gatsby-transformer-remark has possible unsanitized JavaScript code injection GSA_kwCzR0hTQS03Y2g0LXJyOTktY3Fjd84AAw6Q

npm gatsby-transformer-remark
High
almost 3 years ago

skeemas Inefficient Regular Expression Complexity vulnerability GSA_kwCzR0hTQS1xdjY2LWY4NzYtdmp2cs4AAw6F

npm skeemas
High
almost 3 years ago

convict vulnerable to Prototype Pollution GSA_kwCzR0hTQS00anJtLWMzMngtdzRqZs4AAw3Y

npm convict
High
almost 3 years ago

Luxon Inefficient Regular Expression Complexity vulnerability GSA_kwCzR0hTQS0zeHE1LXdqZmgtcHBqY84AAw0p

npm luxon
High
almost 3 years ago

debug Inefficient Regular Expression Complexity vulnerability GSA_kwCzR0hTQS05dnZ3LWNjOXctZjI3aM4AAw0l

npm debug
High
almost 3 years ago

terminal-kit Inefficient Regular Expression Complexity vulnerability GSA_kwCzR0hTQS13eGdoLThnbXItM3FoM84AAwzL

npm terminal-kit
High
almost 3 years ago

robots-txt-guard Inefficient Regular Expression Complexity vulnerability GSA_kwCzR0hTQS02ZzMzLTh3MnEtNGh4ds4AAwwq

npm robots-txt-guard
High
almost 3 years ago

@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS) GSA_kwCzR0hTQS1oODU3LTJnNTYtNDY4Z84AAwwo

npm @mattkrick/sanitize-svg
High
almost 3 years ago

Uniswap Universal Router Incorrect Authorization vulnerability GSA_kwCzR0hTQS03bTM3LWN4MzUtcWdtcs4AAwvt

npm @uniswap/universal-router
High
almost 3 years ago

window-control vulnerable to Command Injection due to improper input sanitization GSA_kwCzR0hTQS05bWp4LXdmcXAtajVwaM4AAwvv

npm window-control
High
almost 3 years ago

MooTools Regular Expression Denial of Service GSA_kwCzR0hTQS12NjNxLWhncWMtcXZwZ84AAwuZ

npm mootools
High
almost 3 years ago

string-kit Inefficient Regular Expression Complexity vulnerability GSA_kwCzR0hTQS1wZnJtLTRyanctZzlxNc4AAwsv

npm string-kit
High
almost 3 years ago

rgb2hex vulnerable to inefficient regular expression complexity GSA_kwCzR0hTQS03NTk5LWZxZ20tdjg0cM4AAwrj

npm rgb2hex
High
almost 3 years ago

Prototype Pollution in JSON5 via Parse Method GSA_kwCzR0hTQS05YzQ3LW02cXEtN3A0aM4AAwpn

npm json5
High
almost 3 years ago

email-existence Inefficient Regular Expression Complexity vulnerability GSA_kwCzR0hTQS1wMjdoLTRjcGYtZnc0OM4AAwnR

npm email-existence
High
almost 3 years ago

markdown-it vulnerable to Inefficient Regular Expression Complexity GSA_kwCzR0hTQS1qNXA3LWpmNHEtNzQycc4AAwnP

npm markdown-it
High
almost 3 years ago

Starcounter-Jack JSON-Patch Prototype Pollution vulnerability GSA_kwCzR0hTQS04Z2g4LWhxd2cteGYzNM4AAwl1

npm fast-json-patch
High
almost 3 years ago

tree-kit vulnerable to Prototype Pollution GSA_kwCzR0hTQS1tdzR4LWcyeDgtcWN2Zs4AAwlu

npm tree-kit
High
almost 3 years ago

SimbCo httpster vulnerable to Path Traversal GSA_kwCzR0hTQS1wOGo4LXd4dnAtaDY5Nc4AAwln

npm httpster
High
almost 3 years ago

jsonwebtoken unrestricted key type could lead to legacy keys usage GSA_kwCzR0hTQS04Y2Y3LTMyZ3ctd3IzM84AAwgf

npm jsonwebtoken
High
almost 3 years ago

dustjs-linkedin vulnerable to Prototype Pollution GSA_kwCzR0hTQS1jNnJwLXdycDktcXI0cc4AAwf6

npm dustjs-linkedin
High
almost 3 years ago

abacus-ext-cmdline vulnerable to Command Injection GSA_kwCzR0hTQS1tNXY4LXdwdzQtcmozeM4AAwd9

npm abacus-ext-cmdline
High
almost 3 years ago

lite-dev-server vulnerable to Directory Traversal GSA_kwCzR0hTQS1wcHB2LWNoOHAtcnAyd84AAwd6

npm lite-dev-server
High
almost 3 years ago

lite-server vulnerable to Denial of Service GSA_kwCzR0hTQS04OXc3LTVxNDUtcjUzd84AAwbi

maven, npm org.webjars.npm:lite-server, lite-server
High
almost 3 years ago

easy-static-server vulnerable to Directory Traversal GSA_kwCzR0hTQS13Y3dtLWMzbXItcHhjcs4AAwbk

npm easy-static-server
High
almost 3 years ago

p4 vulnerable to Command Injection due to improper input sanitization GSA_kwCzR0hTQS1qZm04LWh3aGctcjZnZ84AAwbj

npm p4
High
almost 3 years ago

Knex.js has a limited SQL injection vulnerability GSA_kwCzR0hTQS00anY5LTM1NjMtMjNqM84AAwZv

npm knex
High
almost 3 years ago

@cubejs-backend/api-gateway row level security bypass GSA_kwCzR0hTQS02anFtLTNjOWctcGNoN84AAwRq

npm @cubejs-backend/api-gateway
High
almost 3 years ago

libp2p DoS vulnerability from lack of resource management GSA_kwCzR0hTQS1mNDRxLTYzNGMtanZ3ds4AAwM5

npm libp2p
High
almost 3 years ago

simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol GSA_kwCzR0hTQS05cDk1LWZ4dmctcWdxMs4AAwKh

npm simple-git
High
almost 3 years ago

muhammara and hummus vulnerable to Unchecked Return Value to NULL Pointer Dereference GSA_kwCzR0hTQS0ycjd2LWNtY2gtNXgyNs4AAwJT

npm muhammara, hummus
High
almost 3 years ago

static-dev-server vulnerable to path traversal GSA_kwCzR0hTQS03ZnhtLWM4NDgtODlxOM4AAwEt

npm static-dev-server
High
almost 3 years ago

ghost vulnerable to unauthorized newsletter modification via improper access controls GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB

npm ghost
High
almost 3 years ago

decode-uri-component vulnerable to Denial of Service (DoS) GSA_kwCzR0hTQS13NTczLTRoZzctN3dncc4AAwD1

npm decode-uri-component
High
almost 3 years ago

qs vulnerable to Prototype Pollution GSA_kwCzR0hTQS1ocnBwLWg5OTgtajNwcM4AAwDM

npm qs
High
almost 3 years ago

Redwood is vulnerable to account takeover via dbAuth "forgot-password" GSA_kwCzR0hTQS0zcW1jLTJyNzYtNHJxcM4AAv0B

npm @redwoodjs/api
High
almost 3 years ago

Parse Server is vulnerable to Prototype Pollution via Cloud Code Webhooks GSA_kwCzR0hTQS05M3Z3LThmbTUtcDJqZs4AAv0A

npm parse-server
High
almost 3 years ago

Parse Server vulnerable to Prototype Pollution via Cloud Code Webhooks or Cloud Code Triggers GSA_kwCzR0hTQS14cHJ2LXd2aDctcXFxeM4AAvxw

npm parse-server
High
almost 3 years ago

fastify/websocket vulnerable to uncaught exception via crash on malformed packet GSA_kwCzR0hTQS00cGNnLXdyNmMtaDljcc4AAvu9

npm @fastify/websocket, fastify-websocket
High
about 3 years ago

Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp GSA_kwCzR0hTQS1yY3J4LWZwanAtbWZyd84AAvq7

npm hummus, muhammara
High
about 3 years ago

muhammara and hummus vulnerable to denial of service by NULL pointer dereference GSA_kwCzR0hTQS05Y3Y1LTR3cXYtOXc5NM4AAvnE

npm muhammara
High
about 3 years ago

muhammara and hummus vulnerable to null pointer dereference on bad response object GSA_kwCzR0hTQS1mcnA5LTJ2NnItZ2o5N84AAvnJ

npm muhammara
High
about 3 years ago

kangax html-minifier REDoS vulnerability GSA_kwCzR0hTQS1wZnE4LXJxNnYtdmY1bc4AAvm3

npm html-minifier
High
about 3 years ago

Inefficient Regular Expression Complexity in shescape GSA_kwCzR0hTQS1jcjg0LXh2dzQtcXgzY84AAvio

npm shescape
High
about 3 years ago

Markdownify subject to Remote Code Execution via malicious markdown file GSA_kwCzR0hTQS1jOTQyLW1mbXAtcDRmaM4AAvc5

npm electron-markdownify
High
about 3 years ago

parse-server crashes when receiving file download request with invalid byte range GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP

npm parse-server
High
about 3 years ago

minimatch ReDoS vulnerability GSA_kwCzR0hTQS1mOHE2LXA5NHgtMzd2M84AAvaI

npm minimatch
High
about 3 years ago

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable GSA_kwCzR0hTQS0zcmZtLWpod2otNzQ4OM4AAvVB

npm loader-utils
High
about 3 years ago

Signature bypass via multiple root elements GSA_kwCzR0hTQS01cDh3LTJtdnctMzhwds4AAvTF

npm node-saml
High
about 3 years ago

Signature bypass via multiple root elements GSA_kwCzR0hTQS1tOTc0LTY0N3Ytd2h2N84AAvTE

npm @node-saml/passport-saml, @node-saml/node-saml, node-saml, passport-saml
High
about 3 years ago

loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) GSA_kwCzR0hTQS1oaHEzLWZmNzgtanYzZ84AAvRq

npm loader-utils
High
about 3 years ago

fastify vulnerable to denial of service via malicious Content-Type GSA_kwCzR0hTQS00NTV3LWM0NXYtODZyZ84AAvO9

npm fastify
High
about 3 years ago

tiny-csrf has openly visible CSRF tokens GSA_kwCzR0hTQS1wajJjLWg3NnctdnY2Zs4AAvNW

npm tiny-csrf
High
about 3 years ago

v8n vulnerable to Inefficient Regular Expression Complexity GSA_kwCzR0hTQS14cng5LWdqMjYtNXd4Oc4AAvMH

npm v8n
High
about 3 years ago

generator-jhipster vulnerable to login check Regular Expression Denial of Service GSA_kwCzR0hTQS04dzd3LTY3bXctcjVwN84AAvLq

npm generator-jhipster
High
about 3 years ago

Snyk CLI affected by Command Injection vulnerability GSA_kwCzR0hTQS1ocHFqLTdjajYtaGZqOM4AAvJ0

npm snyk-go-plugin, snyk
High
about 3 years ago

css-what vulnerable to ReDoS due to use of insecure regular expression GSA_kwCzR0hTQS1wMjhoLWNjN3EtYzRmZ84AAvJj

npm css-what
High
about 3 years ago

react-native-reanimated vulnerable to ReDoS GSA_kwCzR0hTQS0yajc5LThwcWMtcjd4Ns4AAvJg

npm react-native-reanimated
High
about 3 years ago

Joplin Remote Code Execution GSA_kwCzR0hTQS1tanI1LXY5YzktbW03Z84AAvIt

npm joplin

Filter by Severity

High 1,600 Moderate 1,281 Critical 1,016 Low 219

Filter by Package

parse-server 16 flowise 12 electron 12 next 11 directus 11 @anthropic-ai/claude-code 9 tar 7 @strapi/strapi 7 strapi 7 express-cart 6 npm 6 @openzeppelin/contracts 6 sequelize 6 handlebars 6 matrix-js-sdk 6 @openzeppelin/contracts-upgradeable 5 systeminformation 5 axios 5 serve 5 n8n 5 ua-parser-js 5 @haxtheweb/haxcms-nodejs 5 @strapi/plugin-users-permissions 4 openpgp 4 total.js 4 matrix-react-sdk 4 yarn 4 tar-fs 4 multer 4 muhammara 4 @finos/git-proxy 4 auth0-js 4 ckeditor4 4 qs 4 shescape 4 generator-jhipster 4 prismjs 4 @apollo/gateway 4 nocodb 4 hapi 4 marked 4 passport-wsfed-saml2 3 @sveltejs/kit 3 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 3 @backstage/plugin-scaffolder-backend 3 next-auth 3 jspdf 3 jsrsasign 3 ids-enterprise 3 ecstatic 3 fastify 3 node-forge 3 keystone 3 @commercial/subtext 3 node-opcua 3 mermaid 3 meshcentral 3 @uppy/companion 3 vite 3 simple-git 3 moment 3 hermes-engine 3 ghost 3 socket.io-file 3 highcharts 3 ws 3 convert-svg-core 3 remarkable 3 rendertron 3 aws-iot-device-sdk-v2 3 steal 3 localhost-now 3 open-webui 3 awsiotsdk 3 open-webui 3 sails 2 astro 2 codecov 2 css-what 2 engine.io 2 tiny-secp256k1 2 jquery-validation 2 uptime-kuma 2 urijs 2 @kindspells/astro-shield 2 code-server 2 minimatch 2 grunt 2 node-saml 2 hawk 2 dojo 2 mixme 2 @tinacms/cli 2 @nguniversal/common 2 @cubejs-backend/api-gateway 2 @angular/ssr 2 http-proxy 2 pdfjs-dist 2 devcert 2 vp-toolkit 2 fast-xml-parser 2 simple-markdown 2 dompurify 2 @modelcontextprotocol/server-filesystem 2 erxes 2 debug 2 lodash.merge 2 is-svg 2 eta 2 loopback-connector-mongodb 2 @theia/mini-browser 2 decal 2 path-to-regexp 2 @npmcli/arborist 2 mongoose 2 snyk 2 lodash.mergewith 2 mongosh 2 detect-character-encoding 2 @nubosoftware/node-static 2 @evershop/evershop 2 nuxt-api-party 2 convict 2 lodash.defaultsdeep 2 content 2 @solana/web3.js 2 mout 2 angular-expressions 2 hono 2 buttle 2 sqlite3 2 react-router 2 mqtt-packet 2 oauth2-server 2 squirrelly 2 object-path 2 jointjs 2 joplin 2 angular 2 financejs 2 Moment.js 2 deep-get-set 2 @strikeentco/set 2 json-ptr 2 flowise-components 2 glob-parent 2 rsshub 2 xdLocalStorage 2 @saltcorn/server 2 xlsx 2 hummus 2 @auth0/nextjs-auth0 2 @plone/volto 2 matrix-appservice-irc 2 semver 2 immer 2 pnpm 2 cached-path-relative 2 @fastify/multipart 2 total4 2 rollup-plugin-server 2 typeorm 2 node-jose 2 assign-deep 2 @discordjs/opus 2 @directus/api 2 http-live-simulator 2 nodebb 2 mcstatic 2 fs-git 2 loader-utils 2 undici 2 fuxa-server 2 merge 2 bmoor 2 @frangoteam/fuxa 2 @conform-to/zod 1 connect-multiparty 1 connect-pg-simple 1 console-feed 1 content-security-policy-parser 1 controlled-merge 1 convert-svg-to-jpeg 1 convert-svg-to-png 1 cookie-encrypter 1 @cookiex/deep 1 cool-path 1 copy-props 1 cordova-android 1 cordova-plugin-ionic-webview 1 create-choo-app3 1 crossenv 1 cross-spawn 1 crud-file-server 1 crud-query-parser 1 csrf-lite 1 csvjson 1 csv-parse 1 cuciuci 1 cue-sdk-node 1

Filter by Repository

https://github.com/parse-community/parse-server 16 https://github.com/electron/electron 12 https://github.com/directus/directus 12 https://github.com/strapi/strapi 11 https://github.com/FlowiseAI/Flowise 10 https://github.com/vercel/next.js 9 https://github.com/anthropics/claude-code 9 https://github.com/backstage/backstage 8 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/npm/node-tar 6 https://github.com/sequelize/sequelize 6 https://github.com/matrix-org/matrix-js-sdk 6 https://github.com/faisalman/ua-parser-js 5 https://github.com/axios/axios 5 https://github.com/haxtheweb/issues 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/n8n-io/n8n 5 https://github.com/sebhildebrandt/systeminformation 5 https://github.com/npm/cli 4 https://github.com/node-opcua/node-opcua 4 https://github.com/saltcorn/saltcorn 4 https://github.com/totaljs/framework 4 https://github.com/matrix-org/matrix-react-sdk 4 https://github.com/ericcornelissen/shescape 4 https://github.com/expressjs/multer 4 https://github.com/openpgpjs/openpgpjs 4 https://github.com/PrismJS/prism 4 https://github.com/mafintosh/tar-fs 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/nocodb/nocodb 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/finos/git-proxy 4 https://github.com/udecode/plate 3 https://github.com/highcharts/highcharts 3 https://github.com/stealjs/steal 3 https://github.com/kjur/jsrsasign 3 https://github.com/transloadit/uppy 3 https://github.com/steveukx/git-js 3 https://github.com/TryGhost/Ghost 3 https://github.com/GoogleChrome/rendertron 3 https://github.com/handlebars-lang/handlebars.js 3 https://github.com/balderdashy/sails 3 https://github.com/sveltejs/kit 3 https://github.com/moment/moment 3 https://github.com/vitejs/vite 3 https://github.com/remix-run/react-router 3 https://github.com/gatsbyjs/gatsby 3 https://github.com/Marak/colors.js 3 https://github.com/jonschlinkert/remarkable 3 https://github.com/aws/aws-iot-device-sdk-java-v2 3 https://github.com/fastify/fastify-multipart 3 https://github.com/npm/npm 3 https://github.com/auth0/passport-wsfed-saml2 3 https://github.com/digitalbazaar/forge 3 https://github.com/hapijs/subtext 3 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/nextauthjs/next-auth 3 https://github.com/fastify/fastify 3 https://github.com/Ylianst/MeshCentral 3 https://github.com/mozilla/pdf.js 3 https://github.com/cure53/DOMPurify 3 https://github.com/keystonejs/keystone 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/apollographql/federation 3 https://github.com/ofirdagan/cross-domain-local-storage 3 https://github.com/mrvautin/expressCart 3 https://github.com/withastro/astro 3 https://github.com/yarnpkg/yarn 3 https://github.com/facebook/hermes 3 https://github.com/clientIO/joint 2 https://github.com/jonschlinkert/assign-deep 2 https://github.com/mozilla/node-convict 2 https://github.com/honojs/hono 2 https://github.com/jquery-validation/jquery-validation 2 https://github.com/fb55/css-what 2 https://github.com/vivaxy/here 2 https://github.com/NaturalIntelligence/fast-xml-parser 2 https://github.com/ag-grid/ag-grid 2 https://github.com/VulnSageAgent/PoCs 2 https://github.com/modelcontextprotocol/servers 2 https://github.com/websockets/ws 2 https://github.com/tinacms/tinacms 2 https://github.com/solana-labs/solana-web3.js 2 https://github.com/DCKT/localhost-now 2 https://github.com/eclipse-theia/theia 2 https://github.com/oauthjs/node-oauth2-server 2 https://github.com/electron-userland/electron-builder 2 https://github.com/dimpu/ngx-md 2 https://github.com/npm/arborist 2 https://github.com/louislam/uptime-kuma 2 https://github.com/sindresorhus/is-svg 2 https://github.com/hapijs/hoek 2 https://github.com/julianhille/MuhammaraJS 2 https://github.com/eta-dev/eta 2 https://github.com/markedjs/marked 2 https://github.com/strikeentco/set 2 https://github.com/ebradyjobory/finance.js 2 https://github.com/VulnSphere/LLMVulnSphere 2 https://github.com/adaltas/node-mixme 2 https://github.com/DIYgod/RSSHub 2 https://github.com/plone/volto 2 https://github.com/cloudhead/node-static 2 https://github.com/erxes/erxes 2 https://github.com/peerigon/angular-expressions 2 https://github.com/neocotic/convert-svg 2 https://github.com/immerjs/immer 2 https://github.com/nuxt/nuxt 2 https://github.com/open-webui/open-webui 2 https://github.com/auth0/nextjs-auth0 2 https://github.com/418sec/json-ptr 2 https://github.com/beerpwn/CVE 2 https://github.com/pillarjs/path-to-regexp 2 https://github.com/typeorm/typeorm 2 https://github.com/ariabuckles/simple-markdown 2 https://github.com/OrangeShieldInfos/PoCs 2 https://github.com/debug-js/debug 2 https://github.com/chjj/marked 2 https://github.com/johannschopplich/nuxt-api-party 2 https://github.com/ljharb/qs 2 https://github.com/TryGhost/node-sqlite3 2 https://github.com/discordjs/opus 2 https://github.com/apollographql/apollo-server 2 https://github.com/ashaffer/cached-path-relative 2 https://github.com/matrix-org/matrix-appservice-irc 2 https://github.com/mout/mout 2 https://github.com/socketio/engine.io 2 https://github.com/rabobank-blockchain/vp-toolkit 2 https://github.com/webpack/loader-utils 2 https://github.com/vvakame/fs-git 2 https://github.com/parallax/jsPDF 2 https://github.com/cisco/node-jose 2 https://github.com/dojo/dojo 2 https://github.com/cube-js/cube.js 2 https://github.com/rico345100/socket.io-file 2 https://github.com/galkahana/HummusJS 2 https://github.com/gigafied/decal.js 2 https://github.com/pnpm/pnpm 2 https://github.com/sonicdoe/detect-character-encoding 2 https://github.com/evershopcommerce/evershop 2 https://github.com/nodejs/undici 2 https://github.com/gruntjs/grunt 2 https://github.com/b-heilman/bmoor 2 https://github.com/mariocasciaro/object-path 2 https://github.com/squirrellyjs/squirrelly 2 https://github.com/bitcoinjs/tiny-secp256k1 2 https://github.com/buefy/buefy 1 https://github.com/Ranks/emojione 1 https://github.com/iden3/snarkjs 1 https://github.com/cliftonc/calipso 1 https://github.com/creharmony/node-etsy-client 1 https://github.com/ua-parser/uap-core 1 https://github.com/mde/utilities 1 https://github.com/jonschlinkert/defaults-deep 1 https://github.com/libxmljs/libxmljs 1 https://github.com/carlos8f/node-accesslog 1 https://github.com/vesse/node-ldapauth-fork 1 https://github.com/expressjs/connect-multiparty 1 https://github.com/rollup/rollup 1 https://github.com/opensearch-project/OpenSearch-Dashboards 1 https://github.com/sindresorhus/file-type 1 https://github.com/sammcj/mcp-package-docs 1 https://github.com/bruno-robert/window-control 1 https://github.com/fedify-dev/fedify 1 https://github.com/fastify/fastify-websocket 1 https://github.com/mafintosh/dns-packet 1 https://github.com/kylefarris/clamscan 1 https://github.com/DataTables/DataTablesSrc 1 https://github.com/avwo/whistle 1 https://github.com/coinbase/x402 1 https://github.com/nats-io/nats.ws 1 https://github.com/browserify/browserify-sign 1 https://github.com/fastify/session 1 https://github.com/segmentio/is-url 1 https://github.com/DylanPiercey/local-devices 1 https://github.com/Prestaul/skeemas 1 https://github.com/FixedOctocat/CVE-2024-25466 1 https://github.com/natelong/p4 1 https://github.com/dorattias/CVE-2025-26319 1 https://github.com/MateusTesser/CVE-2023-31718 1 https://github.com/uWebSockets/uWebSockets 1 https://github.com/QuorumDMS/ftp-srv 1 https://github.com/vdemedes/secure-compare 1 https://github.com/leeoniya/uPlot 1 https://github.com/kottster/kottster 1 https://github.com/AlgoRythm-Dylan/httpserv 1 https://github.com/mcollina/mosca 1 https://github.com/stryker-mutator/stryker-js 1 https://github.com/mat-sz/lettersanitizer 1 https://github.com/facebook/react-native 1 https://github.com/prisma-labs/graphql-playground 1 https://github.com/caolan/async 1 https://github.com/bootstrap-tagsinput/bootstrap-tagsinput 1 https://github.com/JoeScho/get-ip-range 1 https://github.com/demergent-labs/azle 1 https://github.com/indutny/elliptic 1 https://github.com/mattkrick/sanitize-svg 1 https://github.com/phulelouch/CVEs 1 https://github.com/cdr/code-server 1 https://github.com/NodeBB/NodeBB 1