npm
5,162,107 packages · npmjs.org
Moderate Security Advisories in npm Clear Filters
Moderate
about 2 years ago
Strapi's field level permissions not being respected in relationship title
npm
@strapi/plugin-content-manager
Moderate
about 2 years ago
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
npm
@strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Moderate
about 2 years ago
Buttercup allows attackers to obtain the hash of the master password
npm
buttercup
Moderate
about 2 years ago
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
npm
electron
Moderate
about 2 years ago
Electron context isolation bypass via nested unserializable return value
npm
electron
Moderate
about 2 years ago
@adobe/css-tools Regular Expression Denial of Service (ReDOS) while Parsing CSS
npm
@adobe/css-tools
Moderate
about 2 years ago
MongoDB Driver may publish events containing authentication-related data
npm, packagist
mongodb, mongodb/mongodb
Moderate
about 2 years ago
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
npm
@webiny/react-rich-text-renderer
Moderate
about 2 years ago
@node-saml/node-saml's validatePostRequestAsync does not include checkTimestampsValidityError
npm
@node-saml/node-saml
Moderate
about 2 years ago
@excalidraw/excalidraw Cross-site Scripting vulnerability
npm
@excalidraw/excalidraw
Moderate
about 2 years ago
Ghost vulnerable to arbitrary file read via symlinks in content import
npm
ghost
Moderate
about 2 years ago
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible
npm
@keystone-6/core
Moderate
about 2 years ago
Svelecte item names vulnerable to execution of arbitrary JavaScript
npm
svelecte
Moderate
about 2 years ago
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
npm
@openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
about 2 years ago
SUCHMOKUO node-worker-threads-pool denial of service Vulnerability
npm
node-worker-threads-pool
Moderate
about 2 years ago
matrix-appservice-irc IRC command injection via admin commands containing newlines
npm
matrix-appservice-irc
Moderate
about 2 years ago
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
npm
matrix-appservice-bridge
Moderate
about 2 years ago
.eth registrar controller can shorten the duration of registered names
npm
@ensdomains/ens-contracts
Moderate
about 2 years ago
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
npm
@simonsmith/cypress-image-snapshot
Moderate
about 2 years ago
Unintentional leakage of private information via cross-origin websocket session hijacking
npm
nodebb
Moderate
about 2 years ago
Making all attributes on a content-type public without noticing it
npm
@strapi/database, @strapi/utils, @strapi/strapi
Moderate
about 2 years ago
matrix-react-sdk vulnerable to XSS in Export Chat feature
npm
matrix-react-sdk
Moderate
about 2 years ago
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor
npm
ckeditor-wordcount-plugin
Moderate
about 2 years ago
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability
npm
@vendure/admin-ui-plugin
Moderate
over 2 years ago
angular-ui-notification Cross-site Scripting vulnerability
npm
angular-ui-notification
Moderate
over 2 years ago
word-wrap vulnerable to Regular Expression Denial of Service
npm
word-wrap
Moderate
over 2 years ago
When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id
npm
remult
Moderate
over 2 years ago
AWS CDK EKS overly permissive trust policies
npm
@aws-cdk/aws-eks, aws-cdk-lib
Moderate
over 2 years ago
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
npm
@openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
over 2 years ago
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
npm
fast-xml-parser
Moderate
over 2 years ago
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
npm
@openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
over 2 years ago
Phishing attack vulnerability by uploading malicious HTML file
npm
parse-server
Moderate
over 2 years ago
html inputs of type password recorded in plaintext when converted to text inputs
npm
highlight.run
Moderate
over 2 years ago
Insufficient validation when decoding a Socket.IO packet
npm
socket.io-parser
Moderate
over 2 years ago
Invalid push request payload crashes Parse Server
npm
parse-server-push-adapter
Moderate
over 2 years ago
@mittwald/kubernetes's secret contents leaked via debug logging
npm
@mittwald/kubernetes
Moderate
over 2 years ago
@builder.io/qwik-city Cross-Site Request Forgery vulnerability
npm
@builder.io/qwik-city
Moderate
over 2 years ago
Bypass of CSRF protection in the presence of predictable userInfo
npm
@fastify/csrf-protection
Moderate
over 2 years ago
Path traversal vulnerability in gatsby-plugin-sharp
npm
gatsby-plugin-sharp
Moderate
over 2 years ago
Strapi does not verify the access or ID tokens issued during the OAuth flow
npm
@strapi/plugin-users-permissions
Moderate
over 2 years ago
`chainId` may be outdated if user changes chains as part of connection in @web3-react
npm
@web3-react/walletconnect, @web3-react/metamask, @web3-react/eip1193, @web3-react/coinbase-wallet
Moderate
over 2 years ago
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
npm
@openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
over 2 years ago
matrix-js-sdk vulnerable to invisible eavesdropping in group calls
npm
matrix-js-sdk
Moderate
over 2 years ago
Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter
npm
editor.md
Moderate
over 2 years ago
Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter
npm
editor.md
Moderate
over 2 years ago
angular vulnerable to regular expression denial of service via the $resource service
npm
angular
Moderate
over 2 years ago
angular vulnerable to regular expression denial of service via the angular.copy() utility
npm
angular
Moderate
over 2 years ago
angular vulnerable to regular expression denial of service via the <input type="url"> element
npm
angular
Moderate
over 2 years ago
directus vulnerable to Insertion of Sensitive Information into Log File
npm
directus
Moderate
over 2 years ago
Directus vulnerable to extraction of password hashes through export querying
npm
directus
Moderate
over 2 years ago
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
npm
@nestjs/core
Moderate
over 2 years ago
Directus vulnerable to Server-Side Request Forgery On File Import
npm
directus
Moderate
over 2 years ago
OpenZeppelin Contracts contains Incorrect Calculation
npm
@openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Moderate
over 2 years ago
Vega vulnerable to arbitrary code execution when clicking href links
npm
vega
Moderate
over 2 years ago
keycloak-connect contains Open redirect vulnerability in the Node.js adapter
npm
keycloak-connect
Moderate
over 2 years ago
Vega Expression Language `scale` expression function Cross Site Scripting
npm
vega, vega-functions
Moderate
over 2 years ago
Vega has Cross-site Scripting vulnerability in `lassoAppend` function
npm
vega-functions, vega
Moderate
over 2 years ago
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters
npm
rsshub
Moderate
over 2 years ago
@braintree/sanitize-url Cross-site Scripting vulnerability
npm
@braintree/sanitize-url
Moderate
over 2 years ago
Baremetrics date range picker vulnerable to Cross-site Scripting
npm
baremetrics-calendar
Moderate
over 2 years ago
@claviska/jquery-minicolors vulnerable to Cross-site Scripting
npm
@claviska/jquery-minicolors
Moderate
over 2 years ago
generator-hottowel Cross-site Scripting vulnerability
npm
generator-hottowel
Moderate
over 2 years ago
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
npm
@graphql-mesh/http, @graphql-mesh/cli
Moderate
over 2 years ago
Sequelize information disclosure vulnerability
npm
@sequelize/core, sequelize
Filter by Severity
Filter by Package
directus
23
tinymce
14
next
12
@openzeppelin/contracts
11
ckeditor4
11
ghost
11
tinymce/tinymce
11
TinyMCE
11
@openzeppelin/contracts-upgradeable
11
electron
10
joplin
10
vite
10
angular
9
swagger-ui
9
parse-server
8
editor.md
8
sanitize-html
7
marked
7
validator
7
nocodb
7
n8n
7
nodebb
7
undici
6
matrix-js-sdk
6
snyk-broker
6
flowise
6
urijs
6
org.webjars.npm:jquery-ui
6
jquery-ui
6
vega
6
uptime-kuma
6
bootstrap
6
jQuery.UI.Combined
6
url-parse
6
froala-editor
5
@lobehub/chat
5
jquery
5
katex
5
@evershop/evershop
5
matrix-appservice-irc
5
vditor
5
tarteaucitronjs
5
rsshub
4
matrix-react-sdk
4
serve
4
twbs/bootstrap
4
yui
4
trix
4
astro
4
jQuery
4
bootstrap-sass
4
materialize-css
4
mermaid
4
@directus/api
4
vega-functions
4
org.webjars:bootstrap
4
dompurify
4
glance
4
bootstrap
4
hono
4
@jmondi/url-to-png
3
org.webjars.npm:jquery
3
jquery-ui-rails
3
@ckeditor/ckeditor5-markdown-gfm
3
@intlify/vue-i18n-core
3
next-auth
3
jose-node-esm-runtime
3
docsify
3
statics-server
3
jose
3
express
3
@materializecss/materialize
3
strapi
3
bootstrap-sass
3
renovate
3
valine
3
@backstage/techdocs-common
3
public
3
parse-url
3
@saltcorn/server
3
layui
3
jose-node-cjs-runtime
3
m-server
3
bootstrap
3
mattermost-desktop
3
systeminformation
3
postcss
3
sequelize
3
dojo
3
vue-i18n
3
petite-vue-i18n
3
apollo-server-core
3
mysql
3
hapi
3
follow-redirects
3
yapi-vendor
3
xlsx
3
payload
2
openmct
2
auth0-lock
2
jsoneditor
2
express-xss-sanitizer
2
socket.io
2
node-sass
2
@escape.tech/graphql-armor-max-depth
2
wrangler
2
@strapi/admin
2
lodash
2
node-red-dashboard
2
engine.io
2
element-plus
2
@intlify/core-base
2
lodash-es
2
jellyfin-web
2
http-file-server
2
status-board
2
request
2
@openc3/tool-common
2
@strapi/strapi
2
psitransfer
2
keystone
2
handlebars
2
nanoid
2
jszip
2
pug
2
gitbook
2
svelte
2
reveal.js
2
@payloadcms/next
2
i18next
2
summernote
2
aws-cdk-lib
2
simplehttpserver
2
apollo-server
2
pnpm
2
Umbraco.Cms.StaticAssets
2
@auth0/nextjs-auth0
2
openc3
2
simple-markdown
2
@astrojs/node
2
@adobe/css-tools
2
bootbox
2
lodash-rails
2
bodymen
2
node-forge
2
querymen
2
quill
2
notevil
2
highlight.js
2
moodle/moodle
2
bl
2
swagger-ui-dist
2
ejs
2
ggit
2
@haxtheweb/haxcms-nodejs
2
openpgp
2
keycloak-connect
2
@fedify/fedify
2
@braintree/sanitize-url
2
axios
2
apostrophe
2
prismjs
2
@directus/storage-driver-s3
2
rendertron
2
@cloudflare/workers-oauth-provider
2
@umbraco-cms/backoffice
2
jodit
2
forms
2
stimulsoft-dashboards-js
2
erxes
2
jsonwebtoken
2
html-janitor
2
json-pointer
2
serialize-javascript
2
mxgraph
2
parse
2
saml2-js
2
express-gateway
2
connect
2
harp
2
nunjucks
2
webpack-dev-server
2
simditor
2
@vrite/sdk
2
karma
2
nodemailer
2
@strapi/utils
2
google-closure-library
2
@intlify/core
2
@strapi/plugin-content-manager
2
converse.js
2
@excalidraw/excalidraw
2
mcp-markdownify-server
2
http-proxy-middleware
2
jspdf
2
aws-cdk
2
mongo-express
2
@builder.io/qwik
2
fastify
2
jsrsasign
2
Filter by Repository
https://github.com/directus/directus
24
https://github.com/tinymce/tinymce
14
https://github.com/electron/electron
11
https://github.com/OpenZeppelin/openzeppelin-contracts
11
https://github.com/strapi/strapi
11
https://github.com/TryGhost/Ghost
10
https://github.com/ckeditor/ckeditor4
10
https://github.com/laurent22/joplin
10
https://github.com/vitejs/vite
10
https://github.com/backstage/backstage
10
https://github.com/vercel/next.js
10
https://github.com/parse-community/parse-server
8
https://github.com/pandao/editor.md
8
https://github.com/swagger-api/swagger-ui
8
https://github.com/vega/vega
7
https://github.com/jquery/jquery
7
https://github.com/n8n-io/n8n
7
https://github.com/nocodb/nocodb
7
https://github.com/matrix-org/matrix-js-sdk
6
https://github.com/FlowiseAI/Flowise
6
https://github.com/NodeBB/NodeBB
6
https://github.com/nodejs/undici
6
https://github.com/louislam/uptime-kuma
6
https://github.com/panva/jose
6
https://github.com/matrix-org/matrix-appservice-irc
5
https://github.com/withastro/astro
5
https://github.com/evershopcommerce/evershop
5
https://github.com/unshiftio/url-parse
5
https://github.com/lobehub/lobe-chat
5
https://github.com/ckeditor/ckeditor5
5
https://github.com/apostrophecms/sanitize-html
5
https://github.com/KaTeX/KaTeX
5
https://github.com/jquery/jquery-ui
5
https://github.com/apollographql/apollo-server
4
https://github.com/aws/aws-cdk
4
https://github.com/AmauriC/tarteaucitron.js
4
https://github.com/Dogfalo/materialize
4
https://github.com/DIYgod/RSSHub
4
https://github.com/nextauthjs/next-auth
4
https://github.com/markedjs/marked
4
https://github.com/keystonejs/keystone
4
https://github.com/basecamp/trix
4
https://github.com/matrix-org/matrix-react-sdk
4
https://github.com/mermaid-js/mermaid
4
https://github.com/honojs/hono
4
https://github.com/jarofghosts/glance
3
https://github.com/postcss/postcss
3
https://github.com/follow-redirects/follow-redirects
3
https://github.com/vanessa219/vditor
3
https://github.com/haxtheweb/issues
3
https://github.com/angular/angular.js
3
https://github.com/cure53/DOMPurify
3
https://github.com/eclipse-theia/theia
3
https://github.com/medialize/uri.js
3
https://github.com/jasonraimondi/url-to-png
3
https://github.com/xCss/Valine
3
https://github.com/twbs/bootstrap
3
https://github.com/docsifyjs/docsify
3
https://github.com/renovatebot/renovate
3
https://github.com/sebhildebrandt/systeminformation
3
https://github.com/medialize/URI.js
3
https://github.com/nuxt/nuxt
3
https://github.com/sequelize/sequelize
3
https://github.com/hapijs/hapi
3
https://github.com/YMFE/yapi
3
https://github.com/intlify/vue-i18n
3
https://github.com/ionicabizau/parse-url
3
https://github.com/cloudflare/workers-sdk
3
https://github.com/froala/wysiwyg-editor
3
https://github.com/saltcorn/saltcorn
3
https://github.com/Escape-Technologies/graphql-armor
3
https://github.com/quilljs/quill
2
https://github.com/dahlia/fedify
2
https://github.com/getsentry/sentry-javascript
2
https://github.com/request/request
2
https://github.com/mozilla/nunjucks
2
https://github.com/mde/ejs
2
https://github.com/caolan/forms
2
https://github.com/givanz/VvvebJs
2
https://github.com/digitalbazaar/forge
2
https://github.com/sidorares/node-mysql2
2
https://github.com/yahoo/serialize-javascript
2
https://github.com/openpgpjs/openpgpjs
2
https://github.com/rvagg/bl
2
https://github.com/gatsbyjs/gatsby
2
https://github.com/erxes/erxes
2
https://github.com/auth0/nextjs-auth0
2
https://github.com/validatorjs/validator.js
2
https://github.com/apostrophecms/apostrophe
2
https://github.com/chocobozzz/peertube
2
https://github.com/socketio/socket.io
2
https://github.com/summernote/summernote
2
https://github.com/nestjs/nest
2
https://github.com/lodash/lodash
2
https://github.com/kjur/jsrsasign
2
https://github.com/pugjs/pug
2
https://github.com/koush/scrypted
2
https://github.com/mysqljs/mysql
2
https://github.com/vendure-ecommerce/vendure
2
https://github.com/sveltejs/svelte
2
https://github.com/facebook/react
2
https://github.com/VulnSageAgent/PoCs
2
https://github.com/zcaceres/markdownify-mcp
2
https://github.com/GoogleChrome/rendertron
2
https://github.com/highlightjs/highlight.js
2
https://github.com/manuelstofer/json-pointer
2
https://github.com/auth0/lock
2
https://github.com/firebase/firebase-js-sdk
2
https://github.com/sass/node-sass
2
https://github.com/google/closure-library
2
https://github.com/axios/axios
2
https://github.com/moxiecode/plupload
2
https://github.com/webpack/webpack-dev-server
2
https://github.com/punkave/sanitize-html
2
https://github.com/umbraco/Umbraco-CMS
2
https://github.com/Vanessa219/vditor
2
https://github.com/salesforce/tough-cookie
2
https://github.com/nodemailer/nodemailer
2
https://github.com/auth0/node-jsonwebtoken
2
https://github.com/adobe/css-tools
2
https://github.com/vriteio/vrite
2
https://github.com/Urigo/graphql-mesh
2
https://github.com/Finastra/finastra-nodejs-libs
2
https://github.com/braintree/sanitize-url
2
https://github.com/keycloak/keycloak-nodejs-connect
2
https://github.com/pnpm/pnpm
2
https://github.com/i18next/i18next
2
https://github.com/nasa/openmct
2
https://github.com/socketio/engine.io
2
https://github.com/psi-4ward/psitransfer
2
https://github.com/jameswlane/status-board
2
https://github.com/Khan/simple-markdown
2
https://github.com/chimurai/http-proxy-middleware
2
https://github.com/expressjs/express
2
https://github.com/josdejong/jsoneditor
2
https://github.com/nearform/fast-jwt
2
https://github.com/ai/nanoid
2
https://github.com/cloudflare/workers-oauth-provider
2
https://github.com/OpenC3/cosmos
2
https://github.com/matrix-org/matrix-appservice-bridge
2
https://github.com/fastify/fastify
2
https://github.com/jellyfin/jellyfin-web
2
https://github.com/xmldom/xmldom
2
https://github.com/AhmedAdelFahim/express-xss-sanitizer
2
https://github.com/guardian/html-janitor
2
https://github.com/Stuk/jszip
2
https://github.com/MrRio/jsPDF
2
https://github.com/freshfish-hust/my-cves
2
https://github.com/zeit/next.js
2
https://github.com/payloadcms/payload
2
https://github.com/karma-runner/karma
2
https://github.com/excalidraw/excalidraw
2
https://github.com/squirrelchat/smol-toml
1
https://github.com/NetEase/pomelo
1
https://github.com/vuetifyjs/vuetify
1
https://github.com/netlify/netlify-ipx
1
https://github.com/radashi-org/radashi
1
https://github.com/mathjax/MathJax
1
https://github.com/tj/node-cookie-signature
1
https://github.com/indutny/elliptic
1
https://github.com/LingyuCoder/express-mock-middleware
1
https://github.com/tristao-marinho/CVE-2023-41646
1
https://github.com/janl/node-jsonpointer
1
https://github.com/vgno/koa-remove-trailing-slashes
1
https://github.com/knockout/knockout
1
https://github.com/node-saml/passport-saml
1
https://github.com/samholmes/node-open-graph
1
https://github.com/directus/api
1
https://github.com/simonh1000/angular-http-server
1
https://github.com/NervJS/taro
1
https://github.com/deoxxa/dotty
1
https://github.com/cube-js/cube
1
https://github.com/liferay/liferay-portal
1
https://github.com/arnog/mathlive
1
https://github.com/TooTallNate/node-https-proxy-agent
1
https://github.com/DependencyTrack/frontend
1
https://github.com/ryanlelek/Raneto
1
https://github.com/snowflakedb/snowflake-connector-nodejs
1
https://github.com/isomorphic-git/isomorphic-git
1
https://github.com/lukeed/dset
1
https://github.com/openwhisk/openwhisk-client-js
1
https://github.com/actions/toolkit
1
https://github.com/Zireael-N/node-weakauras-parser
1
https://github.com/ajv-validator/ajv
1
https://github.com/Uniswap/web3-react
1
https://github.com/LemonLDAPNG/node-lemonldap-ng-handler
1
https://github.com/zowe/zowe-cli
1
https://github.com/sapphi-red/vite-plugin-static-copy
1
https://github.com/hayageek/jquery-upload-file
1
https://github.com/TryGhost/express-hbs
1
https://github.com/johnpapa/generator-hottowel
1
https://github.com/minimistjs/minimist
1
https://github.com/streamich/fastest-json-copy
1
https://github.com/BorisMoore/jsrender
1
https://github.com/Keyang/node-csvtojson
1
https://github.com/codex-team/editor.js
1
https://github.com/awslabs/fhir-works-on-aws-authz-smart
1
https://github.com/fastify/fastify-swagger-ui
1
https://github.com/ceolter/ag-grid
1