synk.csv

Vulnerability,Package Name,Details Page,CVE,POC Available,Affected Version,Github Link
Remote Code Execution (RCE),ckeditor4,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4-2308230,CVE-2020-27193,False,<4.15.1 ,n/a
Arbitrary File Upload,plupload,https://security.snyk.io/vuln/SNYK-JS-PLUPLOAD-1583909,CVE-2021-23562,False,<2.3.9 ,https://github.com/moxiecode/plupload/commit/d12175d4b5fa799b994ee1bb17bfbeec55b386fb
Remote Code Execution (RCE),@backstage/plugin-scaffolder-backend,https://security.snyk.io/vuln/SNYK-JS-BACKSTAGEPLUGINSCAFFOLDERBACKEND-2308016,,False,<0.15.14 ,https://github.com/backstage/backstage/commit/a096e4c4d78bab2d392af5b768eb4f87b9f4401c
Out-of-bounds Write,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1932551,CVE-2021-37981,False,>=12.0.0 <12.2.3 >=13.0.0 <13.6.1 >=14.0.0 <14.2.1 >=15.0.0 <15.3.1 ,https://github.com/electron/electron/commit/7313f7ebeb007c51c3de58ebf6f6726ae91fd7e3
Out-of-bounds Write,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1932549,CVE-2021-37984,False,>=12.0.0 <12.2.3 >=13.0.0 <13.6.1 >=14.0.0 <14.2.1 ,https://github.com/electron/electron/commit/841673791712dab54ee4b1106760734cf896c522
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1932547,CVE-2021-37987,False,>=12.0.0 <12.2.3 >=13.0.0 <13.6.1 >=14.0.0 <14.2.1 >=15.0.0 <15.3.1 ,https://github.com/electron/electron/commit/6cc7de5c13120b24f1f89c624189327b90009003
Improper Input Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1932542,CVE-2021-37996,False,>=12.0.0 <12.2.3 >=13.0.0 <13.6.1 >=14.0.0 <14.2.1 >=15.0.0 <15.3.1 ,https://github.com/electron/electron/commit/e61cbbd13eac82e62443315fce7f57277b0e4779
Out-of-bound Write,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1932540,CVE-2021-38003,False,>=12.0.0 <12.2.3 >=13.0.0 <13.6.2 >=14.0.0 <14.2.1 ,https://github.com/electron/electron/commit/a3be71d6e7eca82558cf4a331aac476c1b2a4dff
Out-of-bounds Read,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1932545,CVE-2021-37992,False,>=12.0.0 <12.2.3 >=13.0.0 <13.6.1 >=14.0.0 <14.2.1 >=15.0.0 <15.3.1 ,https://github.com/electron/electron/commit/a83d1fe68a11b4236c1421221579739da33dc327
Cross-site Scripting (XSS),hexo,https://security.snyk.io/vuln/SNYK-JS-HEXO-1932976,CVE-2021-25987,False,<6.0.0 ,https://github.com/hexojs/hexo/pull/4743/commits/5170df2d3fa9c69e855c4b7c2b084ebfd92d5200
Malicious Package,richdocuments,https://security.snyk.io/vuln/SNYK-JS-RICHDOCUMENTS-1932565,,False,* ,n/a
Directory Traversal,@backstage/plugin-scaffolder-backend,https://security.snyk.io/vuln/SNYK-JS-BACKSTAGEPLUGINSCAFFOLDERBACKEND-1932570,CVE-2021-43783,False,<0.15.14 ,https://github.com/backstage/backstage/commit/f9352ab606367cd9efc6ff048915c70ed3013b7f
Prototype Pollution,nodebb,https://security.snyk.io/vuln/SNYK-JS-NODEBB-1932612,CVE-2021-43787,False,* ,https://github.com/NodeBB/NodeBB/commit/1783f918bc19568f421473824461ff2ed7755e4c
Improper Authentication,nodebb,https://security.snyk.io/vuln/SNYK-JS-NODEBB-1932613,CVE-2021-43786,False,* ,https://github.com/NodeBB/NodeBB/commit/04dab1d550cdebf4c1567bca9a51f8b9ca48a500
Remote Code Execution (RCE),@vue/cli,https://security.snyk.io/vuln/SNYK-JS-VUECLI-1731684,,False,<4.5.14 >=5.0.0-alpha.0 <5.0.0-beta.6 ,https://github.com/vuejs/vue-cli/commit/0266bbbfecbdb2f1709948057ffcf818de085fa3
XML External Entity (XXE) Injection,@theia/core,https://security.snyk.io/vuln/SNYK-JS-THEIACORE-1932561,CVE-2021-34436,False,>=0.1.1 <0.2.1 ,n/a
Out-of-bounds Write,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1932538,CVE-2021-37979,False,>=12.0.0 <12.2.3 >=13.0.0 <13.5.2 >=14.0.0 <14.2.0 ,https://github.com/electron/electron/commit/4b969e90bf46a32cdf131cd69aa731eb1c47ed19
Cross-site Scripting (XSS),@backstage/plugin-auth-backend,https://security.snyk.io/vuln/SNYK-JS-BACKSTAGEPLUGINAUTHBACKEND-1932526,CVE-2021-43776,False,<0.4.9 ,n/a
Cross-site Scripting (XSS),@joeattardi/emoji-button,https://security.snyk.io/vuln/SNYK-JS-JOEATTARDIEMOJIBUTTON-1932527,CVE-2021-43785,False,<4.6.2 ,https://github.com/joeattardi/emoji-button/commit/05970c09180cd27fff493e998ac5bf0468b1bb16
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1912075,CVE-2021-38002,False,>=14.0.0 <14.2.1 <13.6.2 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1912074,CVE-2021-37998,False,>=14.0.0 <14.2.1 >=13.0.0 <13.6.2 <12.2.3 ,n/a
Type Confusion,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1911949,CVE-2021-38001,True,>=14.0.0 <14.2.1 >=13.0.0 <13.6.2 <12.2.3 ,n/a
Heap-based Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1912084,CVE-2021-37979,False,>=14.0.0 <14.2.0 >=13.0.0 <13.5.2 <12.2.3 ,n/a
Cross-site Scripting (XSS),ag-grid-community,https://security.snyk.io/vuln/SNYK-JS-AGGRIDCOMMUNITY-1932011,,True,<25.2.0 ,n/a
Cross-site Scripting (XSS),@claviska/jquery-minicolors,https://security.snyk.io/vuln/SNYK-JS-CLAVISKAJQUERYMINICOLORS-1930824,,False,<2.3.6 ,https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3
Prototype Pollution,utils-copy,https://security.snyk.io/vuln/SNYK-JS-UTILSCOPY-1766956,,True,* ,n/a
Improper Certificate Validation,aws-crt,https://security.snyk.io/vuln/SNYK-JS-AWSCRT-1924900,CVE-2021-40829,False,<1.8.2 ,https://github.com/awslabs/aws-crt-java/commit/790e657e3724e1487a75cd2dfb46797e7671b43f
Improper Certificate Validation,aws-crt,https://security.snyk.io/vuln/SNYK-JS-AWSCRT-1924913,CVE-2021-40831,False,<1.9.0 ,https://github.com/awslabs/aws-crt-java/commit/790e657e3724e1487a75cd2dfb46797e7671b43f
Improper Certificate Validation,aws-crt,https://security.snyk.io/vuln/SNYK-JS-AWSCRT-1924945,CVE-2021-40828,False,<1.7.1 ,https://github.com/awslabs/aws-crt-java/commit/b6f353d8a63c5e42e24153fe45b139400c788b58
Improper Certificate Validation,aws-crt,https://security.snyk.io/vuln/SNYK-JS-AWSCRT-1924999,CVE-2021-40830,False,<1.8.2 ,https://github.com/awslabs/aws-crt-java/commit/790e657e3724e1487a75cd2dfb46797e7671b43f
Prototype Pollution,algoliasearch-helper,https://security.snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-1570421,CVE-2021-23433,True,<3.6.2 ,https://github.com/algolia/algoliasearch-helper-js/commit/4ff542b70b92a6b81cce8b9255700b0bc0817edd
Cross-site Scripting (XSS),ckeditor4,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4-1922735,CVE-2021-41164,False,<4.17.0 ,n/a
Cross-site Scripting (XSS),ckeditor4,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4-1922733,CVE-2021-41165,False,<4.17.0 ,n/a
Server-side Request Forgery (SSRF),ssrf-agent,https://security.snyk.io/vuln/SNYK-JS-SSRFAGENT-1584362,CVE-2021-23718,True,<1.0.5 ,n/a
Cross-site Scripting (XSS),@factor/plugin-forum,https://security.snyk.io/vuln/SNYK-JS-FACTORPLUGINFORUM-1921263,CVE-2021-25984,False,>=1.3.3 ,n/a
Authentication Bypass,@factor/cli,https://security.snyk.io/vuln/SNYK-JS-FACTORCLI-1921262,CVE-2021-25985,False,>=1.1.0 <3.0.1 ,n/a
Improper Verification of Source of a Communication Channel,@theia/plugin-ext,https://security.snyk.io/vuln/SNYK-JS-THEIAPLUGINEXT-1921089,CVE-2021-41038,False,<1.18.0 ,https://github.com/eclipse-theia/theia/commit/4ba87c8a4e7949e6b053e381372f8c0f6d7ef195
Regular Expression Denial of Service (ReDoS),terminal-kit,https://security.snyk.io/vuln/SNYK-JS-TERMINALKIT-1734787,,True,<2.1.8 ,https://github.com/cronvel/terminal-kit/commit/a2e446cc3927b559d0281683feb9b821e83b758c
Numeric Errors,@openzeppelin/contracts-upgradeable,https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-1921094,,False,>=4.2.0 <4.3.3 ,https://github.com/OpenZeppelin/openzeppelin-contracts/commit/70138680cf24b5af1cc345e55ea36dbaf26042a3
Numeric Errors,@openzeppelin/contracts,https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTS-1921095,,False,>=4.2.0 <4.3.3 ,https://github.com/OpenZeppelin/openzeppelin-contracts/commit/70138680cf24b5af1cc345e55ea36dbaf26042a3
Cross-site Scripting (XSS),@factor/plugin-forum,https://security.snyk.io/vuln/SNYK-JS-FACTORPLUGINFORUM-1921260,CVE-2021-25983,False,>=1.3.8 ,n/a
Cross-site Scripting (XSS),@factor/plugin-forum,https://security.snyk.io/vuln/SNYK-JS-FACTORPLUGINFORUM-1921261,CVE-2021-25982,False,>=1.3.5 ,n/a
Improper Initialization,@openzeppelin/contracts,https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTS-1920946,CVE-2021-41264,False,>=4.1.0 <4.3.2 ,https://github.com/OpenZeppelin/openzeppelin-contracts/commit/024cc50df478d2e8f78539819749e94d6df60592
Improper Initialization,@openzeppelin/contracts-upgradeable,https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-1920947,CVE-2021-41264,False,>=4.1.0 <4.3.2 ,https://github.com/OpenZeppelin/openzeppelin-contracts/commit/024cc50df478d2e8f78539819749e94d6df60592
Prototype Pollution,json-schema,https://security.snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922,CVE-2021-3918,False,<0.4.0 ,https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
Malicious Package,@xvideos/alerts,https://security.snyk.io/vuln/SNYK-JS-XVIDEOSALERTS-1920929,,False,* ,n/a
Malicious Package,@pornhub/alerts,https://security.snyk.io/vuln/SNYK-JS-PORNHUBALERTS-1920927,,False,* ,n/a
Insufficient Session Expiration,@cyyynthia/tokenize,https://security.snyk.io/vuln/SNYK-JS-CYYYNTHIATOKENIZE-1915381,,False,<1.1.3 ,https://github.com/cyyynthia/tokenize/pull/1/commits/3862864a5cf4cae2eda9de0a5a5e5688170be9ca
Regular Expression Denial of Service (ReDoS),natural,https://security.snyk.io/vuln/SNYK-JS-NATURAL-1915418,,False,<5.1.11 ,https://github.com/NaturalNode/natural/commit/90e85afb20e76560bc555d83abad3bc919388381
Cross-site Scripting (XSS),uswds,https://security.snyk.io/vuln/SNYK-JS-USWDS-1656800,,False,<2.12.2 ,https://github.com/uswds/uswds/commit/b79048c772638600957f93105c9651a8f57a70d3
Regular Expression Denial of Service (ReDoS),uglify-js,https://security.snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251,,False,<3.14.3 ,https://github.com/mishoo/UglifyJS/commit/157521066fc43cff2feab7ffc1ecea603617606b
Improper Verification of Cryptographic Signature,starkbank-ecdsa,https://security.snyk.io/vuln/SNYK-JS-STARKBANKECDSA-1913038,,False,<1.1.3 ,https://github.com/starkbank/ecdsa-dotnet/commit/d78a6c0d80dbf55229f768faa967f14519b9dddd
Cross-site Scripting (XSS),apollo-server,https://security.snyk.io/vuln/SNYK-JS-APOLLOSERVER-1912891,CVE-2021-41249,False,<2.25.3 >=3.0.0 <3.4.1 ,n/a
Cross-site Scripting (XSS),graphql-playground-react,https://security.snyk.io/vuln/SNYK-JS-GRAPHQLPLAYGROUNDREACT-1913042,CVE-2021-41249,False,<1.7.28 ,n/a
Cross-site Scripting (XSS),apostrophe,https://security.snyk.io/vuln/SNYK-JS-APOSTROPHE-1912880,CVE-2021-25978,False,>=2.63.0 <3.4.0 ,https://github.com/apostrophecms/apostrophe/commit/c8b94ee9c79468f1ce28e31966cb0e0839165e59
Cross-site Scripting (XSS),gethue,https://security.snyk.io/vuln/SNYK-JS-GETHUE-1912878,CVE-2021-32481,False,<4.10.1 ,https://github.com/cloudera/hue/commit/87defd31d7ec5c7552e414649aa442f75b5a1230
Insufficient Session Expiration,apostrophe,https://security.snyk.io/vuln/SNYK-JS-APOSTROPHE-1912882,CVE-2021-25979,False,>=2.63.0 <3.4.0 ,https://github.com/apostrophecms/apostrophe/commit/c211b211f9f4303a77a307cf41aac9b4ef8d2c7c
Information Exposure,@sap-cloud-sdk/core,https://security.snyk.io/vuln/SNYK-JS-SAPCLOUDSDKCORE-1912613,CVE-2021-41251,False,<1.52.0 ,n/a
Directory Traversal,nodebb,https://security.snyk.io/vuln/SNYK-JS-NODEBB-1912652,CVE-2021-43788,False,* ,https://github.com/NodeBB/NodeBB/commit/c8b2fc46dc698db687379106b3f01c71b80f495f
Cross-site Scripting (XSS),graphiql,https://security.snyk.io/vuln/SNYK-JS-GRAPHIQL-1912088,CVE-2021-41248,False,>=0.5.0 <1.4.7 ,https://github.com/graphql/graphiql/commit/cb237eeeaf7333c4954c752122261db7520f7bf4
Information Exposure,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1912085,CVE-2021-37976,False,>=14.0.0 <14.2.0 >=13.0.0 <13.5.2 <12.2.2 ,n/a
Heap-based Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1912082,CVE-2021-37978,False,>=14.0.0 <14.2.0 <13.5.2 ,n/a
Arbitrary Code Execution,obsidian-dataview,https://security.snyk.io/vuln/SNYK-JS-OBSIDIANDATAVIEW-1912069,CVE-2021-42057,True,* ,n/a
Malicious Package,coa,https://security.snyk.io/vuln/SNYK-JS-COA-1911118,,False,>2.0.2 ,n/a
Malicious Package,rc,https://security.snyk.io/vuln/SNYK-JS-RC-1911120,,False,>1.2.8 ,n/a
Cross-site Scripting (XSS),@grafana/data,https://security.snyk.io/vuln/SNYK-JS-GRAFANADATA-1910932,CVE-2021-41174,False,<8.2.3 ,https://github.com/grafana/grafana/commit/31b78d51c693d828720a5b285107a50e6024c912
Cross-site Scripting (XSS),nbdime-jupyterlab,https://security.snyk.io/vuln/SNYK-JS-NBDIMEJUPYTERLAB-1910929,CVE-2021-41134,False,<1.0.1 >=2.0.0 <2.1.1 ,https://github.com/jupyter/nbdime/commit/e44a5cc7677f24b45ebafc756db49058c2f750ea
Cross-site Scripting (XSS),nbdime,https://security.snyk.io/vuln/SNYK-JS-NBDIME-1910928,CVE-2021-41134,False,<5.0.2 >=6.0.0 <6.1.2 ,https://github.com/jupyter/nbdime/commit/e44a5cc7677f24b45ebafc756db49058c2f750ea
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1910985,CVE-2021-37975,False,>=14.0.0 <14.1.1 >=13.0.0 <13.5.2 <12.2.2 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1910987,CVE-2021-37970,False,>=14.0.0 <14.1.1 >=13.0.0 <13.5.2 <12.2.2 ,n/a
Exposure of Resource to Wrong Sphere,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1910988,CVE-2021-37968,False,>=14.0.0 <14.1.1 >=13.0.0 <13.5.2 <12.2.2 ,n/a
Improper Access Control,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1910991,CVE-2021-37967,False,>=14.0.0 <14.1.1 >=13.0.0 <13.5.2 <12.2.2 ,n/a
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/SNYK-JS-TINYMCE-1910225,,False,<5.10.0 ,https://github.com/tinymce/tinymce/commit/4b3b0ddfe915a266432acfe23c3653c98b60edfb#diff-5b33cb2dbd28b63194e7b666bbcf9b6367a177fe3b88898d746bacbb5049bfe7
Cross-site Scripting (XSS),tempura,https://security.snyk.io/vuln/SNYK-JS-TEMPURA-1569633,CVE-2021-23784,True,<0.4.0 ,https://github.com/lukeed/tempura/commit/58a5c3671e2f36b26810e77ead9e0dd471902f9b
Prototype Pollution,jsonpointer,https://security.snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288,CVE-2021-23807,True,<5.0.0 ,https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4
Prototype Pollution,json-ptr,https://security.snyk.io/vuln/SNYK-JS-JSONPTR-1577291,CVE-2021-23509,True,<3.0.0 ,https://github.com/flitbit/json-ptr/commit/5dc458fbad1c382a2e3ca6d62e66ede3d92849ca
Prototype Pollution,json-pointer,https://security.snyk.io/vuln/SNYK-JS-JSONPOINTER-1577287,CVE-2021-23820,True,* ,n/a
Prototype Pollution,dotty,https://security.snyk.io/vuln/SNYK-JS-DOTTY-1577292,CVE-2021-23624,True,<0.1.2 ,https://github.com/deoxxa/dotty/commit/88f61860dcc274a07a263c32cbe9d44c24ef02d7
Cross-site Scripting (XSS),bootstrap-table,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597,CVE-2021-23472,True,<1.19.1 ,https://github.com/wenzhixin/bootstrap-table/commit/8a46a228b3ffb0b5f4123d46830bd216b9c51bf1
Prototype Pollution,@brikcss/merge,https://security.snyk.io/vuln/SNYK-JS-BRIKCSSMERGE-1727594,,True,* ,n/a
Sandbox Bypass,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1731315,CVE-2021-37980,True,<12.2.2 >=13.0.0 <13.5.2 >=14.0.0 <14.2.0 ,n/a
Arbitrary Code Execution,docker-cli-js,https://security.snyk.io/vuln/SNYK-JS-DOCKERCLIJS-1568516,CVE-2021-23732,True,* ,n/a
Remote Code Execution (RCE),aaptjs,https://security.snyk.io/vuln/SNYK-JS-AAPTJS-1769273,CVE-2020-36381,False,* ,n/a
Access Control Bypass,portainer,https://security.snyk.io/vuln/SNYK-JS-PORTAINER-1769215,CVE-2021-41874,False,* ,n/a
Cross-site Scripting (XSS),froala-editor,https://security.snyk.io/vuln/SNYK-JS-FROALAEDITOR-1768466,CVE-2020-22864,False,* ,n/a
Regular Expression Denial of Service (ReDoS),ramda,https://security.snyk.io/vuln/SNYK-JS-RAMDA-1582370,,False,<0.27.2 ,https://github.com/ramda/ramda/commit/37af6ae2ca8b94656996dd27fb0a1f208d69134e
Malicious Package,noblox.js-proxy,https://security.snyk.io/vuln/SNYK-JS-NOBLOXJSPROXY-1767970,,False,* ,n/a
Malicious Package,noblox.js-proxies,https://security.snyk.io/vuln/SNYK-JS-NOBLOXJSPROXIES-1767971,,False,* ,n/a
Cross-site Scripting (XSS),jquery-ui,https://security.snyk.io/vuln/SNYK-JS-JQUERYUI-1767175,CVE-2021-41184,False,<1.13.0 ,https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
Cross-site Scripting (XSS),jquery-ui,https://security.snyk.io/vuln/SNYK-JS-JQUERYUI-1767167,CVE-2021-41182,False,<1.13.0 ,https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce
Cross-site Scripting (XSS),jquery-ui,https://security.snyk.io/vuln/SNYK-JS-JQUERYUI-1767767,CVE-2021-41183,False,<1.13.0 ,n/a
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/SNYK-JS-TINYMCE-1766967,,False,<5.9.0 ,https://github.com/tinymce/tinymce/commit/6cb9c736550cf973d1b8f81cf509c7961167c229
Regular Expression Denial of Service (ReDoS),conventional-commits-parser,https://security.snyk.io/vuln/SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960,,False,<3.2.3 ,https://github.com/conventional-changelog/conventional-changelog/commit/c696fa35f93e0ee13728d6cf1221587ac6386311
Cross-site Scripting (XSS),pekeupload,https://security.snyk.io/vuln/SNYK-JS-PEKEUPLOAD-1584360,CVE-2021-23673,True,* ,n/a
Embedded Malicious Code,ua-parser-js,https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-1766952,,False,>=1.0.0 <1.0.1 >=0.8.0 <0.8.1 >=0.7.29 <0.7.30 ,n/a
Remote Code Execution (RCE),shell-quote,https://security.snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506,CVE-2021-42740,False,<1.7.3 ,https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe
Uncontrolled Resource Consumption,modern-async,https://security.snyk.io/vuln/SNYK-JS-MODERNASYNC-1765269,CVE-2021-41167,False,<1.0.4 ,https://github.com/nicolas-van/modern-async/commit/0010d28de1b15d51db3976080e26357fa7144436
Malicious Package,klow,https://security.snyk.io/vuln/SNYK-JS-KLOW-1765659,,False,* ,n/a
Malicious Package,klown,https://security.snyk.io/vuln/SNYK-JS-KLOWN-1765660,,False,* ,n/a
Malicious Package,okhsa,https://security.snyk.io/vuln/SNYK-JS-OKHSA-1765658,,False,* ,n/a
Cross-site Request Forgery (CSRF),kindeditor,https://security.snyk.io/vuln/SNYK-JS-KINDEDITOR-1759449,CVE-2021-42228,False,* ,n/a
Regular Expression Denial of Service (ReDoS),xss,https://security.snyk.io/vuln/SNYK-JS-XSS-1584355,,False,<1.0.10 ,https://github.com/leizongmin/js-xss/commit/699acdea7d6b2910bab6f9e95992dd9e99bef1de
Insecure Randomness,otp-generator,https://security.snyk.io/vuln/SNYK-JS-OTPGENERATOR-1655480,CVE-2021-23451,False,<3.0.0 ,https://github.com/Maheshkumar-Kakade/otp-generator/commit/b27de1ce439ae7f533cec26677e9698671275b70
Remote Code Execution (RCE),git,https://security.snyk.io/vuln/SNYK-JS-GIT-1568518,CVE-2021-23632,True,* ,n/a
Prototype Pollution,x-assign,https://security.snyk.io/vuln/SNYK-JS-XASSIGN-1759314,CVE-2021-23452,True,* ,n/a
Directory Traversal,@backstage/plugin-scaffolder-backend,https://security.snyk.io/vuln/SNYK-JS-BACKSTAGEPLUGINSCAFFOLDERBACKEND-1759309,CVE-2021-41151,False,>=0.9.4 <0.15.9 ,https://github.com/backstage/backstage/commit/5ea950075d6bce2b44fa18948b5b2113a1a4298c
Cross-site Scripting (XSS),kindeditor,https://security.snyk.io/vuln/SNYK-JS-KINDEDITOR-1734691,CVE-2021-42227,False,* ,n/a
Sandbox Bypass,vm2,https://security.snyk.io/vuln/SNYK-JS-VM2-1585918,CVE-2021-23449,True,<3.9.4 ,https://github.com/patriksimek/vm2/commit/b4f6e2bd2c4a1ef52fc4483d8e35f28bc4481886
Denial of Service (DoS),uppy,https://security.snyk.io/vuln/SNYK-JS-UPPY-1734764,,False,<1.26.1 ,https://github.com/transloadit/uppy/commit/65297810bb5a9ac76172eddfedf89c93b586907c
Improper Input Validation,class-validator,https://security.snyk.io/vuln/SNYK-JS-CLASSVALIDATOR-1730566,CVE-2019-18413,True,* ,n/a
Open Redirect,fastify-static,https://security.snyk.io/vuln/SNYK-JS-FASTIFYSTATIC-1730571,CVE-2021-22964,False,>=4.2.4 <4.4.1 ,https://github.com/fastify/fastify-static/commit/c31f17d107cb19a0e96733c80a9abf16c56166d4
Information Exposure,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1730574,CVE-2021-39184,False,>=10.1.0 <11.5.0 >=12.0.0-beta.1 <12.1.0 >=13.0.0-beta.2 <13.3.0 >=14.0.0-beta.1 <14.0.0 >=15.0.0-alpha.1 <15.0.0-alpha.10 ,https://github.com/electron/electron/pull/30728/commits/8fed645bd671f359ee52d806c075ec4e07eda17f
Directory Traversal,@redocly/openapi-cli,https://security.snyk.io/vuln/SNYK-JS-REDOCLYOPENAPICLI-1730576,,False,<1.0.0-beta.59 ,https://github.com/Redocly/openapi-cli/commit/69a1580bc732128a20c62d6150801f4cc1f8c755
HTTP Request Smuggling,llhttp,https://security.snyk.io/vuln/SNYK-JS-LLHTTP-1734682,CVE-2021-22960,False,* ,https://github.com/nodejs/node/commit/21a2e554e3eaa325abbdb28f366928d0ccc0a0f0
HTTP Request Smuggling,llhttp,https://security.snyk.io/vuln/SNYK-JS-LLHTTP-1734686,CVE-2021-22959,False,* ,https://github.com/nodejs/node/commit/21a2e554e3eaa325abbdb28f366928d0ccc0a0f0
Inadequate Encryption Strength,keypair,https://security.snyk.io/vuln/SNYK-JS-KEYPAIR-1730326,CVE-2021-41117,False,<1.0.4 ,https://github.com/juliangruber/keypair/commit/9596418d3363d3e757676c0b6a8f2d35a9d1cb18
Regular Expression Denial of Service (ReDoS),prompts,https://security.snyk.io/vuln/SNYK-JS-PROMPTS-1729737,CVE-2021-3868,True,<2.4.2 ,n/a
Prototype Pollution,config-handler,https://security.snyk.io/vuln/SNYK-JS-CONFIGHANDLER-1564947,CVE-2021-23448,False,* ,n/a
Cross-site Scripting (XSS),teddy,https://security.snyk.io/vuln/SNYK-JS-TEDDY-1579557,CVE-2021-23447,True,<0.5.9 ,n/a
Open Redirect,fastify-static,https://security.snyk.io/vuln/SNYK-JS-FASTIFYSTATIC-1728398,CVE-2021-22963,False,<4.2.4 ,https://github.com/fastify/fastify-static/commit/861e0e9b77cf83d0bd76c6cddac0149d0a769bdb
Improper Authentication,parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-1727337,CVE-2021-41109,False,<4.10.4 ,https://github.com/parse-community/parse-server/commit/4ac4b7f71002ed4fbedbb901db1f6ed1e9ac5559
Improper Input Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1727344,CVE-2021-37973,False,>=13.0.0 <13.5.1 <12.2.1 ,n/a
Improper Input Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1727342,CVE-2021-37960,False,>=14.0.0 <14.1.0 >=13.0.0 <13.5.1 <12.2.1 ,n/a
Out-of-Bounds,hermes-engine,https://security.snyk.io/vuln/SNYK-JS-HERMESENGINE-1727253,CVE-2020-1915,False,<0.8.0 ,n/a
Cross-site Scripting (XSS),kindeditor,https://security.snyk.io/vuln/SNYK-JS-KINDEDITOR-1726913,CVE-2021-30086,False,* ,n/a
Cross-site Scripting (XSS),kindeditor,https://security.snyk.io/vuln/SNYK-JS-KINDEDITOR-1726916,CVE-2021-37267,False,* ,n/a
Regular Expression Denial of Service (ReDoS),handsontable,https://security.snyk.io/vuln/SNYK-JS-HANDSONTABLE-1726770,CVE-2021-23446,False,<10.0.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1656743,CVE-2021-30633,False,>=13.0.0 <13.5.0 <12.2.0 ,n/a
Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1656742,CVE-2021-30628,False,>=13.0.0 <13.5.0 <12.2.0 ,n/a
Out-of-Bounds,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1656745,CVE-2021-30626,False,>=13.0.0 <13.5.0 <12.2.0 ,n/a
Access Restriction Bypass,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1656746,CVE-2021-30630,False,>=13.0.0 <13.5.0 <12.2.0 ,n/a
Type Confusion,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1656752,CVE-2021-30631,False,>=13.0.0 <13.5.0 <12.2.0 ,n/a
Type Confusion,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1586050,CVE-2021-30627,False,>=13.0.0 <13.5.0 <12.2.0 ,n/a
Out-of-Bounds,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1585619,CVE-2021-30632,True,>=13.0.0 <13.5.0 <12.1.2 ,n/a
Regular Expression Denial of Service (ReDoS),jsoneditor,https://security.snyk.io/vuln/SNYK-JS-JSONEDITOR-1726760,CVE-2021-3822,False,<9.5.6 ,https://github.com/josdejong/jsoneditor/commit/092e386cf49f2a1450625617da8e0137ed067c3e
Regular Expression Denial of Service (ReDoS),i,https://security.snyk.io/vuln/SNYK-JS-I-1726768,CVE-2021-3820,False,<0.3.7 ,https://github.com/pksunkara/inflect/commit/a9a0a8e9561c3487854c7cae42565d9652ec858b
Cross-site Scripting (XSS),datatables.net,https://security.snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544,CVE-2021-23445,True,<1.11.3 ,https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b
Access Restriction Bypass,ghost,https://security.snyk.io/vuln/SNYK-JS-GHOST-1658293,,False,>=4.0.0 <4.15.1 >=3.18.0 <3.42.6 ,https://github.com/TryGhost/Ghost/commit/b6be89a44f19ab96be9768da9c2dec57deb6596b
Code Injection,@asyncapi/modelina,https://security.snyk.io/vuln/SNYK-JS-ASYNCAPIMODELINA-1657554,,True,* ,n/a
Command Injection,ssh2,https://security.snyk.io/vuln/SNYK-JS-SSH2-1656673,CVE-2020-26301,False,<1.0.0 ,https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21
Command Injection,ghost,https://security.snyk.io/vuln/SNYK-JS-GHOST-1656670,,False,<4.15.0 ,https://github.com/TryGhost/Ghost/commit/93e4b2eafd18bc8e4c17924e0824e73617e7940c
Buffer Overflow,bento4,https://security.snyk.io/vuln/SNYK-JS-BENTO4-1656628,CVE-2021-32265,False,* ,n/a
Prototype Pollution,jointjs,https://security.snyk.io/vuln/SNYK-JS-JOINTJS-1579578,CVE-2021-23444,True,<3.4.2 ,https://github.com/clientIO/joint/commit/e5bf89efef6d5ea572d66870ffd86560de7830a8
Cross-site Scripting (XSS),edge.js,https://security.snyk.io/vuln/SNYK-JS-EDGEJS-1579556,CVE-2021-23443,True,<5.3.2 ,https://github.com/edge-js/edge/commit/fa2c7fde86327aeae232752e89a6e37e2e469e21
Prototype Pollution,zrender,https://security.snyk.io/vuln/SNYK-JS-ZRENDER-1586253,CVE-2021-39227,False,<5.2.1 ,n/a
Cross-site Scripting (XSS),materialize-css,https://security.snyk.io/vuln/SNYK-JS-MATERIALIZECSS-1586258,CVE-2019-11004,True,* ,n/a
Regular Expression Denial of Service (ReDoS),ethers,https://security.snyk.io/vuln/SNYK-JS-ETHERS-1586048,,True,>=5.2.0 <5.4.7 ,https://github.com/ethers-io/ethers.js/commit/32a6b2a362815eb85ce3f3abad5adf92f2b80e10
Regular Expression Denial of Service (ReDoS),code-server,https://security.snyk.io/vuln/SNYK-JS-CODESERVER-1586034,CVE-2021-3810,False,<3.12.0 ,https://github.com/cdr/code-server/commit/ca617df135e78833f93c8320cb2d2cf8bba809f5
Regular Expression Denial of Service (ReDoS),nth-check,https://security.snyk.io/vuln/SNYK-JS-NTHCHECK-1586032,CVE-2021-3803,False,<2.0.1 ,https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726
Man-in-the-Middle (MitM),matrix-js-sdk,https://security.snyk.io/vuln/SNYK-JS-MATRIXJSSDK-1586045,CVE-2021-40823,False,<12.4.1 ,https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9
Regular Expression Denial of Service (ReDoS),stylelint,https://security.snyk.io/vuln/SNYK-JS-STYLELINT-1585622,,False,<14.0.0 ,https://github.com/stylelint/stylelint/commit/92e506820d13ad48b78d742eeb7328b3c33b2e4f
Regular Expression Denial of Service (ReDoS),semver-regex,https://security.snyk.io/vuln/SNYK-JS-SEMVERREGEX-1585624,CVE-2021-3795,True,<3.1.3 ,https://github.com/sindresorhus/semver-regex/commit/11c66245f4e1976dccc52977ed183696a21a3fd7
Improper Input Validation,@openzeppelin/contracts-upgradeable,https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-1585626,,False,>=4.1.0 <4.3.2 ,n/a
Improper Input Validation,@openzeppelin/contracts,https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTS-1585627,,False,>=4.1.0 <4.3.2 ,n/a
Regular Expression Denial of Service (ReDoS),taro,https://security.snyk.io/vuln/SNYK-JS-TARO-1585633,CVE-2021-3804,True,* ,https://github.com/NervJS/taro/commit/acadb6c826ba57f2030a626f1de4f7b4608fcdb5
Prototype Pollution,@cookiex/deep,https://security.snyk.io/vuln/SNYK-JS-COOKIEXDEEP-1582793,CVE-2021-23442,True,* ,https://github.com/tony-tsx/cookiex-deep/commit/b5bea2b7f34a5fa9abb4446cbd038ecdbcd09c88
Prototype Pollution,object-path,https://security.snyk.io/vuln/SNYK-JS-OBJECTPATH-1585658,CVE-2021-3805,False,>=0.11.0 <0.11.8 ,https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884
Regular Expression Denial of Service (ReDoS),@vuelidate/validators,https://security.snyk.io/vuln/SNYK-JS-VUELIDATEVALIDATORS-1585154,CVE-2021-3794,True,<2.0.0-alpha.22 ,https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d
Regular Expression Denial of Service (ReDoS),tmpl,https://security.snyk.io/vuln/SNYK-JS-TMPL-1583443,CVE-2021-3777,True,<1.0.5 ,https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6
Regular Expression Denial of Service (ReDoS),prismjs,https://security.snyk.io/vuln/SNYK-JS-PRISMJS-1585202,CVE-2021-3801,True,<1.25.0 ,https://github.com/PrismJS/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9
Malicious Package,code-oss-dev,https://security.snyk.io/vuln/SNYK-JS-CODEOSSDEV-1585137,,False,* ,n/a
Malicious Package,accessibility-insights-web,https://security.snyk.io/vuln/SNYK-JS-ACCESSIBILITYINSIGHTSWEB-1585215,,False,* ,n/a
Information Exposure,matrix-js-sdk,https://security.snyk.io/vuln/SNYK-JS-MATRIXJSSDK-1584628,CVE-2021-40823,False,<12.4.1 ,https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9
Regular Expression Denial of Service (ReDoS),semver-regex,https://security.snyk.io/vuln/SNYK-JS-SEMVERREGEX-1584358,,False,>=4.0.0 <4.0.1 <3.1.3 ,https://github.com/sindresorhus/semver-regex/commit/11c66245f4e1976dccc52977ed183696a21a3fd7
Regular Expression Denial of Service (ReDoS),colors-cli,https://security.snyk.io/vuln/SNYK-JS-COLORSCLI-1584218,,True,<1.0.28 ,https://github.com/jaywcjlove/colors-cli/commit/78ee15ba9111ddee1cc0640ccd79369525bd57b8
Regular Expression Denial of Service (ReDoS),ansi-regex,https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908,CVE-2021-3807,True,>=6.0.0 <6.0.1 >2.1.1 <5.0.1 ,https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
Prototype Pollution,body-parser-xml,https://security.snyk.io/vuln/SNYK-JS-BODYPARSERXML-1584211,CVE-2021-3666,True,<2.0.3 ,n/a
Prototype Pollution,set-value,https://security.snyk.io/vuln/SNYK-JS-SETVALUE-1540541,CVE-2021-23440,True,>=3.0.0 <4.0.1 <2.0.1 ,https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452
Prototype Pollution,@viking04/merge,https://security.snyk.io/vuln/SNYK-JS-VIKING04MERGE-1584118,CVE-2021-3645,False,<1.0.2 ,https://github.com/viking04/merge/commit/baba40332080b38b33840d2614df6d4142dedaf6
Unsafe Dependency Resolution,parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-1583451,,False,>=4.6.0 <4.10.0 >=4.0.3 <4.1.0 >=4.0.0-beta1 <4.0.2 ,n/a
Cross-site Scripting (XSS),remark-html,https://security.snyk.io/vuln/SNYK-JS-REMARKHTML-1583433,CVE-2021-39199,False,>=14.0.0 <14.0.1 <13.0.2 ,https://github.com/remarkjs/remark-html/commit/b75c9dde582ad87ba498e369c033dc8a350478c1
Command Injection,rebber,https://security.snyk.io/vuln/SNYK-JS-REBBER-1583439,,True,<5.2.1 ,https://github.com/zestedesavoir/zmarkdown/commit/db3fd70576028364e7168b3aec8600cf80b7a111
Directory Traversal,gun,https://security.snyk.io/vuln/SNYK-JS-GUN-1583448,,True,<0.2019.416 ,n/a
Prototype Pollution,objection,https://security.snyk.io/vuln/SNYK-JS-OBJECTION-1582910,CVE-2021-3766,True,<3.0.0-alpha.5 ,https://github.com/vincit/objection.js/commit/b41aab8dcd78f426f7468dcda541a7aca18a66a6
Cross-site Scripting (XSS),file-upload-with-preview,https://security.snyk.io/vuln/SNYK-JS-FILEUPLOADWITHPREVIEW-1579492,CVE-2021-23439,False,<4.2.0 ,https://github.com/johndatserakis/file-upload-with-preview/pull/40/files?file-filters%5B%5D=.js&hide-deleted-files=true#diff-fe47b243de17419c0daa22cd785cd754baed60cf3679d3da1d6fe006f9f4a7f0R174
Arbitrary Code Execution,@theia/mini-browser,https://security.snyk.io/vuln/SNYK-JS-THEIAMINIBROWSER-1582379,CVE-2021-34435,False,>=0.3.9 <1.9.0 ,https://github.com/eclipse-theia/theia/commit/0761dcf5fe3c14c27432683d42d2c526ad0cfbd5
Denial of Service (DoS),parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-1582380,CVE-2021-39187,False,<4.10.3 ,https://github.com/parse-community/parse-server/commit/308668c89474223e2448be92d6823b52c1c313ec
Directory Traversal,atlasboard,https://security.snyk.io/vuln/SNYK-JS-ATLASBOARD-1582381,CVE-2021-39109,False,<1.1.9 ,n/a
Prototype Pollution,mpath,https://security.snyk.io/vuln/SNYK-JS-MPATH-1577289,CVE-2021-23438,True,<0.8.4 ,https://github.com/aheckmann/mpath/commit/89402d2880d4ea3518480a8c9847c541f2d824fc
Improper Control of Resources,detect-character-encoding,https://security.snyk.io/vuln/SNYK-JS-DETECTCHARACTERENCODING-1579267,CVE-2021-39176,True,<0.3.1 ,https://github.com/sonicdoe/detect-character-encoding/commit/d44356927b92e3b13e178071bf6d7c671766f588
Regular Expression Denial of Service (ReDoS),axios,https://security.snyk.io/vuln/SNYK-JS-AXIOS-1579269,CVE-2021-3749,True,<0.21.3 ,https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929
Prototype Pollution,immer,https://security.snyk.io/vuln/SNYK-JS-IMMER-1540542,CVE-2021-23436,True,<9.0.6 ,https://github.com/immerjs/immer/commit/fa671e55ee9bd42ae08cc239102b665a23958237
Arbitrary File Write,tar,https://security.snyk.io/vuln/SNYK-JS-TAR-1579147,CVE-2021-37701,False,>=6.0.0 <6.1.7 >=5.0.0 <5.0.8 <4.4.16 ,https://github.com/npm/node-tar/commit/53602669f58ddbeb3294d7196b3320aaaed22728
Arbitrary File Write,tar,https://security.snyk.io/vuln/SNYK-JS-TAR-1579152,CVE-2021-37712,False,>=6.0.0 <6.1.9 >=5.0.0 <5.0.10 <4.4.18 ,https://github.com/npm/node-tar/commit/b6162c7fafe797f856564ef37f4b82747f051455
Arbitrary File Write,tar,https://security.snyk.io/vuln/SNYK-JS-TAR-1579155,CVE-2021-37713,False,>=6.0.0 <6.1.9 >=5.0.0 <5.0.10 <4.4.18 ,https://github.com/npm/node-tar/commit/875a37e3ec031186fc6599f6807341f56c584598
Arbitrary File Write,@npmcli/arborist,https://security.snyk.io/vuln/SNYK-JS-NPMCLIARBORIST-1579165,CVE-2021-39134,False,<2.8.2 ,https://github.com/npm/arborist/commit/041a3c710c2a6fbf644fc2c1119f7f0f440ffadd
Arbitrary File Write,@npmcli/arborist,https://security.snyk.io/vuln/SNYK-JS-NPMCLIARBORIST-1579181,CVE-2021-39135,False,<2.8.2 ,https://github.com/npm/arborist/commit/f2b0ceebfe94123f162c3652af46f9c4c473cc36
Cross-site Scripting (XSS),next,https://security.snyk.io/vuln/SNYK-JS-NEXT-1577139,CVE-2021-39178,False,>=10.0.0 <11.1.1 ,https://github.com/vercel/next.js/commit/7afc97c5744b38bdf36aa7f87625f438224688aa
Denial of Service (DoS),passport-saml,https://security.snyk.io/vuln/SNYK-JS-PASSPORTSAML-1570714,CVE-2021-39171,False,<3.1.0 ,n/a
Prototype Pollution,object-path,https://security.snyk.io/vuln/SNYK-JS-OBJECTPATH-1569453,CVE-2021-23434,True,<0.11.6 ,https://github.com/mariocasciaro/object-path/commit/7bdf4abefd102d16c163d633e8994ef154cab9eb
Privilege Escalation,@openzeppelin/contracts,https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTS-1570170,CVE-2021-39167,False,>=4.0.0-beta.0 <4.3.1 <3.4.2 ,https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5
Privilege Escalation,@openzeppelin/contracts-upgradeable,https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTSUPGRADEABLE-1570169,CVE-2021-39168,False,>=4.0.0-beta.0 <4.3.1 <3.4.2 ,https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5
Denial of Service (DoS),detect-character-encoding,https://security.snyk.io/vuln/SNYK-JS-DETECTCHARACTERENCODING-1569483,CVE-2021-39157,False,<0.7.0 ,https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a
Denial of Service (DoS),ced,https://security.snyk.io/vuln/SNYK-JS-CED-1569192,CVE-2021-39131,True,<1.0.0 ,https://github.com/sonicdoe/ced/commit/a4d9f10b6bf1cd468d1a5b9a283cdf437f8bb7b3
Directory Traversal,startserver,https://security.snyk.io/vuln/SNYK-JS-STARTSERVER-1296388,CVE-2021-23430,True,* ,n/a
Cross-site Request Forgery (CSRF),joplin,https://security.snyk.io/vuln/SNYK-JS-JOPLIN-1325537,CVE-2021-23431,False,<2.3.2 ,https://github.com/laurent22/joplin/commit/19b45de2981c09f6f387498ef96d32b4811eba5e
Denial of Service (DoS),transpile,https://security.snyk.io/vuln/SNYK-JS-TRANSPILE-1290774,CVE-2021-23429,True,* ,n/a
Prototype Pollution,mootools,https://security.snyk.io/vuln/SNYK-JS-MOOTOOLS-1325536,CVE-2021-23432,True,* ,n/a
Remote Code Execution (RCE),pac-resolver,https://security.snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857,CVE-2021-23406,True,<5.0.0 ,https://github.com/TooTallNate/node-degenerator/commit/ccc3445354135398b6eb1a04c7d27c13b833f2d5
Information Exposure,parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-1567777,CVE-2021-39138,False,<4.5.1 ,https://github.com/parse-community/parse-server/commit/147bd9a3dc43391e92c36e05d5db860b04ca27db
Prototype Pollution,proto,https://security.snyk.io/vuln/SNYK-JS-PROTO-1316301,CVE-2021-23426,True,* ,n/a
Command Injection,@diez/generation,https://security.snyk.io/vuln/SNYK-JS-DIEZGENERATION-1566823,CVE-2021-32830,True,* ,n/a
Regular Expression Denial of Service (ReDoS),string-kit,https://security.snyk.io/vuln/SNYK-JS-STRINGKIT-1567201,,False,<0.12.8 ,https://github.com/cronvel/string-kit/commit/9cac4c298ee92c1695b0695951f1488884a7ca73
Prototype Pollution,ioredis,https://security.snyk.io/vuln/SNYK-JS-IOREDIS-1567196,,True,<4.27.8 ,https://github.com/luin/ioredis/commit/7d73b9d07b52ec077f235292aa15c7aca203bba9
Regular Expression Denial of Service (ReDoS),ansi-html,https://security.snyk.io/vuln/SNYK-JS-ANSIHTML-1296849,CVE-2021-23424,True,* ,n/a
Regular Expression Denial of Service (ReDoS),trim-off-newlines,https://security.snyk.io/vuln/SNYK-JS-TRIMOFFNEWLINES-1296850,CVE-2021-23425,True,<1.0.3 ,https://github.com/stevemao/trim-off-newlines/commit/6226c958cbbac284a840010eb1f6617fb99a5645
Information Exposure,hbs,https://security.snyk.io/vuln/SNYK-JS-HBS-1566555,CVE-2021-32822,True,* ,n/a
Cross-site Scripting (XSS),ckeditor4,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4-1540867,CVE-2021-32809,False,<4.16.2 ,https://github.com/ckeditor/ckeditor4/commit/f6856decd5992b2b07945292416bb113d5f7ff82
Cross-site Scripting (XSS),ckeditor4,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4-1540865,CVE-2021-37695,False,<4.16.2 ,https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58
Cross-site Scripting (XSS),ckeditor4,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4-1540869,CVE-2021-32808,False,<4.16.2 ,https://github.com/ckeditor/ckeditor4/commit/0cb59313c834c94cec4c4d4c114b6ecb0270e21a
Cross-site Scripting (XSS),@github/paste-markdown,https://security.snyk.io/vuln/SNYK-JS-GITHUBPASTEMARKDOWN-1540863,CVE-2021-37700,False,<0.3.4 ,https://github.com/github/paste-markdown/commit/4bb7b1a9c8bbd4bef26953e7e9088b5917b0c0c6
Cross-site Request Forgery (CSRF),express-cart,https://security.snyk.io/vuln/SNYK-JS-EXPRESSCART-1540669,CVE-2020-22403,False,<1.1.11 ,https://github.com/mrvautin/expressCart/commit/cd3ba1bc609c2f2946bfbc7ee2fccf3483eb71fb
Open Redirect,next,https://security.snyk.io/vuln/SNYK-JS-NEXT-1540422,CVE-2021-37699,False,<11.1.0 ,n/a
Arbitrary Code Injection,@asyncapi/java-spring-cloud-stream-template,https://security.snyk.io/vuln/SNYK-JS-ASYNCAPIJAVASPRINGCLOUDSTREAMTEMPLATE-1540471,CVE-2021-37694,False,<0.7.0 ,n/a
Prototype Pollution,merge-change,https://security.snyk.io/vuln/SNYK-JS-MERGECHANGE-1310985,CVE-2021-23421,False,* ,n/a
Access Restriction Bypass,serverless-offline,https://security.snyk.io/vuln/SNYK-JS-SERVERLESSOFFLINE-1540299,CVE-2021-38384,False,* ,n/a
Improper Input Validation,@liquity/contracts,https://security.snyk.io/vuln/SNYK-JS-LIQUITYCONTRACTS-1536792,,False,* ,n/a
Command Injection,@npmcli/git,https://security.snyk.io/vuln/SNYK-JS-NPMCLIGIT-1536784,,False,<2.0.8 ,n/a
Server-Side Request Forgery (SSRF),terriajs-server,https://security.snyk.io/vuln/SNYK-JS-TERRIAJSSERVER-1536742,,False,<2.7.4 ,https://github.com/TerriaJS/terriajs-server/commit/3cbc48475f50a53962f605491d0e60648a29bdf0
Regular Expression Denial of Service (ReDoS),tar,https://security.snyk.io/vuln/SNYK-JS-TAR-1536758,,False,>=6.0.0 <6.1.4 >=5.0.0 <5.0.8 <4.4.16 ,https://github.com/npm/node-tar/commit/06cbde5935aa7643f578f874de84a7da2a74fe3a
Prototype Pollution,open-graph,https://security.snyk.io/vuln/SNYK-JS-OPENGRAPH-1536747,CVE-2021-23419,True,<0.2.6 ,https://github.com/samholmes/node-open-graph/commit/a0cef507a90adaac7dbbe9c404f09a50bdefb348
Prototype Pollution,think-config,https://security.snyk.io/vuln/SNYK-JS-THINKCONFIG-1536566,,False,<1.1.3 ,https://github.com/thinkjs/think-config/commit/31b82468d72f2e1456a27a4827cea378196db6db
Heap-based Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1534884,CVE-2021-30568,False,>=13.0.0 <13.1.8 >=12.0.0 <12.0.16 <11.4.11 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1534881,CVE-2021-30562,False,>=12.0.0 <12.0.16 <11.4.11 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1536587,CVE-2021-30572,False,>=12.0.0 <12.0.16 <11.4.11 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1536581,CVE-2021-30573,False,>=13.0.0 <13.1.8 >=12.0.0 <12.0.16 <11.4.11 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1533614,CVE-2021-30560,False,>=12.0.0 <12.0.16 <11.4.11 ,https://github.com/electron/electron/commit/99413641d19df793efc94e61e6c821aee5b194b4
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1534882,CVE-2021-30541,False,>=12.0.0 <12.0.16 <11.4.11 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1536579,CVE-2021-30569,False,>=13.0.0 <13.1.8 >=12.0.0 <12.0.16 <11.4.11 ,n/a
Type Confusion,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1534883,CVE-2021-30563,True,>=12.0.0 <12.0.16 <11.4.11 ,n/a
Arbitrary File Overwrite,tar,https://security.snyk.io/vuln/SNYK-JS-TAR-1536531,CVE-2021-32804,False,<3.2.2 >=4.0.0 <4.4.14 >=5.0.0 <5.0.6 >=6.0.0 <6.1.1 ,https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4
Arbitrary File Overwrite,tar,https://security.snyk.io/vuln/SNYK-JS-TAR-1536528,CVE-2021-32803,False,<3.2.3 >=4.0.0 <4.4.15 >=5.0.0 <5.0.7 >=6.0.0 <6.1.2 ,https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20
Cross-site Scripting (XSS),joplin,https://security.snyk.io/vuln/SNYK-JS-JOPLIN-1535807,CVE-2021-37916,False,<2.1.1 ,https://github.com/laurent22/joplin/commit/feaecf765368f2c273bea3a9fa641ff0da7e6b26
Cross-site Scripting (XSS),grapesjs,https://security.snyk.io/vuln/SNYK-JS-GRAPESJS-1316252,,False,<0.17.22 ,https://github.com/artf/grapesjs/commit/25e9a0b3316b20bb11806330ae0a789c9c752b16
Directory Traversal,isomorphic-git,https://security.snyk.io/vuln/SNYK-JS-ISOMORPHICGIT-1535213,CVE-2021-30483,False,<1.8.2 ,https://github.com/isomorphic-git/isomorphic-git/commit/1316820b5665346414f9bd1287d4701f9cf77727
Malicious Package,acookie,https://security.snyk.io/vuln/SNYK-JS-ACOOKIE-1534840,,False,* ,n/a
Malicious Package,vscode-npm-script,https://security.snyk.io/vuln/SNYK-JS-VSCODENPMSCRIPT-1534839,,False,* ,n/a
Malicious Package,firebase-extensions,https://security.snyk.io/vuln/SNYK-JS-FIREBASEEXTENSIONS-1534838,,False,* ,n/a
Improper Input Validation,xmldom,https://security.snyk.io/vuln/SNYK-JS-XMLDOM-1534562,CVE-2021-32796,False,* ,https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b
Cross-site Scripting (XSS),curly-bracket-parser,https://security.snyk.io/vuln/SNYK-JS-CURLYBRACKETPARSER-1297106,CVE-2021-23416,True,* ,n/a
Prototype Pollution,deepmergefn,https://security.snyk.io/vuln/SNYK-JS-DEEPMERGEFN-1310984,CVE-2021-23417,True,* ,n/a
Open Redirect,url-parse,https://security.snyk.io/vuln/SNYK-JS-URLPARSE-1533425,CVE-2021-3664,False,<1.5.2 ,https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0
Cross-site Scripting (XSS),video.js,https://security.snyk.io/vuln/SNYK-JS-VIDEOJS-1533429,CVE-2021-23414,True,<7.14.3 ,https://github.com/videojs/video.js/commit/b3acf663641fca0f7a966525a72845af7ec5fab2
Denial of Service (DoS),jszip,https://security.snyk.io/vuln/SNYK-JS-JSZIP-1251497,CVE-2021-23413,True,<3.7.0 ,https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36
Command Injection,gitlogplus,https://security.snyk.io/vuln/SNYK-JS-GITLOGPLUS-1315832,CVE-2021-23412,True,* ,n/a
Access Restriction Bypass,ghost,https://security.snyk.io/vuln/SNYK-JS-GHOST-1325348,CVE-2021-39192,False,>=4.0.0 <4.10.0 ,n/a
Cross-site Scripting (XSS),anchorme,https://security.snyk.io/vuln/SNYK-JS-ANCHORME-1311008,CVE-2021-23411,True,* ,n/a
Regular Expression Denial of Service (ReDoS),glob-parent,https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294,CVE-2021-35065,True,>=6.0.0 <6.0.1 ,https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339
Cross-site Scripting (XSS),froala-editor,https://security.snyk.io/vuln/SNYK-JS-FROALAEDITOR-1320082,CVE-2021-28114,False,<3.2.7 ,n/a
Cross-site Scripting (XSS),@toast-ui/editor,https://security.snyk.io/vuln/SNYK-JS-TOASTUIEDITOR-1536769,,False,<3.0.2 ,https://github.com/nhn/tui.editor/commit/48a01f5add76cb6eedb29cceb95f765164d69649
Cross-site Scripting (XSS),tui-editor,https://security.snyk.io/vuln/SNYK-JS-TUIEDITOR-1316284,,False,* ,https://github.com/nhn/tui.editor/commit/48a01f5add76cb6eedb29cceb95f765164d69649
Malicious 󠅮󠅰󠅭Package,hey-sven,https://security.snyk.io/vuln/SNYK-JS-HEYSVEN-1320013,,False,* ,n/a
Cross-site Scripting (XSS),nightscout,https://security.snyk.io/vuln/SNYK-JS-NIGHTSCOUT-1319667,CVE-2021-36755,False,* ,https://github.com/nightscout/cgm-remote-monitor/commit/68f3f90e30cc1da57f7e5069f9c4e1467973521f
Access Restriction Bypass,gatsby-source-wordpress,https://security.snyk.io/vuln/SNYK-JS-GATSBYSOURCEWORDPRESS-1319669,CVE-2021-32770,False,<4.0.8 >=5.0.0 <5.9.2 ,n/a
Open Redirect,urijs,https://security.snyk.io/vuln/SNYK-JS-URIJS-1319803,CVE-2021-3647,True,<1.19.7 ,https://github.com/medialize/URI.js/commit/ac43ca8f80c042f0256fb551ea5203863dec4481
Prototype Pollution,urijs,https://security.snyk.io/vuln/SNYK-JS-URIJS-1319806,,False,<1.19.7 ,https://github.com/medialize/URI.js/commit/8e51b00911ba0f6e90949e2c4516b945c35021f7
Cross-site Scripting (XSS),umeditor,https://security.snyk.io/vuln/SNYK-JS-UMEDITOR-1317128,CVE-2020-18145,False,* ,n/a
Improper Access Control,xo-web,https://security.snyk.io/vuln/SNYK-JS-XOWEB-1316691,CVE-2021-36383,False,* ,n/a
Improper Access Control,xo-server,https://security.snyk.io/vuln/SNYK-JS-XOSERVER-1316690,CVE-2021-36383,False,* ,n/a
Malicious Package,wp-calypso,https://security.snyk.io/vuln/SNYK-JS-WPCALYPSO-1317068,,False,* ,n/a
Prototype Pollution,putil-merge,https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077,CVE-2021-25953,True,<3.7.0 ,https://github.com/panates/putil-merge/commit/a8f5087faaa034cc2dc2e8070c13014ad6a34043
Prototype Pollution,just-safe-set,https://security.snyk.io/vuln/SNYK-JS-JUSTSAFESET-1316267,CVE-2021-25952,True,>=1.0.0 <2.2.2 ,https://github.com/angus-c/just/commit/dd57a476f4bb9d78c6f60741898dc04c71d2eb53
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1314896,CVE-2021-30523,False,>=12.0.0-beta.1 <12.0.14 <11.4.10 ,https://github.com/electron/electron/commit/b16d4539fa6cccf4d1e492de255bc3bec1e05770
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1315151,CVE-2021-30522,False,>=12.0.0 <12.0.14 <11.4.10 ,https://github.com/electron/electron/commit/a42ddbc98d19b2e69c2b9a1f3d9667ce3743d387
Arbitrary Code Execution,total4,https://security.snyk.io/vuln/SNYK-JS-TOTAL4-1130527,CVE-2021-23390,True,<0.0.43 ,https://github.com/totaljs/framework4/commit/8a72d8c20f38bbcac031a76a51238aa528f68821
Arbitrary Code Execution,total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-1088607,CVE-2021-32831,True,<3.4.9 ,https://github.com/totaljs/framework/commit/887b0fa9e162ef7a2dd9cec20a5ca122726373b3
Regular Expression Denial of Service (ReDoS),d3-color,https://security.snyk.io/vuln/SNYK-JS-D3COLOR-1076592,,True,* ,https://github.com/d3/d3-color/commit/4c2be7e59a317d0af7c3d66e44fa888f02163a59
Improper Authentication,stellar-sdk,https://security.snyk.io/vuln/SNYK-JS-STELLARSDK-1316188,CVE-2021-32738,False,<8.2.3 ,https://github.com/stellar/js-stellar-sdk/commit/6f0bb889c2d10b431ddd5f4a1bcdd519c80430b3
Server-side Request Forgery (SSRF),jsoneditor,https://security.snyk.io/vuln/SNYK-JS-JSONEDITOR-1315828,,False,<2.2.2 ,https://github.com/josdejong/jsoneditor/commit/01f611226164f4a5ab33da24396c755c60bf785b
Prototype Pollution,record-like-deep-assign,https://security.snyk.io/vuln/SNYK-JS-RECORDLIKEDEEPASSIGN-1311024,CVE-2021-23402,True,* ,n/a
Prototype Pollution,ts-nodash,https://security.snyk.io/vuln/SNYK-JS-TSNODASH-1311009,CVE-2021-23403,True,<1.2.7 ,n/a
Out-of-bounds Write,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1315668,CVE-2021-30547,False,>=12.0.0 <12.0.13 <11.4.10 ,n/a
Prototype Pollution,think-helper,https://security.snyk.io/vuln/SNYK-JS-THINKHELPER-1315383,CVE-2021-32736,False,<1.1.3 ,n/a
Access of Resource Using Incompatible Type ('Type Confusion'),electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1312314,CVE-2021-30551,False,>=12.0.0-beta.1 <12.0.12 <11.4.9 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1312315,CVE-2021-30544,False,>=12.0.0-beta.1 <12.0.13 <11.4.9 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1312313,CVE-2021-30548,False,>=12.0.0-beta.1 <12.0.12 <11.4.9 ,n/a
Cross-site Scripting (XSS),@toast-ui/editor,https://security.snyk.io/vuln/SNYK-JS-TOASTUIEDITOR-1086605,,False,<3.0.2 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1313767,CVE-2021-30553,False,>=12.0.0 <12.0.13 <11.4.10 ,n/a
Regular Expression Denial of Service (ReDoS),prismjs,https://security.snyk.io/vuln/SNYK-JS-PRISMJS-1314893,CVE-2021-32723,False,<1.24.0 ,https://github.com/PrismJS/prism/commit/d85e30da6755fdbe7f8559f8e75d122297167018
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1313765,CVE-2021-30554,False,>=12.0.0 <12.0.13 <11.4.10 ,n/a
Prototype Pollution,noble,https://security.snyk.io/vuln/SNYK-JS-NOBLE-1314742,,True,* ,n/a
Cross-site Scripting (XSS),mermaid,https://security.snyk.io/vuln/SNYK-JS-MERMAID-1314738,CVE-2021-35513,False,<8.11.0 ,n/a
HTTP Header Injection,nodemailer,https://security.snyk.io/vuln/SNYK-JS-NODEMAILER-1296415,CVE-2021-23400,True,<6.6.1 ,https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f
Arbitrary Command Injection,wincred,https://security.snyk.io/vuln/SNYK-JS-WINCRED-1078538,CVE-2021-23399,True,* ,n/a
Cross-site Scripting (XSS),@auth0/nextjs-auth0,https://security.snyk.io/vuln/SNYK-JS-AUTH0NEXTJSAUTH0-1314618,CVE-2021-32702,False,<1.4.1 ,https://github.com/auth0/nextjs-auth0/commit/6996e2528ceed98627caa28abafbc09e90163ccf
Regular Expression Denial of Service (ReDoS),is-email,https://security.snyk.io/vuln/SNYK-JS-ISEMAIL-1279002,CVE-2021-36716,True,<1.0.1 ,n/a
Directory Traversal,@backstage/techdocs-common,https://security.snyk.io/vuln/SNYK-JS-BACKSTAGETECHDOCSCOMMON-1314354,,False,<0.6.5 ,https://github.com/backstage/backstage/commit/c17c0fcf9e64a48bf8b0a1f2f4cf6ccc6f85fe70
Prototype Pollution,aurelia-path,https://security.snyk.io/vuln/SNYK-JS-AURELIAPATH-1292346,CVE-2021-41097,False,<1.1.7 ,n/a
Command Injection,find-process,https://security.snyk.io/vuln/SNYK-JS-FINDPROCESS-1090284,,False,<1.4.5 ,n/a
Cross-site Scripting (XSS),react-bootstrap-table,https://security.snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285,CVE-2021-23398,True,* ,n/a
Cross-site Scripting (XSS),mongo-express,https://security.snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1312921,CVE-2021-21422,False,<1.0.0-alpha.4 ,https://github.com/mongo-express/mongo-express/commit/f5e0d4931f856f032f22664b5e5901d5950cfd4b
Cross-site Scripting (XSS),striptags,https://security.snyk.io/vuln/SNYK-JS-STRIPTAGS-1312310,CVE-2021-32696,False,<3.2.0 ,https://github.com/ericnorris/striptags/commit/27195157aa2a6b1fabfb882c36a8a6eb9201f029
Information Exposure,@apollo/client,https://security.snyk.io/vuln/SNYK-JS-APOLLOCLIENT-1085706,,False,<3.4.0-rc.2 ,n/a
Prototype Pollution,@ianwalter/merge,https://security.snyk.io/vuln/SNYK-JS-IANWALTERMERGE-1311022,CVE-2021-23397,True,* ,n/a
Denial of Service (DoS),xlsx,https://security.snyk.io/vuln/SNYK-JS-XLSX-1311137,CVE-2021-32013,False,<0.17.0 ,https://github.com/SheetJS/sheetjs/commit/3542d62fffc155dd505a23230ba182c4402a0e2c
Denial of Service (DoS),xlsx,https://security.snyk.io/vuln/SNYK-JS-XLSX-1311141,CVE-2021-32012,False,<0.17.0 ,https://github.com/SheetJS/sheetjs/commit/3542d62fffc155dd505a23230ba182c4402a0e2c
Prototype Pollution,lutils,https://security.snyk.io/vuln/SNYK-JS-LUTILS-1311023,CVE-2021-23396,True,* ,n/a
Denial of Service (DoS),xlsx,https://security.snyk.io/vuln/SNYK-JS-XLSX-1311139,CVE-2021-32014,False,<0.17.0 ,https://github.com/SheetJS/sheetjs/commit/3542d62fffc155dd505a23230ba182c4402a0e2c
Access Restriction Bypass,@apollosproject/data-connector-rock,https://security.snyk.io/vuln/SNYK-JS-APOLLOSPROJECTDATACONNECTORROCK-1311006,CVE-2021-32691,False,<2.20.0 ,https://github.com/ApollosProject/apollos-apps/commit/cb5f8f1c0b24f1b215b2bb5eb6f9a8e16d728ce2
Insecure Permissions,matrix-appservice-bridge,https://security.snyk.io/vuln/SNYK-JS-MATRIXAPPSERVICEBRIDGE-1311005,CVE-2021-32659,False,<2.6.1 ,n/a
Denial of Service (DoS),valine,https://security.snyk.io/vuln/SNYK-JS-VALINE-1311003,CVE-2021-34801,False,* ,n/a
Use After Free,hermes-engine,https://security.snyk.io/vuln/SNYK-JS-HERMESENGINE-1309667,CVE-2021-24037,False,<0.7.0 ,https://github.com/facebook/hermes/commit/d86e185e485b6330216dee8e854455c694e3a36e
Improper Verification of Cryptographic Signature,tenvoy,https://security.snyk.io/vuln/SNYK-JS-TENVOY-1305803,CVE-2021-32685,False,<7.0.3 ,https://github.com/TogaTech/tEnvoy/commit/a121b34a45e289d775c62e58841522891dee686b
Denial of Service (DoS),@scandipwa/magento-scripts,https://security.snyk.io/vuln/SNYK-JS-SCANDIPWAMAGENTOSCRIPTS-1305278,CVE-2021-32684,False,>=1.5.1 <1.5.3 ,https://github.com/scandipwa/create-magento-app/commit/89115db7031e181eb8fb4ec2822bc6cab88e7071
Prototype Pollution,nedb,https://security.snyk.io/vuln/SNYK-JS-NEDB-1305279,CVE-2021-23395,True,* ,n/a
Cross-site Scripting (XSS),total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-1304916,CVE-2019-10260,False,<3.3.0-13 ,https://github.com/totaljs/cms/commit/75205f93009db3cf8c0b0f4f1fc8ab82d70da8ad
Cross-site Scripting (XSS),ckeditor4,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4-1303090,CVE-2021-33829,False,>=4.14.0 <4.16.1 ,n/a
Prototype Pollution,expand-hash,https://security.snyk.io/vuln/SNYK-JS-EXPANDHASH-1303101,CVE-2021-25948,False,* ,n/a
Prototype Pollution,set-getter,https://security.snyk.io/vuln/SNYK-JS-SETGETTER-1303099,CVE-2021-25949,False,* ,n/a
Remote Code Execution (RCE),reg-keygen-git-hash-plugin,https://security.snyk.io/vuln/SNYK-JS-REGKEYGENGITHASHPLUGIN-1300843,CVE-2021-32673,False,<0.10.16 ,https://github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87
Cross-site Scripting (XSS),apexcharts,https://security.snyk.io/vuln/SNYK-JS-APEXCHARTS-1300579,CVE-2021-23327,False,<3.27.0 ,https://github.com/apexcharts/apexcharts.js/commit/67be39cf878198b6c2f4056a3285aaf686102019
Prototype Pollution,nestie,https://security.snyk.io/vuln/SNYK-JS-NESTIE-1300518,,True,<1.0.2 ,https://github.com/lukeed/nestie/commit/c571c77928ecd7f256a935c7c3860f33dac4653f
Arbitrary File Write via Archive Extraction (Zip Slip),calipso,https://security.snyk.io/vuln/SNYK-JS-CALIPSO-1300555,CVE-2021-23391,True,* ,n/a
Regular Expression Denial of Service (ReDoS),polished,https://security.snyk.io/vuln/SNYK-JS-POLISHED-1298071,,False,<3.7.2 >=4.0.0-beta.1 <4.1.3 ,https://github.com/styled-components/polished/commit/6afe3ed74aac71696b7b2c823a5c62bd5b916d66
Cross-site Scripting (XSS),auth0-lock,https://security.snyk.io/vuln/SNYK-JS-AUTH0LOCK-1300548,CVE-2021-32641,False,<11.30.1 ,https://github.com/auth0/lock/commit/d139cf01c8234b07caf265e051f39d3eab08f7ed
Regular Expression Denial of Service (ReDoS),locutus,https://security.snyk.io/vuln/SNYK-JS-LOCUTUS-1090597,CVE-2021-23392,True,<2.0.15 ,https://github.com/locutusjs/locutus/commit/eb863321990e7e5514aa14f68b8d9978ece9e65e
Prototype Pollution,nestie,https://security.snyk.io/vuln/SNYK-JS-NESTIE-1300046,CVE-2021-25947,False,<1.0.1 ,https://github.com/lukeed/nestie/commit/bc80d5898d1e5e8a3d325d355eda0c325c8dcfc2
Directory Traversal,@backstage/techdocs-common,https://security.snyk.io/vuln/SNYK-JS-BACKSTAGETECHDOCSCOMMON-1300041,CVE-2021-32662,False,<0.6.3 ,https://github.com/backstage/backstage/commit/8cefadca04cbf01d0394b0cb1983247e5f1d6208
Cross-site Scripting (XSS),@backstage/plugin-techdocs,https://security.snyk.io/vuln/SNYK-JS-BACKSTAGEPLUGINTECHDOCS-1300047,CVE-2021-32661,False,<0.9.5 ,https://github.com/backstage/backstage/commit/aad98c544e59369901fe9e0a85f6357644dceb5c
Cross-site Scripting (XSS),@backstage/techdocs-common,https://security.snyk.io/vuln/SNYK-JS-BACKSTAGETECHDOCSCOMMON-1300048,CVE-2021-32660,False,<0.6.4 ,https://github.com/backstage/backstage/commit/aad98c544e59369901fe9e0a85f6357644dceb5c
Heap-based Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1296565,CVE-2021-30508,False,>=12.0.0-beta.1 <12.0.10 >=11.0.0-beta.1 <11.4.8 <10.4.7 ,https://github.com/electron/electron/commit/354dab3bac306358c89decdccc993c04bd610389
Race Condition,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1296563,CVE-2021-30510,False,>=12.0.0-beta.1 <12.0.10 >=11.0.0-beta.1 <11.4.8 <10.4.7 ,https://github.com/electron/electron/commit/354dab3bac306358c89decdccc993c04bd610389
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1296561,CVE-2021-30512,False,>=12.0.0-beta.1 <12.0.10 >=11.0.0-beta.1 <11.4.8 <10.4.7 ,https://github.com/electron/electron/commit/354dab3bac306358c89decdccc993c04bd610389
Type Confusion,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1296559,CVE-2021-30513,False,>=12.0.0-beta.1 <12.0.10 >=11.0.0-beta.1 <11.4.8 <10.4.7 ,https://github.com/electron/electron/commit/354dab3bac306358c89decdccc993c04bd610389
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1296557,CVE-2021-30515,False,>=12.0.0-beta.1 <12.0.10 >=11.0.0-beta.1 <11.4.8 <10.4.7 ,https://github.com/electron/electron/commit/354dab3bac306358c89decdccc993c04bd610389
Heap-based Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1296555,CVE-2021-30516,False,>=12.0.0-beta.1 <12.0.10 >=11.0.0-beta.1 <11.4.8 <10.4.7 ,https://github.com/electron/electron/commit/354dab3bac306358c89decdccc993c04bd610389
Heap-based Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1296553,CVE-2021-30518,False,>=12.0.0-beta.1 <12.0.10 >=11.0.0-beta.1 <11.4.8 <10.4.7 ,https://github.com/electron/electron/commit/354dab3bac306358c89decdccc993c04bd610389
Improper Verification of Cryptographic Signature,@aws-crypto/decrypt-node,https://security.snyk.io/vuln/SNYK-JS-AWSCRYPTODECRYPTNODE-1298664,,False,>=2.0.0 <2.2.0 <1.9.0 ,n/a
Improper Verification of Cryptographic Signature,@aws-crypto/decrypt-browser,https://security.snyk.io/vuln/SNYK-JS-AWSCRYPTODECRYPTBROWSER-1298663,,False,>=2.0.0 <2.2.0 <1.9.0 ,n/a
Regular Expression Denial of Service (ReDoS),react-native,https://security.snyk.io/vuln/SNYK-JS-REACTNATIVE-1298632,CVE-2020-1920,False,>=0.63.0-rc.0 <0.64.1 >=0.59.0-rc.0 <0.62.3 ,https://github.com/facebook/react-native/commit/ca09ae82715e33c9ac77b3fa55495cf84ba891c7
Cross-site Scripting (XSS),layui,https://security.snyk.io/vuln/SNYK-JS-LAYUI-1298350,,False,<2.6.8 ,https://github.com/sentsin/layui/commit/7376bbe00df6323588b408d5bf38b151aab4c449#diff-13952582bff0a1aa2ddde6f94079a336fc5ff89fbb220988854ebf97ca7f6b20
Cross-site Scripting (XSS),layui-src,https://security.snyk.io/vuln/SNYK-JS-LAYUISRC-1298179,,False,<2.6.8 ,https://github.com/sentsin/layui/commit/7376bbe00df6323588b408d5bf38b151aab4c449#diff-13952582bff0a1aa2ddde6f94079a336fc5ff89fbb220988854ebf97ca7f6b20
Regular Expression Denial of Service (ReDoS),forms,https://security.snyk.io/vuln/SNYK-JS-FORMS-1296389,CVE-2021-23388,False,<1.2.1 >=1.3.0 <1.3.2 ,https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
Denial of Service (DoS),trim-newlines,https://security.snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042,CVE-2021-33623,False,<3.0.1 >=4.0.0 <4.0.1 ,https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/SNYK-JS-TINYMCE-1298037,,False,<5.7.1 ,https://github.com/tinymce/tinymce/commit/09bfb1dcb176611d22a477666d8cea72cd14c3fe
Regular Expression Denial of Service (ReDoS),css-what,https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-1298035,CVE-2021-33587,False,<5.0.1 ,https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655
Command Injection,@floffah/build,https://security.snyk.io/vuln/SNYK-JS-FLOFFAHBUILD-1298045,,False,<1.0.0 ,n/a
Denial of Service (DoS),node-static,https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-1297183,,False,* ,https://github.com/cloudhead/node-static/commit/78879dc665f0f7137063794b6e0b6203a81c7f67
Open Redirect,node-static,https://security.snyk.io/vuln/SNYK-JS-NODESTATIC-1297184,,False,* ,https://github.com/cloudhead/node-static/commit/95487174caa8362f0e80acf85f8a9d158e941b90
Arbitrary Code Execution,json-ptr,https://security.snyk.io/vuln/SNYK-JS-JSONPTR-1297099,,False,<2.1.0 ,n/a
Prototype Pollution,js-extend,https://security.snyk.io/vuln/SNYK-JS-JSEXTEND-1297101,CVE-2021-25945,True,* ,n/a
Prototype Pollution,nconf-toml,https://security.snyk.io/vuln/SNYK-JS-NCONFTOML-1296831,CVE-2021-25946,True,* ,n/a
Regular Expression Denial of Service (ReDoS),ws,https://security.snyk.io/vuln/SNYK-JS-WS-1296835,CVE-2021-32640,True,>=7.0.0 <7.4.6 >=6.0.0 <6.2.2 <5.2.3 ,https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff
Information Exposure,@keystonejs/keystone,https://security.snyk.io/vuln/SNYK-JS-KEYSTONEJSKEYSTONE-1296546,CVE-2021-32624,False,* ,n/a
Arbitrary Command Injection,@ronomon/opened,https://security.snyk.io/vuln/SNYK-JS-RONOMONOPENED-1296551,CVE-2021-29300,False,<1.5.2 ,https://github.com/ronomon/opened/commit/7effe011d4fea8fac7f78c00615e0a6e69af68ec
Regular Expression Denial of Service (ReDoS),normalize-url,https://security.snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539,CVE-2021-33502,False,>=6.0.0 <6.0.1 >=5.0.0 <5.3.1 >=4.4.0 <4.5.1 ,https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103
Remote Memory Exposure,dns-packet,https://security.snyk.io/vuln/SNYK-JS-DNSPACKET-1293563,CVE-2021-23386,False,<1.3.4 >=2.0.0 <5.2.4 ,https://github.com/mafintosh/dns-packet/commit/25f15dd0fedc53688b25fd053ebbdffe3d5c1c56
Cross-site Scripting (XSS),matrix-react-sdk,https://security.snyk.io/vuln/SNYK-JS-MATRIXREACTSDK-1293237,CVE-2021-32622,False,<3.21.0 ,n/a
Cross-site Scripting (XSS),vmd,https://security.snyk.io/vuln/SNYK-JS-VMD-1293236,CVE-2021-33041,False,* ,n/a
Cross-site Scripting (XSS),@shopify/koa-shopify-auth,https://security.snyk.io/vuln/SNYK-JS-SHOPIFYKOASHOPIFYAUTH-1293238,CVE-2020-8176,False,>=3.1.61 <3.1.63 ,n/a
Information Exposure,express-hbs,https://security.snyk.io/vuln/SNYK-JS-EXPRESSHBS-1293211,CVE-2021-32817,False,* ,https://github.com/TryGhost/express-hbs/commit/ff6fad6e357699412d4e916273314e5e7af1500e
Cross-site Scripting (XSS),haml-coffee,https://security.snyk.io/vuln/SNYK-JS-HAMLCOFFEE-1293210,CVE-2021-32818,False,* ,n/a
Arbitrary Code Execution,squirrelly,https://security.snyk.io/vuln/SNYK-JS-SQUIRRELLY-1293209,CVE-2021-32819,False,* ,n/a
Open Redirect,koa-remove-trailing-slashes,https://security.snyk.io/vuln/SNYK-JS-KOAREMOVETRAILINGSLASHES-1085708,CVE-2021-23384,True,<2.0.2 ,n/a
Open Redirect,trailing-slash,https://security.snyk.io/vuln/SNYK-JS-TRAILINGSLASH-1085707,CVE-2021-23387,True,<2.0.1 ,https://github.com/fardog/trailing-slash/commit/f8e66f1429308247e5a119d430203077d8f05048
Cross-site Scripting (XSS),aurelia-templating-resources,https://security.snyk.io/vuln/SNYK-JS-AURELIATEMPLATINGRESOURCES-1292342,CVE-2019-10062,False,* ,n/a
Cross-site Request Forgery (CSRF),fastify-csrf,https://security.snyk.io/vuln/SNYK-JS-FASTIFYCSRF-1293032,CVE-2021-29624,False,<3.1.0 ,n/a
Prototype Pollution,101,https://security.snyk.io/vuln/SNYK-JS-101-1292345,CVE-2021-25943,False,* ,n/a
Prototype Pollution,deep-override,https://security.snyk.io/vuln/SNYK-JS-DEEPOVERRIDE-1292344,CVE-2021-25941,False,<1.0.2 ,https://github.com/ASaiAnudeep/deep-override/commit/2aced17651fb684959a6e04b1465a8329b3d5268
Cross-site Scripting (XSS),vconsole,https://security.snyk.io/vuln/SNYK-JS-VCONSOLE-1292147,,False,<3.5.2 ,https://github.com/Tencent/vConsole/commit/365380a1d1700643ac81782b2262a1edb02ff033
Improper Authentication,strapi,https://security.snyk.io/vuln/SNYK-JS-STRAPI-1290552,CVE-2021-28128,False,* ,n/a
Denial of Service (DoS),fastify-multipart,https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382,CVE-2020-8136,False,<1.0.5 ,n/a
Command Injection,git-parse,https://security.snyk.io/vuln/SNYK-JS-GITPARSE-1290380,CVE-2021-26543,False,<1.0.5 ,n/a
Prototype Pollution,backbone-query-parameters,https://security.snyk.io/vuln/SNYK-JS-BACKBONEQUERYPARAMETERS-1290381,CVE-2021-20085,True,* ,n/a
Cross-site Scripting (XSS),frappe-charts,https://security.snyk.io/vuln/SNYK-JS-FRAPPECHARTS-1290373,,False,* ,https://github.com/frappe/charts/commit/61717aee95097023fb63f4a199309c69274e036e
Cross-site Scripting (XSS),highcharts,https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1290057,CVE-2021-29489,False,<9.0.0 ,n/a
Regular Expression Denial of Service (ReDoS),is-svg,https://security.snyk.io/vuln/SNYK-JS-ISSVG-1243891,CVE-2021-29059,True,>=2.1.0 <4.3.0 ,https://github.com/sindresorhus/is-svg/commit/732fc72779840c45a30817d3fe28e12058592b02
Arbitrary Code Execution,exiftool-vendored.exe,https://security.snyk.io/vuln/SNYK-JS-EXIFTOOLVENDOREDEXE-1279040,CVE-2021-22204,True,<12.25.0 ,https://github.com/photostructure/exiftool-vendored.exe/commit/66be0b2c50cbba945a3566b131e26effc6fc960c
Arbitrary Code Execution,exiftool-vendored.pl,https://security.snyk.io/vuln/SNYK-JS-EXIFTOOLVENDOREDPL-1279041,CVE-2021-22204,True,<12.25.0 ,https://github.com/photostructure/exiftool-vendored.exe/commit/66be0b2c50cbba945a3566b131e26effc6fc960c
Prototype Pollution,handlebars,https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029,CVE-2021-23383,False,<4.7.7 ,https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
Regular Expression Denial of Service (ReDoS),path-parse,https://security.snyk.io/vuln/SNYK-JS-PATHPARSE-1077067,CVE-2021-23343,True,<1.0.7 ,n/a
Cross-site Scripting (XSS),ngx-markdown-editor,https://security.snyk.io/vuln/SNYK-JS-NGXMARKDOWNEDITOR-1245072,,False,<3.3.3 ,https://github.com/lon-yang/ngx-markdown-editor/commit/5b6bc97b41116bb65899b5bd20b5aa3032793999
Prototype Pollution,mixme,https://security.snyk.io/vuln/SNYK-JS-MIXME-1278998,CVE-2021-29491,False,<0.5.2 ,https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028
Arbitrary Code Execution,@rkesters/gnuplot,https://security.snyk.io/vuln/SNYK-JS-RKESTERSGNUPLOT-1279001,CVE-2021-29369,False,<0.1.0 ,https://github.com/rkesters/gnuplot/commit/23671d4d3d28570fb19a936a6328bfac742410de
Denial of Service (DoS),cumulative-distribution-function,https://security.snyk.io/vuln/SNYK-JS-CUMULATIVEDISTRIBUTIONFUNCTION-1278985,CVE-2021-29486,False,<2.0.0 ,n/a
Out Of Bounds Read,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1278596,CVE-2021-21233,False,<10.4.4 >=11.0.0 <11.4.4 >=12.0.0 <12.0.6 ,n/a
Improper Input Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1277526,CVE-2021-21231,False,<10.4.4 >=12.0.0 <12.0.6 ,n/a
Integer Overflow or Wraparound,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1260586,CVE-2021-21223,False,<10.4.4 >=12.0.0 <12.0.6 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1258207,CVE-2021-21226,False,<10.4.4 >=11.0.0 <11.4.4 >=12.0.0 <12.0.6 ,n/a
Cross-site Scripting (XSS),ghost,https://security.snyk.io/vuln/SNYK-JS-GHOST-1278126,CVE-2021-29484,False,>=4.0.0 <4.3.3 ,n/a
Insecure Configuration,cypress,https://security.snyk.io/vuln/SNYK-JS-CYPRESS-1255446,,True,<7.2.0 ,n/a
Prototype Pollution,confidence,https://security.snyk.io/vuln/SNYK-JS-CONFIDENCE-1088570,,False,>=4.0.0 <5.0.1 ,https://github.com/hapipal/confidence/commit/74350657d552131fade93ecf72ae3b6226f89ed8
Integer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1277205,CVE-2021-21223,False,<10.4.4 ,n/a
Prototype Pollution,domify,https://security.snyk.io/vuln/SNYK-JS-DOMIFY-1277201,,False,<1.4.1 ,https://github.com/component/domify/commit/43221c5e255e876ba9a9a7912c67d63c87a1805e
Heap-based Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1277203,CVE-2021-21222,False,<10.4.4 >=11.0.0 <11.4.4 >=12.0.0 <12.0.6 ,n/a
Out-of-bounds Read,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1261111,CVE-2021-21198,False,>=11.0.0 <11.4.4 <10.4.4 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1259349,CVE-2021-21202,False,>=11.0.0 <11.4.4 <10.4.4 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1252279,CVE-2021-21206,False,>=11.0.0 <11.4.4 <10.4.4 ,n/a
Out-of-bounds,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1257943,CVE-2021-21225,True,>=11.0.0 <11.4.4 <10.4.4 >=12.0.0 <12.0.6 ,n/a
Regular Expression Denial of Service (ReDoS),browserslist,https://security.snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194,CVE-2021-23364,True,>=4.0.0 <4.16.5 ,https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98
Prototype Pollution,safe-flat,https://security.snyk.io/vuln/SNYK-JS-SAFEFLAT-1277112,CVE-2021-25927,False,>=2.0.0 <2.0.2 ,https://github.com/jessie-codes/safe-flat/commit/4b9b7db976bba8c968354f4315f5f9c219b7cbf3
Prototype Pollution,safe-obj,https://security.snyk.io/vuln/SNYK-JS-SAFEOBJ-1277111,CVE-2021-25928,False,* ,n/a
Cross-site Scripting (XSS),vconsole,https://security.snyk.io/vuln/SNYK-JS-VCONSOLE-1244101,,False,<3.4.1 ,https://github.com/Tencent/vConsole/commit/232ff55b74e4f424cf64a6d26fb610fb87550cb8
Cross-site Scripting (XSS),react-draft-wysiwyg,https://security.snyk.io/vuln/SNYK-JS-REACTDRAFTWYSIWYG-1251504,CVE-2021-31712,False,<1.14.6 ,https://github.com/jpuri/react-draft-wysiwyg/commit/d2faeb612b53f10dff048de7dc57e1f4044b5380
Access Restriction Bypass,oauth2-server,https://security.snyk.io/vuln/SNYK-JS-OAUTH2SERVER-1255585,CVE-2017-18924,False,* ,n/a
Regular Expression Denial of Service (ReDoS),validator,https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-1090599,,True,<13.6.0 ,https://github.com/tux-tn/validator.js/commit/b21879cf45c05ee11b2d79e612b651bf7b2d93b7#diff-f41087599986e29c3c0dc15b62f1bf96d8aba16fe41f3730e315c84c2c4cb311
Regular Expression Denial of Service (ReDoS),validator,https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-1090600,CVE-2021-3765,True,<13.7.0 ,n/a
Regular Expression Denial of Service (ReDoS),validator,https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-1090601,,True,<13.6.0 ,n/a
Prototype Pollution,dustjs-linkedin,https://security.snyk.io/vuln/SNYK-JS-DUSTJSLINKEDIN-1089257,,False,<3.0.0 ,https://github.com/linkedin/dustjs/pull/805/commits/ddb6523832465d38c9d80189e9de60519ac307c3
Regular Expression Denial of Service (ReDoS),validator,https://security.snyk.io/vuln/SNYK-JS-VALIDATOR-1090602,,True,<13.6.0 ,n/a
Prototype Pollution,purl,https://security.snyk.io/vuln/SNYK-JS-PURL-1255642,CVE-2021-20089,False,* ,n/a
Regular Expression Denial of Service (ReDoS),redis,https://security.snyk.io/vuln/SNYK-JS-REDIS-1255645,CVE-2021-29469,False,>=2.6.0 <3.1.1 ,https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e
Access Restriction Bypass,xmlhttprequest-ssl,https://security.snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647,CVE-2021-31597,True,<1.6.1 ,https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2
Prototype Pollution,jquery-bbq,https://security.snyk.io/vuln/SNYK-JS-JQUERYBBQ-1255644,CVE-2021-20086,False,* ,n/a
Prototype Pollution,jquery-query-object,https://security.snyk.io/vuln/SNYK-JS-JQUERYQUERYOBJECT-1255650,CVE-2021-20083,False,* ,n/a
Prototype Pollution,jquery-deparam,https://security.snyk.io/vuln/SNYK-JS-JQUERYDEPARAM-1255651,CVE-2021-20087,False,* ,n/a
Prototype Pollution,mootools-more,https://security.snyk.io/vuln/SNYK-JS-MOOTOOLSMORE-1255652,CVE-2021-20088,False,* ,n/a
Regular Expression Denial of Service (ReDoS),postcss,https://security.snyk.io/vuln/SNYK-JS-POSTCSS-1255640,CVE-2021-23382,True,>=8.0.0 <8.2.13 <7.0.36 ,https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1253279,CVE-2021-21194,False,>=12.0.0 <12.0.5 >=11.0.0 <11.4.4 <10.4.4 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1253281,CVE-2021-21199,False,>=12.0.0 <12.0.5 >=11.0.0 <11.4.4 <10.4.4 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1252280,CVE-2021-21195,False,>=12.0.0 <12.0.5 >=11.0.0 <11.4.4 <10.4.4 ,n/a
Timing Attack,jose-node-esm-runtime,https://security.snyk.io/vuln/SNYK-JS-JOSENODEESMRUNTIME-1251483,CVE-2021-29445,False,<3.11.4 ,n/a
Timing Attack,jose-browser-runtime,https://security.snyk.io/vuln/SNYK-JS-JOSEBROWSERRUNTIME-1251484,CVE-2021-29444,False,<3.11.4 ,n/a
Access Restriction Bypass,@curveball/a12n-server,https://security.snyk.io/vuln/SNYK-JS-CURVEBALLA12NSERVER-1251485,CVE-2021-29452,False,>=0.18.0 <0.18.2 ,n/a
Insecure Default,meteor,https://security.snyk.io/vuln/SNYK-JS-METEOR-1065251,,False,<2.2.0 ,https://github.com/meteor/meteor/commit/27f028f588bdc15e0bf7a9fecd63cde2f0b4c9bd
Arbitrary Command Injection,ffmpegdotjs,https://security.snyk.io/vuln/SNYK-JS-FFMPEGDOTJS-1078542,CVE-2021-23376,True,* ,n/a
Arbitrary Command Injection,onion-oled-js,https://security.snyk.io/vuln/SNYK-JS-ONIONOLEDJS-1078808,CVE-2021-23377,True,* ,n/a
Arbitrary Command Injection,psnode,https://security.snyk.io/vuln/SNYK-JS-PSNODE-1078543,CVE-2021-23375,True,* ,n/a
Arbitrary Command Injection,ps-visitor,https://security.snyk.io/vuln/SNYK-JS-PSVISITOR-1078544,CVE-2021-23374,True,* ,n/a
Arbitrary Command Injection,killing,https://security.snyk.io/vuln/SNYK-JS-KILLING-1078532,CVE-2021-23381,True,* ,n/a
Cross-site Scripting (XSS),editor.md,https://security.snyk.io/vuln/SNYK-JS-EDITORMD-1063036,,True,* ,n/a
Arbitrary Command Injection,roar-pidusage,https://security.snyk.io/vuln/SNYK-JS-ROARPIDUSAGE-1078528,CVE-2021-23380,True,* ,n/a
Arbitrary Command Injection,picotts,https://security.snyk.io/vuln/SNYK-JS-PICOTTS-1078539,CVE-2021-23378,True,* ,n/a
Arbitrary Command Injection,portkiller,https://security.snyk.io/vuln/SNYK-JS-PORTKILLER-1078537,CVE-2021-23379,True,* ,n/a
Timing Attack,jose-node-cjs-runtime,https://security.snyk.io/vuln/SNYK-JS-JOSENODECJSRUNTIME-1251480,CVE-2021-29446,False,<3.11.4 ,n/a
Timing Attack,jose,https://security.snyk.io/vuln/SNYK-JS-JOSE-1251487,CVE-2021-29443,False,<1.28.1 >=2.0.0 <2.0.5 >=3.0.0 <3.11.4 ,n/a
Regular Expression Denial of Service (ReDoS),ssri,https://security.snyk.io/vuln/SNYK-JS-SSRI-1246392,CVE-2021-27290,False,>=5.2.2 <6.0.2 >=7.0.0 <7.1.1 >=8.0.0 <8.0.1 ,https://github.com/npm/ssri/commit/76e223317d971f19e4db8191865bdad5edee40d2
Command Injection,@azure/ms-rest-nodeauth,https://security.snyk.io/vuln/SNYK-JS-AZUREMSRESTNODEAUTH-1245464,CVE-2021-28458,True,<3.0.8 ,n/a
Cross-site Scripting (XSS),@nextcloud/dialogs,https://security.snyk.io/vuln/SNYK-JS-NEXTCLOUDDIALOGS-1245465,CVE-2021-29438,False,<3.1.2 ,https://github.com/nextcloud/nextcloud-dialogs/commit/da9222735510fd5c939a19a74331f102dc9d8f29
Information Exposure,@theia/mini-browser,https://security.snyk.io/vuln/SNYK-JS-THEIAMINIBROWSER-1245507,CVE-2019-17636,False,>=0.3.9 <0.16.0 ,https://github.com/eclipse-theia/theia/commit/b212d07f915df1509180944ee3132714bc2636bf
Arbitrary Code Execution,jsreport,https://security.snyk.io/vuln/SNYK-JS-JSREPORT-1245513,CVE-2020-8128,False,<2.6.0 ,n/a
Prototype Pollution,set-deep-prop,https://security.snyk.io/vuln/SNYK-JS-SETDEEPPROP-1083231,CVE-2021-23373,True,* ,n/a
Malicious Package,web-browserify,https://security.snyk.io/vuln/SNYK-JS-WEBBROWSERIFY-1245516,,False,* ,n/a
Denial of Service (DoS),mongo-express,https://security.snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085403,CVE-2021-23372,False,* ,n/a
Regular Expression Denial of Service (ReDoS),postcss,https://security.snyk.io/vuln/SNYK-JS-POSTCSS-1090595,CVE-2021-23368,True,>=7.0.0 <7.0.36 >=8.0.0 <8.2.10 ,n/a
Prototype Pollution,shvl,https://security.snyk.io/vuln/SNYK-JS-SHVL-1085284,,False,<2.0.3 ,https://github.com/robinvdvleuten/shvl/commit/4ed0edfa70f7778556f7b7e9ef1ee5d6d002fce2
Regular Expression Denial of Service (ReDoS),chrono-node,https://security.snyk.io/vuln/SNYK-JS-CHRONONODE-1083228,CVE-2021-23371,False,<2.2.4 ,https://github.com/wanasit/chrono/commit/98815b57622443b5c498a427210ebd603d705f4c
Prototype Pollution,swiper,https://security.snyk.io/vuln/SNYK-JS-SWIPER-1088062,CVE-2021-23370,True,<6.5.1 ,https://github.com/nolimits4web/swiper/commit/9dad2739b7474f383474773d5ab898a0c29ac178
Improper Input Validation,systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1244526,,True,<5.6.11 ,https://github.com/sebhildebrandt/systeminformation/commit/45c08f139eeed339e98bc1deb3a855ccc33b504b
Cryptographic Weakness,jsrsasign,https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-1244072,CVE-2021-30246,False,<10.1.13 ,n/a
Arbitrary Code Execution,projen,https://security.snyk.io/vuln/SNYK-JS-PROJEN-1243686,CVE-2021-21423,False,>=0.6.0 <0.16.41 ,https://github.com/projen/projen/commit/36030c6a4b1acd0054673322612e7c70e9446643
Privilege Escalation,mongodb-js-metrics,https://security.snyk.io/vuln/SNYK-JS-MONGODBJSMETRICS-1243685,CVE-2021-20334,False,<6.0.0 ,https://github.com/mongodb-js/metrics/commit/8ad75b1820fea866971f18bc540806e6081a78e7
Arbitrary Command Injection,systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1243748,CVE-2021-21388,False,<5.6.4 ,n/a
Arbitrary Code Execution,@prisma/sdk,https://security.snyk.io/vuln/SNYK-JS-PRISMASDK-1243749,CVE-2021-21414,False,<2.20.0 ,n/a
Regular Expression Denial of Service (ReDoS),@ckeditor/ckeditor5-widget,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5WIDGET-1243747,CVE-2021-21391,False,<27.0.0 ,https://github.com/ckeditor/ckeditor5/commit/e36175e86b7f5ca597b39df6e47112b91ab4e0a0
Regular Expression Denial of Service (ReDoS),@ckeditor/ckeditor5-paste-from-office,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5PASTEFROMOFFICE-1243746,CVE-2021-21391,False,<27.0.0 ,https://github.com/ckeditor/ckeditor5/commit/e36175e86b7f5ca597b39df6e47112b91ab4e0a0
Regular Expression Denial of Service (ReDoS),@ckeditor/ckeditor5-media-embed,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5MEDIAEMBED-1243745,CVE-2021-21391,False,<27.0.0 ,https://github.com/ckeditor/ckeditor5/commit/e36175e86b7f5ca597b39df6e47112b91ab4e0a0
Regular Expression Denial of Service (ReDoS),@ckeditor/ckeditor5-markdown-gfm,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5MARKDOWNGFM-1243744,CVE-2021-21391,False,<27.0.0 ,https://github.com/ckeditor/ckeditor5/commit/e36175e86b7f5ca597b39df6e47112b91ab4e0a0
Regular Expression Denial of Service (ReDoS),@ckeditor/ckeditor5-list,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5LIST-1243743,CVE-2021-21391,False,<27.0.0 ,https://github.com/ckeditor/ckeditor5/commit/e36175e86b7f5ca597b39df6e47112b91ab4e0a0
Regular Expression Denial of Service (ReDoS),@ckeditor/ckeditor5-engine,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5ENGINE-1243740,CVE-2021-21391,False,<27.0.0 ,https://github.com/ckeditor/ckeditor5/commit/e36175e86b7f5ca597b39df6e47112b91ab4e0a0
Regular Expression Denial of Service (ReDoS),@ckeditor/ckeditor5-image,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5IMAGE-1243742,CVE-2021-21391,False,<27.0.0 ,https://github.com/ckeditor/ckeditor5/commit/e36175e86b7f5ca597b39df6e47112b91ab4e0a0
Regular Expression Denial of Service (ReDoS),@ckeditor/ckeditor5-font,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5FONT-1243741,CVE-2021-21391,False,<27.0.0 ,https://github.com/ckeditor/ckeditor5/commit/e36175e86b7f5ca597b39df6e47112b91ab4e0a0
Privilege Escalation,isolated-vm,https://security.snyk.io/vuln/SNYK-JS-ISOLATEDVM-1243750,CVE-2021-21413,False,<4.0.0 ,https://github.com/laverdet/isolated-vm/commit/c95b3da54258ce8993fc7ed475fe18e7f321c72c
Cross-site Scripting (XSS),froala-editor,https://security.snyk.io/vuln/SNYK-JS-FROALAEDITOR-1090603,CVE-2021-30109,False,<3.2.7 ,n/a
Information Exposure,node-etsy-client,https://security.snyk.io/vuln/SNYK-JS-NODEETSYCLIENT-1090579,CVE-2021-21421,False,<0.3.0 ,https://github.com/creharmony/node-etsy-client/commit/b4beb8ef080366c1a87dbf9e163051a446acaa7d
Cross-site Scripting (XSS),docsify,https://security.snyk.io/vuln/SNYK-JS-DOCSIFY-1090577,CVE-2021-30074,False,>=4.12.0 <4.12.2 ,n/a
Arbitrary Command Injection,portprocesses,https://security.snyk.io/vuln/SNYK-JS-PORTPROCESSES-1078536,CVE-2021-23348,True,<1.0.5 ,https://github.com/rrainn/PortProcesses/commit/86811216c9b97b01b5722f879f8c88a7aa4214e1
Arbitrary Code Execution,@thi.ng/egf,https://security.snyk.io/vuln/SNYK-JS-THINGEGF-1089810,CVE-2021-21412,False,<0.4.0 ,https://github.com/thi-ng/umbrella/commit/88f61656e5f5cfba960013b8133186389efaf243
Prototype Pollution,mquery,https://security.snyk.io/vuln/SNYK-JS-MQUERY-1089718,,True,<3.2.5 ,https://github.com/aheckmann/mquery/commit/158f059e058579d2d08c2f1380689f5f69336778
Server-side Request Forgery (SSRF),netmask,https://security.snyk.io/vuln/SNYK-JS-NETMASK-1089716,CVE-2021-29418,True,<2.0.1 ,https://github.com/rs/node-netmask/commit/3f19a056c4eb808ea4a29f234274c67bc5a848f4
Arbitrary Command Injection,kill-by-port,https://security.snyk.io/vuln/SNYK-JS-KILLBYPORT-1078531,CVE-2021-23363,True,<0.0.2 ,https://github.com/GuyMograbi/kill-by-port/commit/ea5b1f377e196a4492e05ff070eba8b30b7372c4
Arbitrary Code Injection,underscore,https://security.snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984,CVE-2021-23358,True,>=1.13.0-0 <1.13.0-2 >=1.3.2 <1.12.1 ,https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66
Insecure Randomness,yapi-vendor,https://security.snyk.io/vuln/SNYK-JS-YAPIVENDOR-1089450,CVE-2021-27884,False,<1.10.1 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1087442,CVE-2021-21179,False,<10.4.2 >=11.0.0 <11.4.1 ,n/a
Improper Input Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1086695,CVE-2021-21175,False,<10.4.2 >=11.0.0 <11.4.1 ,n/a
Out-of-Bounds,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1086693,CVE-2021-21169,False,<10.4.2 >=11.0.0 <11.4.1 ,n/a
Access Restriction Bypass,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1086694,CVE-2021-21174,False,<10.4.3 >=11.0.0-beta.1 <11.4.1 ,n/a
Out-of-bounds Write,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1088600,CVE-2021-21166,False,<10.4.1 >=11.0.0 <11.4.1 ,n/a
Insecure Defaults,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1088602,CVE-2021-21172,False,<10.4.1 >=11.0.0 <11.4.1 ,n/a
Prototype Pollution,mongoose,https://security.snyk.io/vuln/SNYK-JS-MONGOOSE-1086688,,True,<5.12.2 ,https://github.com/Automattic/mongoose/commit/3ed44ffa13737be9fc0d709980da9c3c552d54e7
Regular Expression Denial of Service (ReDoS),hosted-git-info,https://security.snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355,CVE-2021-23362,True,>=3.0.0 <3.0.8 <2.8.9 ,https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
Prototype Pollution,copy-props,https://security.snyk.io/vuln/SNYK-JS-COPYPROPS-1082870,CVE-2020-28503,False,<2.0.5 ,n/a
Arbitrary Code Injection,json,https://security.snyk.io/vuln/SNYK-JS-JSON-1082930,,True,<11.0.0 ,https://github.com/trentm/json/commit/4114e321b02371c8e972ac42a8d43fa0ff6d3e3a
Arbitrary Command Injection,killport,https://security.snyk.io/vuln/SNYK-JS-KILLPORT-1078535,CVE-2021-23360,True,<1.0.2 ,https://github.com/ssnau/killport/commit/bec8e371f170a12e11cd222ffc7a6e1ae9942638
Prototype Pollution,convict,https://security.snyk.io/vuln/SNYK-JS-CONVICT-1062508,,False,<6.0.1 ,n/a
Regular Expression Denial of Service (ReDoS),es6-crawler-detect,https://security.snyk.io/vuln/SNYK-JS-ES6CRAWLERDETECT-1051529,CVE-2020-28501,False,<3.1.3 ,n/a
Regular Expression Denial of Service (ReDoS),schema-inspector,https://security.snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-1088010,CVE-2021-21267,False,<2.0.0 ,https://github.com/schema-inspector/schema-inspector/commit/49fa4b7f081880f1d741a164c663caa8e2c6d129
LDAP Injection,redash,https://security.snyk.io/vuln/SNYK-JS-REDASH-1087439,CVE-2020-36144,False,* ,n/a
Command Injection,eslint-fixer,https://security.snyk.io/vuln/SNYK-JS-ESLINTFIXER-1087438,CVE-2021-26275,False,* ,n/a
Arbitrary Code Execution,shescape,https://security.snyk.io/vuln/SNYK-JS-SHESCAPE-1087427,CVE-2021-21384,False,<1.1.3 ,https://github.com/ericcornelissen/shescape/commit/07a069a66423809cbedd61d980c11ca44a29ea2b
Directory Traversal,wazuh,https://security.snyk.io/vuln/SNYK-JS-WAZUH-1087421,CVE-2021-26814,True,<4.0.4 ,n/a
Prototype Pollution,patchmerge,https://security.snyk.io/vuln/SNYK-JS-PATCHMERGE-1086585,CVE-2021-25916,True,<1.0.2 ,https://github.com/pjshumphreys/patchmerge/commit/5b383c537eae7a00ebd26d3f7211dac99ddecb12
Arbitrary Command Injection,port-killer,https://security.snyk.io/vuln/SNYK-JS-PORTKILLER-1078533,CVE-2021-23359,True,* ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1085705,CVE-2021-21193,False,>=11.0.0-beta.1 <11.4.0 <10.4.1 ,n/a
Heap Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1085647,CVE-2021-21160,False,>=11.0.0-beta.1 <11.4.0 <10.4.1 ,n/a
Information Exposure,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1085998,CVE-2021-21181,False,>=11.0.0-beta.1 <11.4.0 <10.4.1 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1085994,CVE-2021-21162,False,>=11.0.0-beta.1 <11.4.0 <10.4.1 ,n/a
Out-of-Bounds,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1085996,CVE-2021-21165,False,>=11.0.0-beta.1 <11.4.0 <10.4.1 ,n/a
Prototype Pollution,node-dig,https://security.snyk.io/vuln/SNYK-JS-NODEDIG-1069825,,True,* ,n/a
Prototype Pollution,@lyngs/digger,https://security.snyk.io/vuln/SNYK-JS-LYNGSDIGGER-1069826,,True,* ,n/a
Prototype Pollution,@lyngs/merge,https://security.snyk.io/vuln/SNYK-JS-LYNGSMERGE-1069823,,True,* ,n/a
Arbitrary Command Injection,kill-process-by-name,https://security.snyk.io/vuln/SNYK-JS-KILLPROCESSBYNAME-1078534,CVE-2021-23356,True,* ,n/a
Arbitrary Command Injection,ps-kill,https://security.snyk.io/vuln/SNYK-JS-PSKILL-1078529,CVE-2021-23355,True,* ,n/a
Cross-site Scripting (XSS),@wiptheia/core,https://security.snyk.io/vuln/SNYK-JS-WIPTHEIACORE-1085626,CVE-2021-28161,False,* ,n/a
Regular Expression Denial of Service (ReDoS),is-svg,https://security.snyk.io/vuln/SNYK-JS-ISSVG-1085627,CVE-2021-28092,False,>=2.1.0 <4.2.2 ,https://github.com/sindresorhus/is-svg/commit/01f8a087fab8a69c3ac9085fbb16035907ab6a5b
Prototype Pollution,plain-object-merge,https://security.snyk.io/vuln/SNYK-JS-PLAINOBJECTMERGE-1085643,,False,<1.0.2 ,https://github.com/fabiospampinato/plain-object-merge/commit/e2b59efa2216957815643c48797e2e2eae8ca2b2
Prototype Pollution,msgpack5,https://security.snyk.io/vuln/SNYK-JS-MSGPACK5-1085640,CVE-2021-21368,False,>=5.0.0 <5.2.1 >=4.0.0 <4.5.1 <3.6.1 ,https://github.com/mcollina/msgpack5/commit/2f3ade7a0bbb315d467141409bc956fa8742ab3f
Authentication Bypass,@solid/identity-token-verifier,https://security.snyk.io/vuln/SNYK-JS-SOLIDIDENTITYTOKENVERIFIER-1085639,,False,<0.5.2 ,https://github.com/solid/identity-token-verifier/commit/fbdeb4aa8c12694b3744cd0454acb826817d9e6c
Remote Code Execution (RCE),nobelprizeparser,https://security.snyk.io/vuln/SNYK-JS-NOBELPRIZEPARSER-1085638,,False,* ,https://github.com/AnneTheDev/nobelprize/commit/00639d375b0efd097bc1eca18d9dc021691b9286
Information Exposure,highcharts-export-server,https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTSEXPORTSERVER-1085635,,False,<2.1.0 ,https://github.com/highcharts/node-export-server/commit/53fa992a96785a5a08390e55ec30ea2ad217dfe6
Cross-site Scripting (XSS),@wiptheia/core,https://security.snyk.io/vuln/SNYK-JS-WIPTHEIACORE-1085632,CVE-2021-28162,False,* ,n/a
Cross-site Scripting (XSS),mongo-express,https://security.snyk.io/vuln/SNYK-JS-MONGOEXPRESS-1085402,,False,<1.0.0-alpha.2 ,https://github.com/mongo-express/mongo-express/commit/f5e0d4931f856f032f22664b5e5901d5950cfd4b
Regular Expression Denial of Service (ReDoS),printf,https://security.snyk.io/vuln/SNYK-JS-PRINTF-1072096,CVE-2021-23354,False,<0.6.1 ,n/a
Regular Expression Denial of Service (ReDoS),color-string,https://security.snyk.io/vuln/SNYK-JS-COLORSTRING-1082939,CVE-2021-29060,True,<1.5.5 ,n/a
Prototype Pollution,style-dictionary,https://security.snyk.io/vuln/SNYK-JS-STYLEDICTIONARY-1080632,,True,<2.10.3 ,n/a
Prototype Pollution,changeset,https://security.snyk.io/vuln/SNYK-JS-CHANGESET-1083989,CVE-2021-25915,False,>=0.1.0 <0.2.6 ,https://github.com/eugeneware/changeset/commit/9e588844edbb9993b32e7366cc799262b4447f99
XML External Entity (XXE) Injection,xmldom,https://security.snyk.io/vuln/SNYK-JS-XMLDOM-1084960,CVE-2021-21366,False,<0.5.0 ,https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
Command Injection,react-dev-utils,https://security.snyk.io/vuln/SNYK-JS-REACTDEVUTILS-1083268,CVE-2021-24033,False,<11.0.4 ,n/a
Regular Expression Denial of Service (ReDoS),jspdf,https://security.snyk.io/vuln/SNYK-JS-JSPDF-1073626,CVE-2021-23353,False,<2.3.1 ,https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e
Cross-site Scripting (XSS),shiba,https://security.snyk.io/vuln/SNYK-JS-SHIBA-1083282,,True,<1.1.1 ,n/a
Improper Authentication,botframework-connector,https://security.snyk.io/vuln/SNYK-JS-BOTFRAMEWORKCONNECTOR-1083277,CVE-2021-1725,False,>=4.10.0 <4.10.3 >=4.9.0 <4.9.4 >=4.8.0 <4.8.1 >=4.7.0 <4.7.3 ,n/a
Cross-site Scripting (XSS),moemark,https://security.snyk.io/vuln/SNYK-JS-MOEMARK-1083284,,True,* ,n/a
Command Injection,madge,https://security.snyk.io/vuln/SNYK-JS-MADGE-1082875,CVE-2021-23352,True,<4.0.1 ,https://github.com/pahen/madge/commit/da5cbc9ab30372d687fa7c324b22af7ffa5c6332
Open Redirect,ghost,https://security.snyk.io/vuln/SNYK-JS-GHOST-1065888,,False,<3.41.1 ,https://github.com/TryGhost/Ghost/commit/cd27cba93d80c493b0630ecf7034884195da3f35
Malicious Package,paychex-framework-core-ui,https://security.snyk.io/vuln/SNYK-JS-PAYCHEXFRAMEWORKCOREUI-1083214,,False,* ,n/a
Malicious Package,paychex-common-npm,https://security.snyk.io/vuln/SNYK-JS-PAYCHEXCOMMONNPM-1083213,,False,* ,n/a
Malicious Package,paychex-app-common-html,https://security.snyk.io/vuln/SNYK-JS-PAYCHEXAPPCOMMONHTML-1083210,,False,* ,n/a
Malicious Package,paychex-framework-forms,https://security.snyk.io/vuln/SNYK-JS-PAYCHEXFRAMEWORKFORMS-1083215,,False,* ,n/a
Malicious Package,paychex-framework,https://security.snyk.io/vuln/SNYK-JS-PAYCHEXFRAMEWORK-1083211,,False,* ,n/a
Malicious Package,paychex-framework-approvals,https://security.snyk.io/vuln/SNYK-JS-PAYCHEXFRAMEWORKAPPROVALS-1083212,,False,* ,n/a
Cross-site Scripting (XSS),ansi_up,https://security.snyk.io/vuln/SNYK-JS-ANSIUP-1083203,CVE-2021-3377,False,>=4.0.3 <5.0.0 ,https://github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27
Malicious Package,rcenodejs,https://security.snyk.io/vuln/SNYK-JS-RCENODEJS-1083216,,False,* ,n/a
Arbitrary Code Injection,xmlhttprequest-ssl,https://security.snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936,CVE-2020-28502,False,<1.6.2 ,https://github.com/driverdan/node-XMLHttpRequest/commit/983cfc244c7567ad6a59e366e55a8037e0497fe6
Arbitrary Code Injection,xmlhttprequest,https://security.snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935,CVE-2020-28502,False,<1.7.0 ,https://github.com/driverdan/node-XMLHttpRequest/commit/983cfc244c7567ad6a59e366e55a8037e0497fe6
Arbitrary Code Injection,alasql,https://security.snyk.io/vuln/SNYK-JS-ALASQL-1082932,,False,<0.7.0 ,https://github.com/agershun/alasql/commit/602f9a29b9b4c38a1fe80bb511402c5d92e0d569
Prototype Pollution,msgpack5,https://security.snyk.io/vuln/SNYK-JS-MSGPACK5-1082876,,False,>=5.0.0 <5.2.1 >=4.0.0 <4.5.1 <3.6.1 ,n/a
Malicious Package,radar-cms,https://security.snyk.io/vuln/SNYK-JS-RADARCMS-1082856,,True,* ,n/a
Remote Code Execution (RCE),total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-1077069,CVE-2021-23344,True,<3.4.8 ,https://github.com/totaljs/framework/commit/c812bbcab8981797d3a1b9993fc42dad3d246f04
Server-side Request Forgery (SSRF),systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1078290,,True,<5.3.4 ,https://github.com/sebhildebrandt/systeminformation/commit/881dde4734988e16c57c1d571651b7461fb0d88e
Malicious Package,amzn,https://security.snyk.io/vuln/SNYK-JS-AMZN-1080917,,False,* ,n/a
Malicious Package,lyft-dataset-sdk,https://security.snyk.io/vuln/SNYK-JS-LYFTDATASETSDK-1080919,,False,* ,n/a
Malicious Package,zg-rentals,https://security.snyk.io/vuln/SNYK-JS-ZGRENTALS-1080918,,False,* ,n/a
Malicious Package,serverless-slack-app,https://security.snyk.io/vuln/SNYK-JS-SERVERLESSSLACKAPP-1080920,,False,* ,n/a
Improper Input Validation,fastify-reply-from,https://security.snyk.io/vuln/SNYK-JS-FASTIFYREPLYFROM-1080744,CVE-2021-21321,False,<4.0.2 ,https://github.com/fastify/fastify-reply-from/commit/641be7591f5138bb74c19c08128b234de8b3854a
Improper Input Validation,fastify-http-proxy,https://security.snyk.io/vuln/SNYK-JS-FASTIFYHTTPPROXY-1080743,CVE-2021-21322,False,<4.3.1 ,https://github.com/fastify/fastify-http-proxy/commit/02d9b43c770aa16bc44470edecfaeb7c17985016
Sandbox Bypass,matrix-react-sdk,https://security.snyk.io/vuln/SNYK-JS-MATRIXREACTSDK-1080741,CVE-2021-21320,False,<3.15.0 ,https://github.com/matrix-org/matrix-react-sdk/commit/b386f0c73b95ecbb6ea7f8f79c6ff5171a8dedd1
Prototype Pollution,object-collider,https://security.snyk.io/vuln/SNYK-JS-OBJECTCOLLIDER-1080739,CVE-2021-25914,False,>=1.0.0 <1.0.4 ,https://github.com/FireBlinkLTD/object-collider/commit/321f75a7f8e7b3393e5b7dd6dd9ab26ede5906e5
Regular Expression Denial of Service (ReDoS),html-parse-stringify,https://security.snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY-1079306,CVE-2021-23346,False,<2.0.1 ,https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12
Regular Expression Denial of Service (ReDoS),html-parse-stringify2,https://security.snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY2-1079307,CVE-2021-23346,False,* ,https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12
Prototype Pollution,prototyped.js,https://security.snyk.io/vuln/SNYK-JS-PROTOTYPEDJS-1069824,,True,<2.0.1 ,https://github.com/ardalanamini/prototyped.js/commit/3ab56e78250d3d5b44ac03938d3d04591b206730
Remote Code Execution (RCE),pug,https://security.snyk.io/vuln/SNYK-JS-PUG-1071616,CVE-2021-21353,False,<3.0.1 ,https://github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0
Remote Code Execution (RCE),pug-code-gen,https://security.snyk.io/vuln/SNYK-JS-PUGCODEGEN-1082232,CVE-2021-21353,False,<2.0.3 >=3.0.0 <3.0.2 ,https://github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0
Prototype Pollution,@node-red/runtime,https://security.snyk.io/vuln/SNYK-JS-NODEREDRUNTIME-1080614,CVE-2021-21297,False,<1.2.8 ,n/a
Prototype Pollution,@node-red/editor-api,https://security.snyk.io/vuln/SNYK-JS-NODEREDEDITORAPI-1080621,CVE-2021-21297,False,<1.2.8 ,n/a
Directory Traversal,@node-red/runtime,https://security.snyk.io/vuln/SNYK-JS-NODEREDRUNTIME-1080615,CVE-2021-21298,False,<1.2.8 ,https://github.com/node-red/node-red/commit/74db3e17d075f23d9c95d7871586cf461524c456
Prototype Pollution,rfc6902,https://security.snyk.io/vuln/SNYK-JS-RFC6902-1053318,,True,<5.0.0 ,n/a
Man-in-the-Middle (MitM),mongodb-client-encryption,https://security.snyk.io/vuln/SNYK-JS-MONGODBCLIENTENCRYPTION-1079243,CVE-2021-20327,False,<1.2.1 ,https://github.com/mongodb/libmongocrypt/commit/76365515ff8754b9f705e56428dd0d7efa7f541b
Denial of Service (DoS),restify-paginate,https://security.snyk.io/vuln/SNYK-JS-RESTIFYPAGINATE-1079238,CVE-2020-27543,False,* ,n/a
Prototype Pollution,nunjucks,https://security.snyk.io/vuln/SNYK-JS-NUNJUCKS-1079083,,False,<3.2.3 ,n/a
Cross-site Scripting (XSS),@theia/preview,https://security.snyk.io/vuln/SNYK-JS-THEIAPREVIEW-1079037,CVE-2020-27224,False,<1.3.0 ,https://github.com/eclipse-theia/theia/commit/309b21892eedfadf0cd559afff64a26750933c4f
Command Injection,theme-core,https://security.snyk.io/vuln/SNYK-JS-THEMECORE-1050425,CVE-2020-28432,True,* ,n/a
Command Injection,wc-cmd,https://security.snyk.io/vuln/SNYK-JS-WCCMD-1050423,CVE-2020-28431,True,* ,n/a
Command Injection,geojson2kml,https://security.snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412,CVE-2020-28429,True,* ,n/a
Prototype Pollution,merge,https://security.snyk.io/vuln/SNYK-JS-MERGE-1042987,CVE-2020-28499,True,<2.1.1 ,https://github.com/yeikos/js.merge/commit/7b0ddc2701d813f2ba289b32d6a4b9d4cc235fb4
Server-side Request Forgery (SSRF),rendertron,https://security.snyk.io/vuln/SNYK-JS-RENDERTRON-1078501,CVE-2020-8902,False,<3.0.0 ,https://github.com/GoogleChrome/rendertron/commit/8aeeda7765101b705d5c8c2801ec81c1d43df40e
Improper Input Validation,urijs,https://security.snyk.io/vuln/SNYK-JS-URIJS-1078286,CVE-2021-27516,False,<1.19.6 ,https://github.com/medialize/URI.js/commit/a1ad8bcbc39a4d136d7e252e76e957f3ece70839
Improper Input Validation,url-parse,https://security.snyk.io/vuln/SNYK-JS-URLPARSE-1078283,CVE-2021-27515,False,<1.5.0 ,https://github.com/unshiftio/url-parse/commit/d1e7e8822f26e8a49794b757123b51386325b2b0
Cross-site Scripting (XSS),@stoplight/markdown,https://security.snyk.io/vuln/SNYK-JS-STOPLIGHTMARKDOWN-1078260,,True,<2.11.0 ,n/a
Buffer Overflow,png-img,https://security.snyk.io/vuln/SNYK-JS-PNGIMG-1078233,CVE-2020-28248,False,<3.1.0 ,https://github.com/gemini-testing/png-img/commit/14ac462a32ca4b3b78f56502ac976d5b0222ce3d
Prototype Pollution,tree-kit,https://security.snyk.io/vuln/SNYK-JS-TREEKIT-1077068,,True,<0.7.0 ,n/a
Regular Expression Denial of Service (ReDoS),@progfay/scrapbox-parser,https://security.snyk.io/vuln/SNYK-JS-PROGFAYSCRAPBOXPARSER-1076803,CVE-2021-27405,False,<6.0.3 ,n/a
Cross-site Scripting (XSS),docsify,https://security.snyk.io/vuln/SNYK-JS-DOCSIFY-1066017,CVE-2021-23342,True,<4.12.1 ,https://github.com/docsifyjs/docsify/commit/ff2a66f12752471277fe81a64ad6c4b2c08111fe
Regular Expression Denial of Service (ReDoS),prismjs,https://security.snyk.io/vuln/SNYK-JS-PRISMJS-1076581,CVE-2021-23341,False,<1.23.0 ,https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609
Arbitrary Code Execution,label-studio,https://security.snyk.io/vuln/SNYK-JS-LABELSTUDIO-1075517,,False,<0.9.1 ,n/a
Cross-site Scripting (XSS),admin-lte,https://security.snyk.io/vuln/SNYK-JS-ADMINLTE-1047343,,False,<3.1.0 ,n/a
Prototype Pollution,i18next,https://security.snyk.io/vuln/SNYK-JS-I18NEXT-1065979,,False,<19.8.5 ,https://github.com/i18next/i18next/commit/932f5f662893376254d826e9b01dc4e4c0cd91c0
Directory Traversal,adm-zip,https://security.snyk.io/vuln/SNYK-JS-ADMZIP-1065796,,False,<0.5.2 ,https://github.com/cthackers/adm-zip/commit/119dcad6599adccc77982feb14a0c7440fa63013
Remote Code Execution (RCE),handlebars,https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767,CVE-2021-23369,False,<4.7.7 ,https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
Command Injection,lodash,https://security.snyk.io/vuln/SNYK-JS-LODASH-1040724,CVE-2021-23337,True,<4.17.21 ,https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
Command Injection,lodash.template,https://security.snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054,CVE-2021-23337,True,* ,https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
Regular Expression Denial of Service (ReDoS),lodash,https://security.snyk.io/vuln/SNYK-JS-LODASH-1018905,CVE-2020-28500,False,<4.17.21 ,https://github.com/lodash/lodash/commit/c4847ebe7d14540bb28a8b932a9ce1b9ecbfee1a
Command Injection,systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1074913,CVE-2021-21315,True,<4.34.11 >=5.0.0 <5.3.1 ,n/a
Denial of Service (DoS),systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1073627,,False,<4.34.10 ,https://github.com/sebhildebrandt/systeminformation/commit/a23b8f0a0ad83b1adf1bb13263a610f853949aa8
Denial of Service (DoS),get-ip-range,https://security.snyk.io/vuln/SNYK-JS-GETIPRANGE-1073612,CVE-2021-27191,False,<4.0.0 ,https://github.com/JoeScho/get-ip-range/commit/98ca22b815c77273cbab259811ab0976118e13b6
Regular Expression Denial of Service (ReDoS),ua-parser-js,https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-1072471,CVE-2021-27292,False,<0.7.24 ,https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566
Improper Access Control,next-auth,https://security.snyk.io/vuln/SNYK-JS-NEXTAUTH-1072465,CVE-2021-21310,False,<3.3.0 ,n/a
Directory Traversal,ftp-srv,https://security.snyk.io/vuln/SNYK-JS-FTPSRV-1071861,CVE-2020-26299,False,<4.4.0 ,https://github.com/autovance/ftp-srv/commit/457b859450a37cba10ff3c431eb4aa67771122e3
Command Injection,samba-client,https://security.snyk.io/vuln/SNYK-JS-SAMBACLIENT-1071899,CVE-2021-27185,False,<4.0.0 ,https://github.com/eflexsystems/node-samba-client/commit/5bc3bbad9b8d02243bc861a11ec73f788fbb1235
LDAP Injection,is-user-valid,https://security.snyk.io/vuln/SNYK-JS-ISUSERVALID-1056766,CVE-2021-23335,False,* ,n/a
Cross-site Scripting (XSS),@angular/core,https://security.snyk.io/vuln/SNYK-JS-ANGULARCORE-1070902,,False,<11.0.5 >=11.1.0-next.0 <11.1.0-next.3 ,https://github.com/angular/angular/commit/0fc8466f1be392917e0c7e3448b2144d52286b56
Command Injection,spritesheet-js,https://security.snyk.io/vuln/SNYK-JS-SPRITESHEETJS-1048333,CVE-2020-7782,True,* ,n/a
Command Injection,macfromip,https://security.snyk.io/vuln/SNYK-JS-MACFROMIP-1048336,CVE-2020-7786,True,* ,https://github.com/bcamarneiro/macfromip/commit/1bbed8cd6f8299ad2e9d028e0ed0771340ab8391
Cross-site Scripting (XSS),apexcharts,https://security.snyk.io/vuln/SNYK-JS-APEXCHARTS-1062708,CVE-2021-23327,False,<3.24.0 ,https://github.com/apexcharts/apexcharts.js/commit/68f3f34d125719b4767614fe0a595cc65bde1d19
Command Injection,node-ps,https://security.snyk.io/vuln/SNYK-JS-NODEPS-1048335,CVE-2020-7785,True,* ,n/a
Access Restriction Bypass,sanitize-html,https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786,CVE-2021-26539,False,<2.3.1 ,n/a
Prototype Pollution,set-or-get,https://security.snyk.io/vuln/SNYK-JS-SETORGET-1070806,CVE-2021-25913,False,>=1.0.0 <1.2.11 ,https://github.com/IonicaBizau/set-or-get.js/commit/82ede5cccb2e8d13e4f62599203a4389f6d8e936
Command Injection,gitlog,https://security.snyk.io/vuln/SNYK-JS-GITLOG-1070779,CVE-2021-26541,True,>=3.3.0 <4.0.4 ,n/a
Regular Expression Denial of Service (ReDoS),marked,https://security.snyk.io/vuln/SNYK-JS-MARKED-1070800,CVE-2021-21306,False,>=1.1.2 <2.0.0 ,https://github.com/markedjs/marked/commit/7293251c438e3ee968970f7609f1a27f9007bccd
Prototype Pollution,dynamoose,https://security.snyk.io/vuln/SNYK-JS-DYNAMOOSE-1070792,CVE-2021-21304,False,>=2.0.0 <2.7.0 ,https://github.com/dynamoose/dynamoose/commit/324c62b4709204955931a187362f8999805b1d8e
Validation Bypass,sanitize-html,https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780,CVE-2021-26540,False,<2.3.2 ,https://github.com/apostrophecms/sanitize-html/commit/6012524e7824a2c8f6782b2bc5f93b1261723403
Open Redirect,slashify,https://security.snyk.io/vuln/SNYK-JS-SLASHIFY-1070404,CVE-2021-3189,False,* ,n/a
Prototype Pollution,highcharts,https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-1018906,,True,<9.0.0 ,https://github.com/highcharts/highcharts/commit/fead359b37079482994ee86c2e2e60fbb02ffcb8
Prototype Pollution,merge-deep,https://security.snyk.io/vuln/SNYK-JS-MERGEDEEP-1070277,CVE-2021-26707,True,<3.0.3 ,https://github.com/jonschlinkert/merge-deep/commit/e370968581413a2e5ffdbbf7c2f5094e0e0b3861
Prototype Pollution,decal,https://security.snyk.io/vuln/SNYK-JS-DECAL-1051028,CVE-2020-28450,True,* ,n/a
Prototype Pollution,decal,https://security.snyk.io/vuln/SNYK-JS-DECAL-1051007,CVE-2020-28449,True,* ,n/a
Malicious Package,jquerry,https://security.snyk.io/vuln/SNYK-JS-JQUERRY-1070024,,False,* ,n/a
Malicious Package,http-proxy-middelware,https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDELWARE-1070025,,False,* ,n/a
Cross-site Scripting (XSS),ngx-markdown-editor,https://security.snyk.io/vuln/SNYK-JS-NGXMARKDOWNEDITOR-1070023,,False,<3.3.0 ,https://github.com/lon-yang/ngx-markdown-editor/commit/151151420d562d4203208f0b64a4ffa445188403
Insufficient Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1070014,CVE-2021-21118,False,<9.4.2 >=10.0.0 <10.3.1 >=11.0.0 <11.2.2 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1070013,CVE-2020-16044,False,<9.4.2 >=10.0.0 <10.3.1 <11.2.2 ,n/a
Prototype Pollution,dotty,https://security.snyk.io/vuln/SNYK-JS-DOTTY-1069933,CVE-2021-25912,False,<0.1.1 ,https://github.com/deoxxa/dotty/commit/cd997d37917186c131be71501a698803f2b7ebdb
Regular Expression Denial of Service (ReDoS),uap-core,https://security.snyk.io/vuln/SNYK-JS-UAPCORE-1069889,CVE-2021-21317,False,<0.11.0 ,https://github.com/ua-parser/uap-core/commit/dc9925d458214cfe87b93e35346980612f6ae96c
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1070015,CVE-2021-21122,False,<9.4.2 >=10.0.0 <10.3.1 >=11.0.0 <11.2.2 ,n/a
Cross-site Scripting (XSS),tui-editor,https://security.snyk.io/vuln/SNYK-JS-TUIEDITOR-1069818,,False,* ,n/a
Cryptographic Issues,elliptic,https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-1064899,CVE-2020-28498,False,<6.5.4 ,https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f
Command Injection,freediskspace,https://security.snyk.io/vuln/SNYK-JS-FREEDISKSPACE-1040716,CVE-2020-7775,False,* ,n/a
SQL Injection,thinkjs,https://security.snyk.io/vuln/SNYK-JS-THINKJS-1066412,CVE-2020-21176,False,* ,n/a
Remote Code Execution (RCE),angular-expressions,https://security.snyk.io/vuln/SNYK-JS-ANGULAREXPRESSIONS-1066409,CVE-2021-21277,False,<1.1.2 ,https://github.com/peerigon/angular-expressions/commit/07edb62902b1f6127b3dcc013da61c6316dd0bf1
Cross-site Scripting (XSS),vue-devtools,https://security.snyk.io/vuln/SNYK-JS-VUEDEVTOOLS-1066258,,False,* ,https://github.com/vuejs/vue-devtools/commit/fa17699aba2bd9c76dd86d63143b9a28d1d3b05f
Command Injection,launchpad,https://security.snyk.io/vuln/SNYK-JS-LAUNCHPAD-1044065,CVE-2021-23330,False,* ,n/a
Command Injection,kill-process-on-port,https://security.snyk.io/vuln/SNYK-JS-KILLPROCESSONPORT-1055458,CVE-2020-28426,True,* ,n/a
Regular Expression Denial of Service (ReDoS),@ckeditor/ckeditor5-markdown-gfm,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5MARKDOWNGFM-1066168,CVE-2021-21254,False,<25.0.0 ,https://github.com/ckeditor/ckeditor5/commit/5ba3bf5f418e846b74f67e6c29b4aebdbd7ceaab#diff-ac03a6e19230dc6b9b2963e66deca333b4d4cceb93bafbeeaa74514363cb4afb
Prototype Pollution,nested-object-assign,https://security.snyk.io/vuln/SNYK-JS-NESTEDOBJECTASSIGN-1065977,CVE-2021-23329,True,<1.0.4 ,n/a
Arbitrary Code Execution,less-openui5,https://security.snyk.io/vuln/SNYK-JS-LESSOPENUI5-1066165,CVE-2021-21316,False,<0.10.0 ,https://github.com/SAP/less-openui5/commit/c0d3a8572974a20ea6cee42da11c614a54f100e8
Prototype Pollution,iniparserjs,https://security.snyk.io/vuln/SNYK-JS-INIPARSERJS-1065989,CVE-2021-23328,True,* ,n/a
Information Exposure,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1065981,CVE-2020-26272,False,<9.4.0 >=10.0.0 <10.2.0 >=11.0.0 <11.1.0 >=12.0.0-beta.1 <12.0.0-beta.9 ,https://github.com/electron/electron/commit/07a1c2a3e5845901f7e2eda9506695be58edc73c
Regular Expression Denial of Service (ReDoS),three,https://security.snyk.io/vuln/SNYK-JS-THREE-1064931,CVE-2020-28496,True,<0.125.0 ,https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e
Open Redirect,ghost,https://security.snyk.io/vuln/SNYK-JS-GHOST-1065967,,False,<2.38.3 ,https://github.com/TryGhost/Ghost/commit/cd27cba93d80c493b0630ecf7034884195da3f35
Prototype Pollution,total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-1046671,CVE-2020-28495,True,<3.4.7 ,https://github.com/totaljs/framework/commit/b3f901561d66ab799a4a99279893b94cad7ae4ff
Command Injection,total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-1046672,CVE-2020-28494,True,<3.4.7 ,https://github.com/totaljs/framework/commit/6192491ab2631e7c1d317c221f18ea613e2c18a5
Remote Code Execution (RCE),config-shield,https://security.snyk.io/vuln/SNYK-JS-CONFIGSHIELD-1065803,CVE-2021-26276,False,<0.2.3 ,https://github.com/godaddy/node-config-shield/commit/cdba5d3a7accd661ffbc52e208153464bd0d9da6
Improper Synchronization,@openzeppelin/contracts,https://security.snyk.io/vuln/SNYK-JS-OPENZEPPELINCONTRACTS-1065254,,False,<3.4.0-rc.0 ,https://github.com/OpenZeppelin/openzeppelin-contracts/commit/3b4c951838ddf82f4d2b44ae7c967f0573039f28
Directory Traversal,node-red-contrib-huemagic,https://security.snyk.io/vuln/SNYK-JS-NODEREDCONTRIBHUEMAGIC-1065271,CVE-2021-25864,False,<4.0.0 ,n/a
Directory Traversal,node-red-dashboard,https://security.snyk.io/vuln/SNYK-JS-NODEREDDASHBOARD-1065260,CVE-2021-3223,False,<2.26.2 ,https://github.com/node-red/node-red-dashboard/commit/5b0e45a5646a011251691d063f1c01b6dd3a8079
Regular Expression Denial of Service (ReDoS),ckeditor4-dev,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4DEV-1065331,CVE-2021-26272,False,<4.16.0 ,https://github.com/ckeditor/ckeditor4/commit/51ea7dadff20737a6a3fb86ec64a5d2f6bcebedf
Command Injection,rsshub,https://security.snyk.io/vuln/SNYK-JS-RSSHUB-1065277,CVE-2021-21278,False,<1.0.0-master.4db1c91 ,https://github.com/DIYgod/RSSHub/commit/7f1c43094e8a82e4d8f036ff7d42568fed00699d
Command Injection,heroku-env,https://security.snyk.io/vuln/SNYK-JS-HEROKUENV-1050432,CVE-2020-28437,True,* ,n/a
Command Injection,ffmpeg-sdk,https://security.snyk.io/vuln/SNYK-JS-FFMPEGSDK-1050429,CVE-2020-28435,True,* ,n/a
Command Injection,gitblame,https://security.snyk.io/vuln/SNYK-JS-GITBLAME-1050430,CVE-2020-28434,True,* ,n/a
Command Injection,npm-help,https://security.snyk.io/vuln/SNYK-JS-NPMHELP-1050983,CVE-2020-28445,True,* ,n/a
Command Injection,xopen,https://security.snyk.io/vuln/SNYK-JS-XOPEN-1050981,CVE-2020-28447,True,* ,n/a
Command Injection,sonar-wrapper,https://security.snyk.io/vuln/SNYK-JS-SONARWRAPPER-1050980,CVE-2020-28443,True,* ,n/a
Command Injection,async-git,https://security.snyk.io/vuln/SNYK-JS-ASYNCGIT-1064877,CVE-2020-28490,False,<1.13.2 ,https://github.com/omrilotan/async-git/commit/d1950a5021f4e19d92f347614be0d85ce991510d
Command Injection,ntesseract,https://security.snyk.io/vuln/SNYK-JS-NTESSERACT-1050982,CVE-2020-28446,True,<0.2.9 ,https://github.com/taoyuan/ntesseract/commit/fcbc36f381798b4362179c0cdf9961b437c7b619
Command Injection,deferred-exec,https://security.snyk.io/vuln/SNYK-JS-DEFERREDEXEC-1050433,CVE-2020-28438,True,* ,n/a
Command Injection,npos-tesseract,https://security.snyk.io/vuln/SNYK-JS-NPOSTESSERACT-1051031,CVE-2020-28453,True,* ,n/a
Improper Input Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1064555,CVE-2021-21141,True,>=10.0.0-beta.1 <11.2.1 <9.4.4 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1064561,CVE-2021-21120,False,>=10.0.0-beta.1 <11.2.1 <9.4.4 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1064558,CVE-2021-21119,False,>=10.0.0-beta.1 <11.2.1 <9.4.4 ,n/a
Cross-site Scripting (XSS),vis-timeline,https://security.snyk.io/vuln/SNYK-JS-VISTIMELINE-1063500,CVE-2020-28487,True,<7.4.4 ,n/a
Command Injection,async-git,https://security.snyk.io/vuln/SNYK-JS-ASYNCGIT-1063505,CVE-2021-3190,False,<1.13.1 ,n/a
Command Injection,node-latex-pdf,https://security.snyk.io/vuln/SNYK-JS-NODELATEXPDF-1050426,CVE-2020-28433,True,* ,n/a
Command Injection,lycwed-spritesheetjs,https://security.snyk.io/vuln/SNYK-JS-LYCWEDSPRITESHEETJS-1050428,,True,* ,n/a
Command Injection,monorepo-build,https://security.snyk.io/vuln/SNYK-JS-MONOREPOBUILD-1050392,CVE-2020-28423,True,* ,n/a
Command Injection,git-archive,https://security.snyk.io/vuln/SNYK-JS-GITARCHIVE-1050391,CVE-2020-28422,False,* ,n/a
Command Injection,s3-kilatstorage,https://security.snyk.io/vuln/SNYK-JS-S3KILATSTORAGE-1050396,CVE-2020-28424,True,* ,n/a
Command Injection,curljs,https://security.snyk.io/vuln/SNYK-JS-CURLJS-1050404,CVE-2020-28425,True,* ,n/a
Command Injection,get-npm-package-version,https://security.snyk.io/vuln/SNYK-JS-GETNPMPACKAGEVERSION-1050390,CVE-2020-7795,True,<1.0.7 ,https://github.com/hoperyy/get-npm-package-version/commit/40b1cf31a0607ea66f9e30a0c3af1383b52b2dec
Malicious Package,an0n-chat-lib,https://security.snyk.io/vuln/SNYK-JS-AN0NCHATLIB-1063033,,False,* ,n/a
Malicious Package,discord-fix,https://security.snyk.io/vuln/SNYK-JS-DISCORDFIX-1063034,,False,* ,n/a
Malicious Package,sonatype,https://security.snyk.io/vuln/SNYK-JS-SONATYPE-1063035,,False,* ,n/a
Arbitrary Code Injection,ejs,https://security.snyk.io/vuln/SNYK-JS-EJS-1049328,,False,<3.1.6 ,https://github.com/mde/ejs/commit/abaee2be937236b1b8da9a1f55096c17dda905fd
Command Injection,@graphql-tools/git-loader,https://security.snyk.io/vuln/SNYK-JS-GRAPHQLTOOLSGITLOADER-1062543,CVE-2021-23326,False,<6.2.6 ,https://github.com/ardatan/graphql-tools/commit/6a966beee8ca8b2f4adfe93318b96e4a5c501eac
Denial of Service (DoS),jointjs,https://security.snyk.io/vuln/SNYK-JS-JOINTJS-1062038,CVE-2020-28479,True,<3.3.0 ,n/a
Prototype Pollution,jointjs,https://security.snyk.io/vuln/SNYK-JS-JOINTJS-1024444,CVE-2020-28480,True,<3.3.0 ,n/a
Cross-site Request Forgery (CSRF),fastify-csrf,https://security.snyk.io/vuln/SNYK-JS-FASTIFYCSRF-1062044,CVE-2020-28482,False,<3.0.0 ,n/a
Prototype Pollution,gsap,https://security.snyk.io/vuln/SNYK-JS-GSAP-1054614,CVE-2020-28478,True,<3.6.0 ,n/a
Prototype Pollution,immer,https://security.snyk.io/vuln/SNYK-JS-IMMER-1019369,CVE-2020-28477,True,<8.0.1 ,https://github.com/immerjs/immer/commit/da2bd4fa0edc9335543089fe7d290d6a346c40c5
Regular Expression Denial of Service (ReDoS),jquery-validation,https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-1056868,CVE-2021-21252,False,<1.19.3 ,https://github.com/jquery-validation/jquery-validation/pull/2371/commits/5e5641072312845b9130ed06f115816c8f0e6b3c
Remote Code Execution (RCE),arpping,https://security.snyk.io/vuln/SNYK-JS-ARPPING-1060047,,True,<3.0.0 ,https://github.com/haf-decent/arpping/commit/0db06723f8c3c73a5cc0829c667d45cba25ca44d
Remote Code Execution,curling,https://security.snyk.io/vuln/SNYK-JS-CURLING-1060043,,True,* ,n/a
Remote Code Execution,imagickal,https://security.snyk.io/vuln/SNYK-JS-IMAGICKAL-1060040,,True,* ,n/a
Cross-site Scripting (XSS),dy-server2,https://security.snyk.io/vuln/SNYK-JS-DYSERVER2-1060044,,True,* ,n/a
Prototype Pollution,aws-sdk,https://security.snyk.io/vuln/SNYK-JS-AWSSDK-1059424,CVE-2020-28472,True,<2.814.0 ,https://github.com/aws/aws-sdk-js/pull/3585/commits/7d72aff2a941173733fcb6741b104cd83d3bc611
Prototype Pollution,@aws-sdk/shared-ini-file-loader,https://security.snyk.io/vuln/SNYK-JS-AWSSDKSHAREDINIFILELOADER-1049304,CVE-2020-28472,True,<1.0.0-rc.9 ,https://github.com/aws/aws-sdk-js/pull/3585/commits/7d72aff2a941173733fcb6741b104cd83d3bc611
Prototype Pollution,properties-reader,https://security.snyk.io/vuln/SNYK-JS-PROPERTIESREADER-1048968,CVE-2020-28471,True,<2.2.0 ,https://github.com/steveukx/properties/commit/0877cc871db9865f58dd9389ce99e61be05380a5
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1050999,CVE-2020-16037,False,<9.4.1 >=10.0.0 <10.3.2 ,https://github.com/electron/electron/commit/435f831a391960e693b1a441a691049fb8d268f3
Out-of-bounds Read,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1051000,CVE-2020-16041,False,<9.4.1 >=10.0.0 <10.3.2 ,https://github.com/electron/electron/commit/1df71df4f9648b0530cbc9fe4f460f2020a5050f
Regular Expression Denial of Service (ReDoS),glob-parent,https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905,CVE-2020-28469,True,<5.1.2 ,n/a
Improper Certificate Validation,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-1059081,CVE-2020-24025,False,>=2.0.0 <7.0.0 ,n/a
Denial of Service (DoS),engine.io,https://security.snyk.io/vuln/SNYK-JS-ENGINEIO-1056749,CVE-2020-36048,True,<4.0.0 ,https://github.com/socketio/engine.io/commit/734f9d1268840722c41219e69eb58318e0b2ac6b
Denial of Service (DoS),socket.io-parser,https://security.snyk.io/vuln/SNYK-JS-SOCKETIOPARSER-1056752,CVE-2020-36049,True,<3.3.2 >3.4.0 <3.4.1 ,https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55
Command Injection,ts-process-promises,https://security.snyk.io/vuln/SNYK-JS-TSPROCESSPROMISES-1048334,CVE-2020-7784,True,* ,n/a
Command Injection,buns,https://security.snyk.io/vuln/SNYK-JS-BUNS-1050389,CVE-2020-7794,True,* ,n/a
Insecure Defaults,socket.io,https://security.snyk.io/vuln/SNYK-JS-SOCKETIO-1024859,CVE-2020-28481,False,<2.4.0 ,n/a
Arbitrary Code Execution,typescript-tslint-plugin,https://security.snyk.io/vuln/SNYK-JS-TYPESCRIPTTSLINTPLUGIN-1056512,CVE-2020-17150,False,<1.0.0 ,https://github.com/microsoft/typescript-tslint-plugin/commit/2e866e88ce6fad1bb9199dfeb71ead5529e10486
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/SNYK-JS-TINYMCE-1056408,,False,<5.6.0 ,n/a
Command Injection,image-tiler,https://security.snyk.io/vuln/SNYK-JS-IMAGETILER-1051029,CVE-2020-28451,True,<2.0.2 ,https://github.com/MrP/image-tiler/commit/f4a0b13a4bf43655fc4013e04bbceaf77aecbeb8
Cross-site Scripting (XSS),@scullyio/scully,https://security.snyk.io/vuln/SNYK-JS-SCULLYIOSCULLY-1055829,CVE-2020-28470,False,<1.0.9 ,n/a
Command Injection,google-cloudstorage-commands,https://security.snyk.io/vuln/SNYK-JS-GOOGLECLOUDSTORAGECOMMANDS-1050431,CVE-2020-28436,True,* ,n/a
Prototype Pollution,asciitable.js,https://security.snyk.io/vuln/SNYK-JS-ASCIITABLEJS-1039799,CVE-2020-7771,False,<1.0.3 ,n/a
Remote Code Execution (RCE),djv,https://security.snyk.io/vuln/SNYK-JS-DJV-1014545,CVE-2020-28464,False,<2.1.4 ,n/a
Cross-site Scripting (XSS),vega,https://security.snyk.io/vuln/SNYK-JS-VEGA-1054999,CVE-2020-26296,False,<5.17.3 ,https://github.com/vega/vega/commit/bde41b2cb0bdf282fb9d526462428d1a0e73832d
Improper Input Validation,urijs,https://security.snyk.io/vuln/SNYK-JS-URIJS-1055003,CVE-2020-26291,False,<1.19.4 ,https://github.com/medialize/URI.js/commit/b02bf037c99ac9316b77ff8bfd840e90becf1155
Prototype Pollution,flattenizer,https://security.snyk.io/vuln/SNYK-JS-FLATTENIZER-1054934,CVE-2020-28279,False,>=0.0.5 <1.1.1 ,n/a
Prototype Pollution,libnested,https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930,CVE-2020-28283,False,<1.5.1 ,https://github.com/dominictarr/libnested/commit/9619863a319ed1e5c19ddcbdbe3312f9cef72760
Prototype Pollution,libnested,https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930,CVE-2020-28283,False,<1.5.1 ,https://github.com/dominictarr/libnested/commit/9619863a319ed1e5c19ddcbdbe3312f9cef72760
Prototype Pollution,predefine,https://security.snyk.io/vuln/SNYK-JS-PREDEFINE-1054935,CVE-2020-28280,False,* ,n/a
Prototype Pollution,dset,https://security.snyk.io/vuln/SNYK-JS-DSET-1054939,CVE-2020-28277,False,>=1.0.0 <2.1.0 ,n/a
Prototype Pollution,shvl,https://security.snyk.io/vuln/SNYK-JS-SHVL-1054936,CVE-2020-28278,False,>=1.0.0 <2.0.2 ,https://github.com/robinvdvleuten/shvl/commit/513c0848774dfb114ad0d0554abf7927cfdd569e
Prototype Pollution,deep-set,https://security.snyk.io/vuln/SNYK-JS-DEEPSET-1054938,CVE-2020-28276,False,>=1.0.0 ,n/a
Prototype Pollution,getobject,https://security.snyk.io/vuln/SNYK-JS-GETOBJECT-1054932,CVE-2020-28282,False,<1.0.0 ,n/a
Prototype Pollution,ion-parser,https://security.snyk.io/vuln/SNYK-JS-IONPARSER-1048971,CVE-2020-28462,True,* ,n/a
Prototype Pollution,js-ini,https://security.snyk.io/vuln/SNYK-JS-JSINI-1048970,CVE-2020-28461,True,<1.3.0 ,https://github.com/Sdju/js-ini/commit/fa17efb7e3a7c9464508a254838d4c231784931e
Insecure Storage of Sensitive Information,parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-1054842,CVE-2020-26288,False,>=3.10.0 <4.5.0 ,https://github.com/parse-community/parse-server/commit/da905a357d062ab4fea727a21eac231acc2ed92a
Prototype Pollution,node-ini,https://security.snyk.io/vuln/SNYK-JS-NODEINI-1054844,,True,* ,n/a
Prototype Pollution,inireader,https://security.snyk.io/vuln/SNYK-JS-INIREADER-1054843,,True,<2.0.0 ,https://github.com/Ajnasz/IniReader/commit/c260e4e9050c731dbdb88e1d2e23e851528d3d93
Regular Expression Denial of Service (ReDoS),semver-regex,https://security.snyk.io/vuln/SNYK-JS-SEMVERREGEX-1047770,,True,<3.1.2 ,https://github.com/sindresorhus/semver-regex/commit/6baf2cc1d470c2fb63666bdebeef06822be7ba8c
Regular Expression Denial of Service (ReDoS),date-and-time,https://security.snyk.io/vuln/SNYK-JS-DATEANDTIME-1054430,CVE-2020-26289,False,<0.14.2 ,https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a
Regular Expression Denial of Service (ReDoS),doiuse,https://security.snyk.io/vuln/SNYK-JS-DOIUSE-1037304,,False,<4.4.0 ,n/a
Cross-site Scripting (XSS),vega,https://security.snyk.io/vuln/SNYK-JS-VEGA-1053433,,False,<5.17.1 ,n/a
Prototype Pollution,multi-ini,https://security.snyk.io/vuln/SNYK-JS-MULTIINI-1048969,CVE-2020-28448,True,<2.1.1 ,n/a
Cross-site Request Forgery (CSRF),nodebb-plugin-blog-comments,https://security.snyk.io/vuln/SNYK-JS-NODEBBPLUGINBLOGCOMMENTS-1053246,CVE-2020-15156,False,<0.7.0 ,https://github.com/psychobunny/nodebb-plugin-blog-comments/commit/cf43beedb05131937ef46f365ab0a0c6fa6ac618
Prototype Pollution,multi-ini,https://security.snyk.io/vuln/SNYK-JS-MULTIINI-1053229,CVE-2020-28460,True,<2.1.2 ,https://github.com/evangelion1204/multi-ini/commit/6b2212b2ce152c19538a2431415f72942c5a1bde
Arbitrary File Read,@sdscoep/web-review,https://security.snyk.io/vuln/SNYK-JS-SDSCOEPWEBREVIEW-1053230,,True,* ,n/a
Cross-site Scripting (XSS),ng-zorro-antd,https://security.snyk.io/vuln/SNYK-JS-NGZORROANTD-1052821,,False,<11.0.0 ,https://github.com/NG-ZORRO/ng-zorro-antd/commit/a393b89bf82eece5b0586592d709629865b27b3a
Prototype Pollution,datatables.net,https://security.snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402,CVE-2020-28458,False,<1.10.23 ,https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03
Command Injection,connection-tester,https://security.snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337,CVE-2020-7781,True,<0.2.1 ,n/a
Information Exposure,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1050427,CVE-2020-16042,False,<9.4.1 >=10.0.0 <10.3.2 ,n/a
Cross-site Scripting (XSS),markdown-it-decorate,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNITDECORATE-1044068,CVE-2020-28459,True,* ,n/a
Cross-site Scripting (XSS),frappe-charts,https://security.snyk.io/vuln/SNYK-JS-FRAPPECHARTS-1044066,,True,<1.5.5 ,n/a
Cross-site Scripting (XSS),markdown-it-toc,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNITTOC-1044067,CVE-2020-28455,True,* ,n/a
Prototype Pollution,jiff,https://security.snyk.io/vuln/SNYK-JS-JIFF-1017118,,False,* ,n/a
Command Injection,props,https://security.snyk.io/vuln/SNYK-JS-PROPS-1015750,,False,* ,n/a
Prototype Pollution,js-data,https://security.snyk.io/vuln/SNYK-JS-JSDATA-1023655,CVE-2020-28442,True,<3.0.10 ,n/a
Command Injection,systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1050436,CVE-2020-26274,True,<4.31.1 ,https://github.com/sebhildebrandt/systeminformation/commit/1faadcbf68f1b1fdd5eb2054f68fc932be32ac99
Prototype Pollution,conf-cfg-ini,https://security.snyk.io/vuln/SNYK-JS-CONFCFGINI-1048973,CVE-2020-28441,True,<1.2.2 ,https://github.com/loge5/conf-cfg-ini/commit/3a88a6c52c31eb6c0f033369eed40aa168a636ea
Prototype Pollution,mout,https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544,CVE-2020-7792,False,<1.2.3 ,n/a
Regular Expression Denial of Service (ReDoS),ua-parser-js,https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599,CVE-2020-7793,False,<0.7.23 ,https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18
Cross-site Scripting (XSS),liveaddress,https://security.snyk.io/vuln/SNYK-JS-LIVEADDRESS-1050852,CVE-2020-29455,False,* ,n/a
Prototype Pollution,mquery,https://security.snyk.io/vuln/SNYK-JS-MQUERY-1050858,CVE-2020-35149,True,<3.2.3 ,https://github.com/aheckmann/mquery/commit/792e69fd0a7281a0300be5cade5a6d7c1d468ad4
Prototype Pollution,rxdb,https://security.snyk.io/vuln/SNYK-JS-RXDB-1050985,CVE-2020-35149,True,<9.11.0 ,https://github.com/aheckmann/mquery/commit/792e69fd0a7281a0300be5cade5a6d7c1d468ad4
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1050424,CVE-2020-16023,False,>=10.0.0-beta.1 <10.2.0 <9.4.4 ,https://github.com/electron/electron/commit/135133e3918d9e641a5626b09433f989c0f19410
Insufficient Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1050882,CVE-2020-16040,False,<9.4.0 >=10.0.0 <10.2.0 ,n/a
Cross-site Scripting (XSS),mavon-editor,https://security.snyk.io/vuln/SNYK-JS-MAVONEDITOR-1050888,,False,<2.9.0 ,https://github.com/hinesboy/mavonEditor/commit/c117c74348c9fbf60f248afcd21ffcdd20eeea2a
Command Injection,node-notifier,https://security.snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794,CVE-2020-7789,False,<5.4.5 >=8.0.0 <8.0.2 >=9.0.0 <9.0.1 ,https://github.com/mikaelbr/node-notifier/commit/2d3927b200a0fd1721e8b8ad59f84f383d3f0e0a
Command Injection,corenlp-js-prefab,https://security.snyk.io/vuln/SNYK-JS-CORENLPJSPREFAB-1050434,CVE-2020-28439,True,* ,n/a
Command Injection,corenlp-js-interface,https://security.snyk.io/vuln/SNYK-JS-CORENLPJSINTERFACE-1050435,CVE-2020-28440,True,* ,n/a
Prototype Pollution,ini,https://security.snyk.io/vuln/SNYK-JS-INI-1048974,CVE-2020-7788,True,<1.3.6 ,https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
Prototype Pollution,deepref,https://security.snyk.io/vuln/SNYK-JS-DEEPREF-1049536,CVE-2020-28274,False,<1.2.1 ,https://github.com/isaymatato/deepref/commit/24935e6a1060cb09c641d3075982f0b44cfca4c2
Regular Expression Denial of Service (ReDoS),@fast-csv/parse,https://security.snyk.io/vuln/SNYK-JS-FASTCSVPARSE-1049537,CVE-2020-26256,False,<4.3.6 ,https://github.com/C2FO/fast-csv/commit/4bbd39f26a8cd7382151ab4f5fb102234b2f829e
Regular Expression Denial of Service (ReDoS),fast-csv,https://security.snyk.io/vuln/SNYK-JS-FASTCSV-1049538,CVE-2020-26256,False,<4.3.6 ,https://github.com/C2FO/fast-csv/commit/4bbd39f26a8cd7382151ab4f5fb102234b2f829e
Improper Authentication,react-adal,https://security.snyk.io/vuln/SNYK-JS-REACTADAL-1018907,CVE-2020-7787,True,<0.5.1 ,n/a
Cross-site Scripting (XSS),ckeditor4-dev,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4DEV-1048832,,False,<4.15.1 ,https://github.com/ckeditor/ckeditor4/commit/4594cea3ed50b1fa7a26dd2488513c1bc6a68103
Regular Expression Denial of Service (ReDoS),highlight.js,https://security.snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1048676,,False,>=9.0.0 <10.4.1 ,https://github.com/highlightjs/highlight.js/commit/373b9d862401162e832ce77305e49b859e110f9c
Cross-site Scripting (XSS),html-purify,https://security.snyk.io/vuln/SNYK-JS-HTMLPURIFY-1048671,,False,* ,n/a
Prototype Pollution,keyget,https://security.snyk.io/vuln/SNYK-JS-KEYGET-1048048,CVE-2020-28272,False,<2.3.0 ,https://github.com/rumkin/keyget/commit/17d15b6c75036eb429075a8cfeccfc18094dd2e2
Prototype Pollution,set-in,https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049,CVE-2020-28273,False,<2.0.1 ,https://github.com/ahdinosaur/set-in/commit/e431effa00195a6f06b111e09733cd1445a91a88
Information Exposure,cordova-plugin-camera,https://security.snyk.io/vuln/SNYK-JS-CORDOVAPLUGINCAMERA-1047870,CVE-2020-11990,False,<5.0.0 ,n/a
Improper Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1047306,CVE-2020-16013,True,>=10.0.0-beta.1 <10.1.6 <9.4.4 ,n/a
Cross-site Scripting (XSS),markdown-it-texmath,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNITTEXMATH-1040463,,True,<0.9.0 ,n/a
Cross-site Scripting (XSS),netlify-cms-widget-markdown,https://security.snyk.io/vuln/SNYK-JS-NETLIFYCMSWIDGETMARKDOWN-1039890,,True,<2.12.9 ,n/a
Prototype Pollution,systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1047312,CVE-2020-26245,False,<4.30.5 ,https://github.com/sebhildebrandt/systeminformation/commit/8113ff0e87b2f422a5756c48f1057575e73af016
Prototype Pollution,ts-dot-prop,https://security.snyk.io/vuln/SNYK-JS-TSDOTPROP-1024441,,True,<1.4.1 ,https://github.com/justinlettau/ts-dot-prop/commit/816b887a669ab959c3c2f85c6563d33928f00f14#diff-f41e9d04a45c83f3b6f6e630f10117feR183
Command Injection,last-commit-log,https://security.snyk.io/vuln/SNYK-JS-LASTCOMMITLOG-1047325,,False,* ,n/a
Prototype Pollution,systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1043753,CVE-2020-7778,True,<4.30.2 ,n/a
Prototype Pollution,highlight.js,https://security.snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1045326,CVE-2020-26237,False,>=7.2.0 <9.18.2 >=10.0.0 <10.1.2 ,https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0
Server-side Request Forgery (SSRF),private-ip,https://security.snyk.io/vuln/SNYK-JS-PRIVATEIP-1044035,CVE-2020-28360,False,<2.3.0 ,https://github.com/frenchbread/private-ip/commit/840664c4b9ba7888c41cfee9666e9a593db133e9
Arbitrary Code Execution,jsen,https://security.snyk.io/vuln/SNYK-JS-JSEN-1014670,CVE-2020-7777,True,* ,n/a
Information Exposure,libvips,https://security.snyk.io/vuln/SNYK-JS-LIBVIPS-1042950,CVE-2020-20739,False,* ,https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a
Regular Expression Denial of Service (ReDoS),djvalidator,https://security.snyk.io/vuln/SNYK-JS-DJVALIDATOR-1018709,CVE-2020-7779,False,* ,n/a
Information Disclosure,semantic-release,https://security.snyk.io/vuln/SNYK-JS-SEMANTICRELEASE-1041706,CVE-2020-26226,False,<17.2.3 ,https://github.com/semantic-release/semantic-release/commit/ca90b34c4a9333438cc4d69faeb43362bb991e5a
Denial of Service (DoS),tui-editor,https://security.snyk.io/vuln/SNYK-JS-TUIEDITOR-837924,,False,* ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1041745,CVE-2020-16017,False,<8.5.4 >=9.0.0 <9.3.5 >=10.0.0 <10.1.6 ,https://github.com/electron/electron/commit/f04721c7c06b4f955cc07d20acd2a1bf4a0e4b7c
Improper Access Control,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1049321,CVE-2020-16022,False,<9.4.0 >=10.0.0 <10.1.7 ,n/a
Improper Input Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1049323,CVE-2020-16015,False,<9.4.0 >=10.0.0 <10.1.7 ,https://github.com/electron/electron/pull/26858/commits/bc7261900896aa818b51a107f20721e3d1b20d22
Heap-based Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1048693,CVE-2020-16024,False,<9.4.0 >=10.0.0 <10.2.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1049547,CVE-2020-16014,False,<9.4.0 >=10.0.0 <10.2.0 ,n/a
Prototype Pollution,objnest,https://security.snyk.io/vuln/SNYK-JS-OBJNEST-1041787,,False,<5.1.0 ,https://github.com/okunishinishi/node-objnest/commit/c541e1a775b562d63402a14dac9f8cbc52b116d7
Authentication Bypass,expressjs-ip-control,https://security.snyk.io/vuln/SNYK-JS-EXPRESSJSIPCONTROL-1024442,,False,<1.0.7 ,n/a
Directory Traversal,zenn-cli,https://security.snyk.io/vuln/SNYK-JS-ZENNCLI-1024443,,False,<0.1.40 ,https://github.com/zenn-dev/zenn-editor/commit/eb9e67b39f93f8fbe79c5e4ce3c333936c79cff4
Cross-site Scripting (XSS),markdown-it-prism,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNITPRISM-1040462,,True,<2.1.3 ,n/a
Cross-site Scripting (XSS),markdown-it-highlightjs,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNITHIGHLIGHTJS-1040461,CVE-2020-7773,False,<3.3.1 ,n/a
Prototype Pollution,controlled-merge,https://security.snyk.io/vuln/SNYK-JS-CONTROLLEDMERGE-1040460,CVE-2020-28268,False,>=1.0.0 <1.3.0 ,https://github.com/hlfshell/controlled-merge/commit/5a4b2e9ffe5a0be7f8843d4ab038599d3ae5f9d4
Prototype Pollution,merge,https://security.snyk.io/vuln/SNYK-JS-MERGE-1040469,,False,<2.1.0 ,n/a
Prototype Pollution,doc-path,https://security.snyk.io/vuln/SNYK-JS-DOCPATH-1011952,CVE-2020-7772,True,<2.3.0 ,https://github.com/mrodrig/doc-path/commit/3e2bb168cf303bffcd7fae5f8d05e5300c1541c7
Cross-site Scripting (XSS),handsontable,https://security.snyk.io/vuln/SNYK-JS-HANDSONTABLE-1019380,,False,<8.2.0 ,n/a
Prototype Pollution,object-hierarchy-access,https://security.snyk.io/vuln/SNYK-JS-OBJECTHIERARCHYACCESS-1039883,CVE-2020-28270,False,>=0.2.0 <0.33.0 ,https://github.com/mjpclab/object-hierarchy-access/commit/7b1aa134a8bc4a376296bcfac5c3463aef2b7572
Prototype Pollution,field,https://security.snyk.io/vuln/SNYK-JS-FIELD-1039884,CVE-2020-28269,False,* ,n/a
Prototype Pollution,deephas,https://security.snyk.io/vuln/SNYK-JS-DEEPHAS-1039845,CVE-2020-28271,False,<1.0.7 ,https://github.com/sharpred/deepHas/commit/2fe011713a6178c50f7deb6f039a8e5435981e20
Command Injection,nodemailer,https://security.snyk.io/vuln/SNYK-JS-NODEMAILER-1038834,CVE-2020-7769,True,<6.4.16 ,https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54
Cross-site Scripting (XSS),joplin,https://security.snyk.io/vuln/SNYK-JS-JOPLIN-1024440,CVE-2020-28249,False,<1.4.2 ,https://github.com/laurent22/joplin/commit/fd90a490c0e5cacd17bfe0ffc422be1d2a9b1c13
Cross-site Scripting (XSS),@joplin/renderer,https://security.snyk.io/vuln/SNYK-JS-JOPLINRENDERER-1290615,CVE-2020-28249,False,<1.7.1 ,https://github.com/laurent22/joplin/commit/fd90a490c0e5cacd17bfe0ffc422be1d2a9b1c13
Cross-site Scripting (XSS),@joplin/lib,https://security.snyk.io/vuln/SNYK-JS-JOPLINLIB-1290616,CVE-2020-28249,False,<1.7.1 ,https://github.com/laurent22/joplin/commit/fd90a490c0e5cacd17bfe0ffc422be1d2a9b1c13
Regular Expression Denial of Service (ReDoS),express-validators,https://security.snyk.io/vuln/SNYK-JS-EXPRESSVALIDATORS-1017404,CVE-2020-7767,False,* ,n/a
Prototype Pollution,grpc,https://security.snyk.io/vuln/SNYK-JS-GRPC-598671,CVE-2020-7768,False,<1.24.4 ,n/a
Prototype Pollution,grpc,https://security.snyk.io/vuln/SNYK-JS-GRPC-598671,CVE-2020-7768,False,<1.24.4 ,n/a
Prototype Pollution,@strikeentco/set,https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821,CVE-2020-28267,False,<1.0.1 ,https://github.com/strikeentco/set/commit/102cc6b2e1d1e0c928ced87e75df759d5541ff60
Directory Traversal,node-downloader-helper,https://security.snyk.io/vuln/SNYK-JS-NODEDOWNLOADERHELPER-1038832,,False,<1.0.15 ,https://github.com/hgouveia/node-downloader-helper/commit/3f000fccce973b972132cc11e1aa7724ca08f85b
Malicious Package,xpc.js,https://security.snyk.io/vuln/SNYK-JS-XPCJS-1040419,,False,* ,n/a
Malicious Package,ac-addon,https://security.snyk.io/vuln/SNYK-JS-ACADDON-1038824,,False,* ,n/a
Malicious Package,discord.app,https://security.snyk.io/vuln/SNYK-JS-DISCORDAPP-1038826,,False,* ,n/a
Malicious Package,wsbd.js,https://security.snyk.io/vuln/SNYK-JS-WSBDJS-1038825,,False,* ,n/a
Malicious Package,db-json.js,https://security.snyk.io/vuln/SNYK-JS-DBJSONJS-1047461,,False,* ,n/a
Malicious Package,jdb.js,https://security.snyk.io/vuln/SNYK-JS-JDBJS-1047462,,False,* ,n/a
Prototype Pollution,json8-merge-patch,https://security.snyk.io/vuln/SNYK-JS-JSON8MERGEPATCH-1038399,CVE-2020-8268,True,<1.0.3 ,n/a
Malicious Package,discord.dll,https://security.snyk.io/vuln/SNYK-JS-DISCORDDLL-1038397,,False,* ,n/a
Prototype Pollution,json-ptr,https://security.snyk.io/vuln/SNYK-JS-JSONPTR-1016939,CVE-2020-7766,True,<2.0.0 ,n/a
Prototype Pollution,y18n,https://security.snyk.io/vuln/SNYK-JS-Y18N-1021887,CVE-2020-7774,True,<3.2.2 >=4.0.0 <4.0.1 >=5.0.0 <5.0.5 ,n/a
Prototype Pollution,@firebase/util,https://security.snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324,CVE-2020-7765,True,<0.3.4 ,https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada
Web Cache Poisoning,find-my-way,https://security.snyk.io/vuln/SNYK-JS-FINDMYWAY-1038269,CVE-2020-7764,False,<2.2.5 >=3.0.0 <3.0.5 ,https://github.com/delvedor/find-my-way/commit/ab408354690e6b9cf3c4724befb3b3fa4bb90aac
Denial of Service (DoS),krb5,https://security.snyk.io/vuln/SNYK-JS-KRB5-1038261,CVE-2020-28196,False,* ,https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
Denial of Service (DoS),node-krb5,https://security.snyk.io/vuln/SNYK-JS-NODEKRB5-1038260,CVE-2020-28196,False,* ,https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd
Server-Side Request Forgery (SSRF),axios,https://security.snyk.io/vuln/SNYK-JS-AXIOS-1038255,CVE-2020-28168,False,<0.21.1 ,https://github.com/axios/axios/commit/c7329fefc890050edd51e40e469a154d0117fc55
Arbitrary File Read,jsreport-chrome-pdf,https://security.snyk.io/vuln/SNYK-JS-JSREPORTCHROMEPDF-1037310,CVE-2020-7762,True,<1.10.0 ,https://github.com/jsreport/jsreport-chrome-pdf/commit/6750b2f77d05cb843aefc1c4a98097a3bd33a6a2
Regular Expression Denial of Service (ReDoS),@absolunet/kafe,https://security.snyk.io/vuln/SNYK-JS-ABSOLUNETKAFE-1017403,CVE-2020-7761,False,<3.2.10 ,https://github.com/absolunet/kafe/commit/c644c798bfcdc1b0bbb1f0ca59e2e2664ff3fdd0#diff-f0f4b5b19ad46588ae9d7dc1889f681252b0698a4ead3a77b7c7d127ee657857
Arbitrary File Read,phantom-html-to-pdf,https://security.snyk.io/vuln/SNYK-JS-PHANTOMHTMLTOPDF-1023598,CVE-2020-7763,True,<0.6.1 ,https://github.com/pofider/phantom-html-to-pdf/commit/b5d2da2639a49a95e0bdb3bc0c987cb6406b8259
Prototype Pollution,json8,https://security.snyk.io/vuln/SNYK-JS-JSON8-1017116,CVE-2020-7770,False,<1.0.3 ,https://github.com/sonnyp/JSON8/commit/2e890261b66cbc54ae01d0c79c71b0fd18379e7e
Malicious Package,twilio-npm,https://security.snyk.io/vuln/SNYK-JS-TWILIONPM-1035374,,False,* ,n/a
Cross-site Scripting (XSS),dompurify,https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-1035544,,False,<2.2.2 ,n/a
Regular Expression Denial of Service (ReDoS),codemirror,https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937,CVE-2020-7760,True,<5.58.2 ,https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb
Server-side Request Forgery (SSRF),strapi,https://security.snyk.io/vuln/SNYK-JS-STRAPI-1022256,CVE-2020-27664,False,<3.2.5 ,n/a
Path Traversal,browserless-chrome,https://security.snyk.io/vuln/SNYK-JS-BROWSERLESSCHROME-1023657,CVE-2020-7758,True,<1.43.0 ,https://github.com/browserless/chrome/commit/848b87e5bea4f8473eea85261a5ff922d6ebd2b6
Path Traversal,droppy,https://security.snyk.io/vuln/SNYK-JS-DROPPY-1023656,CVE-2020-7757,True,* ,n/a
Command Injection,gfc,https://security.snyk.io/vuln/SNYK-JS-GFC-1023302,,False,* ,n/a
Command Injection,systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1023168,CVE-2020-26300,False,<4.26.2 ,https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607
Command Injection,systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1023168,CVE-2020-26300,False,<4.26.2 ,https://github.com/sebhildebrandt/systeminformation/commit/bad372e654cdd549e7d786acbba0035ded54c607
Regular Expression Denial of Service (ReDoS),dat.gui,https://security.snyk.io/vuln/SNYK-JS-DATGUI-1016275,CVE-2020-7755,False,* ,n/a
Prototype Pollution,nested-property,https://security.snyk.io/vuln/SNYK-JS-NESTEDPROPERTY-1022154,,True,<3.0.0 ,https://github.com/cosmosio/nested-property/commit/881cf37eb956641fc26011ff66a436eb603c89d1
Denial of Service (DoS),http-live-simulator,https://security.snyk.io/vuln/SNYK-JS-HTTPLIVESIMULATOR-1022148,,False,* ,https://github.com/prahladyeri/http-live-simulator/commit/810248f5e28935abe9f4260ac9c1fa897f8d7067
Cross-site Scripting (XSS),grapesjs,https://security.snyk.io/vuln/SNYK-JS-GRAPESJS-1020496,,False,<0.17.25 ,n/a
Command Injection,create-git,https://security.snyk.io/vuln/SNYK-JS-CREATEGIT-1022150,,False,<1.0.0-2 ,n/a
Regular Expression Denial of Service (ReDoS),trim,https://security.snyk.io/vuln/SNYK-JS-TRIM-1017038,CVE-2020-7753,True,<0.0.3 ,n/a
Command Injection,systeminformation,https://security.snyk.io/vuln/SNYK-JS-SYSTEMINFORMATION-1021909,CVE-2020-7752,True,<4.27.11 ,https://github.com/sebhildebrandt/systeminformation/commit/931fecaec2c1a7dcc10457bb8cd552d08089da61
XML External Entity (XXE) Injection,jstoxml,https://security.snyk.io/vuln/SNYK-JS-JSTOXML-1017039,,False,<2.0.0 ,https://github.com/davidcalhoun/jstoxml/commit/a9c888bf1c47821d9868198001ca7bb1306091b3
Cross-site Request Forgery (CSRF),mountebank,https://security.snyk.io/vuln/SNYK-JS-MOUNTEBANK-1021889,,False,<2.3.3 ,https://github.com/bbyars/mountebank/commit/f1c453ab8b744d08a561c346c3a034738eefc0b4
Prototype Pollution,pathval,https://security.snyk.io/vuln/SNYK-JS-PATHVAL-596926,CVE-2020-7751,True,<1.1.1 ,https://github.com/chaijs/pathval/commit/7859e0e1ce4c2c67de897edce097ed31f80661d0
Regular Expression Denial of Service (ReDoS),locutus,https://security.snyk.io/vuln/SNYK-JS-LOCUTUS-1009836,,True,<2.0.15 ,https://github.com/locutusjs/locutus/commit/e094f85153753d7f919df7dd6f8503d8742c960a
Improper Authorization,strapi-plugin-content-type-builder,https://security.snyk.io/vuln/SNYK-JS-STRAPIPLUGINCONTENTTYPEBUILDER-1021616,CVE-2020-27665,False,<3.2.5 ,n/a
Cross-site Scripting (XSS),strapi-plugin-content-manager,https://security.snyk.io/vuln/SNYK-JS-STRAPIPLUGINCONTENTMANAGER-1021615,CVE-2020-27666,False,<3.2.5 ,n/a
Operation on a Resource after Expiration or Release,parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-1021232,CVE-2020-15270,False,<4.4.0 ,https://github.com/parse-community/parse-server/commit/78b59fb26b1c36e3cdbd42ba9fec025003267f58
Cross-site Scripting (XSS),scratch-svg-renderer,https://security.snyk.io/vuln/SNYK-JS-SCRATCHSVGRENDERER-1020497,CVE-2020-7750,False,<0.2.0-prerelease.20201019174008 ,https://github.com/LLK/scratch-svg-renderer/commit/9ebf57588aa596c4fa3bb64209e10ade395aee90
Heap-based Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1021884,CVE-2020-15999,True,<8.5.3 >=9.0.0-beta.1 <9.3.3 >=10.0.0-beta.1 <10.1.5 ,n/a
Cross-site Scripting (XSS),hermes-engine,https://security.snyk.io/vuln/SNYK-JS-HERMESENGINE-1015406,CVE-2020-1914,False,<0.7.2 ,https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc
Access Restriction Bypass,webpack-subresource-integrity,https://security.snyk.io/vuln/SNYK-JS-WEBPACKSUBRESOURCEINTEGRITY-1019475,CVE-2020-15262,False,>=1.5.0 <1.5.1 ,n/a
Server-side Request Forgery (SSRF),osm-static-maps,https://security.snyk.io/vuln/SNYK-JS-OSMSTATICMAPS-609637,CVE-2020-7749,True,<3.9.0 ,n/a
Prototype Pollution,@tsed/core,https://security.snyk.io/vuln/SNYK-JS-TSEDCORE-1019382,CVE-2020-7748,True,<5.65.7 ,https://github.com/TypedProject/tsed/commit/1395773ddac35926cf058fc6da9fb8e82266761b
Cross-site Scripting (XSS),lightning-server,https://security.snyk.io/vuln/SNYK-JS-LIGHTNINGSERVER-1019381,CVE-2020-7747,True,* ,n/a
Prototype Pollution,chart.js,https://security.snyk.io/vuln/SNYK-JS-CHARTJS-1018716,CVE-2020-7746,False,<2.9.4 ,n/a
Regular Expression Denial of Service (ReDoS),npm-user-validate,https://security.snyk.io/vuln/SNYK-JS-NPMUSERVALIDATE-1019352,CVE-2020-7754,False,<1.0.1 ,https://github.com/npm/npm-user-validate/commit/c8a87dac1a4cc6988b5418f30411a8669bef204e
Malicious Package,nodetest1010,https://security.snyk.io/vuln/SNYK-JS-NODETEST1010-1018833,,False,* ,n/a
Malicious Package,nodetest199,https://security.snyk.io/vuln/SNYK-JS-NODETEST199-1018834,,False,* ,n/a
Malicious Package,npmpubman,https://security.snyk.io/vuln/SNYK-JS-NPMPUBMAN-1018835,,False,* ,n/a
Malicious Package,plutov-slack-client,https://security.snyk.io/vuln/SNYK-JS-PLUTOVSLACKCLIENT-1018836,,False,* ,n/a
Command Injection,freespace,https://security.snyk.io/vuln/SNYK-JS-FREESPACE-1018705,,True,* ,n/a
Cross-site Scripting (XSS),bizcharts,https://security.snyk.io/vuln/SNYK-JS-BIZCHARTS-608848,,False,<4.0.15 ,https://github.com/alibaba/BizCharts/commit/317941b0f1e9a42f7d7cc14b3631dd3c3a8041f0
Prototype Pollution,mathjs,https://security.snyk.io/vuln/SNYK-JS-MATHJS-1016401,CVE-2020-7743,False,<7.5.1 ,https://github.com/josdejong/mathjs/commit/ecb80514e80bce4e6ec7e71db8ff79954f07c57e
Cross-site Scripting (XSS),summernote,https://security.snyk.io/vuln/SNYK-JS-SUMMERNOTE-597187,,True,* ,https://github.com/summernote/summernote/commit/9408255baf27a899089271267de5279376965f8a
Open Redirect,next,https://security.snyk.io/vuln/SNYK-JS-NEXT-1063481,CVE-2020-15242,False,>=9.5.0 <9.5.4 ,n/a
Cross-site Scripting (XSS),dompurify,https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-1016634,CVE-2020-26870,False,<2.0.17 ,https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d
Improper Restriction of Rendered UI Layers or Frames,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1016273,CVE-2020-15174,False,>=8.0.0-beta.0 <8.5.1 >=9.0.0-beta.0 <9.3.0 >=10.0.0-beta.0 <10.0.1 >=11.0.0-beta.0 <11.0.0-beta.1 ,n/a
Prototype Pollution,simpl-schema,https://security.snyk.io/vuln/SNYK-JS-SIMPLSCHEMA-1016157,CVE-2020-7742,True,<1.10.2 ,n/a
Improper Access Control,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-1016271,CVE-2020-15215,False,>=8.0.0-beta.0 <8.5.2 >=9.0.0-beta.0 <9.3.1 >=10.0.0-beta.0 <10.1.2 >=11.0.0-beta.0 <11.0.0-beta.6 ,n/a
Cross-site Scripting (XSS),hellojs,https://security.snyk.io/vuln/SNYK-JS-HELLOJS-1014546,CVE-2020-7741,False,<1.18.6 ,n/a
Prototype Pollution,json-pointer,https://security.snyk.io/vuln/SNYK-JS-JSONPOINTER-596925,CVE-2020-7709,True,<0.6.1 ,n/a
Server-Side Request Forgery (SSRF),node-pdf-generator,https://security.snyk.io/vuln/SNYK-JS-NODEPDFGENERATOR-609636,CVE-2020-7740,True,* ,n/a
Server-side Request Forgery (SSRF),phantomjs-seo,https://security.snyk.io/vuln/SNYK-JS-PHANTOMJSSEO-609638,CVE-2020-7739,True,* ,n/a
File Type Restriction Bypass,socket.io-file,https://security.snyk.io/vuln/SNYK-JS-SOCKETIOFILE-1015597,CVE-2020-24807,False,* ,n/a
Cross-site Scripting (XSS),froala-editor,https://security.snyk.io/vuln/SNYK-JS-FROALAEDITOR-1015371,CVE-2020-26523,False,<3.2.2 ,n/a
Improper Input Validation,@actions/core,https://security.snyk.io/vuln/SNYK-JS-ACTIONSCORE-1015402,CVE-2020-15228,False,<1.2.6 ,n/a
Malicious Package,electorn,https://security.snyk.io/vuln/SNYK-JS-ELECTORN-1015404,,False,* ,n/a
Malicious Package,loadyaml,https://security.snyk.io/vuln/SNYK-JS-LOADYAML-1015403,,False,* ,n/a
Prototype Pollution,safetydance,https://security.snyk.io/vuln/SNYK-JS-SAFETYDANCE-598687,CVE-2020-7737,False,* ,n/a
Prototype Pollution,bmoor,https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664,CVE-2020-7736,False,<0.8.12 ,n/a
Cross-site Scripting (XSS),canvas-designer,https://security.snyk.io/vuln/SNYK-JS-CANVASDESIGNER-597485,,False,* ,n/a
Prototype Pollution,datatables.net,https://security.snyk.io/vuln/SNYK-JS-DATATABLESNET-598806,,False,<1.10.22 ,n/a
Open Redirect,amp-html,https://security.snyk.io/vuln/SNYK-JS-AMPHTML-598262,,False,* ,n/a
Cross-site Scripting (XSS),bootstrap-select,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-1014662,CVE-2019-20921,False,<1.13.6 ,n/a
Information Exposure,nats.ws,https://security.snyk.io/vuln/SNYK-JS-NATSWS-1014647,CVE-2020-26149,False,<1.0.0-111 ,https://github.com/nats-io/nats.deno/commit/e7c566eb9941cd07bfd891a6965bd4e46cbdc8c3
Resource Exhaustion,mountebank,https://security.snyk.io/vuln/SNYK-JS-MOUNTEBANK-1014529,,False,<2.3.1 ,https://github.com/bbyars/mountebank/commit/65f583c521bf3828a7c53037b2795a4ff5269820
Directory Traversal,mountebank,https://security.snyk.io/vuln/SNYK-JS-MOUNTEBANK-1014526,,False,<2.3.2 ,https://github.com/bbyars/mountebank/commit/b4e1c19cb9b43bab137f9045160efc4335ca43bb
Information Exposure,generator-jhipster,https://security.snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-608849,,False,<6.10.2 ,https://github.com/avdev4j/generator-jhipster/commit/26bdfc35ed95c05e238cddcf188f88919f4ccb09
Cross-site Scripting (XSS),m-server,https://security.snyk.io/vuln/SNYK-JS-MSERVER-1013436,,True,* ,n/a
Command Injection,ng-packagr,https://security.snyk.io/vuln/SNYK-JS-NGPACKAGR-1012427,CVE-2020-7735,False,<10.1.1 ,https://github.com/ng-packagr/ng-packagr/commit/bda0fff3443301f252930a73fdc8fb9502de596d
Remote Code Execution (RCE),gity,https://security.snyk.io/vuln/SNYK-JS-GITY-1012730,,True,* ,n/a
Cross-site Scripting (XSS),snekserve,https://security.snyk.io/vuln/SNYK-JS-SNEKSERVE-1012731,,True,* ,n/a
Remote Code Execution (RCE),git-lib,https://security.snyk.io/vuln/SNYK-JS-GITLIB-1012734,,True,* ,n/a
Arbitrary File Read,hnzserver,https://security.snyk.io/vuln/SNYK-JS-HNZSERVER-1012733,,True,* ,n/a
Arbitrary File Read,http_server,https://security.snyk.io/vuln/SNYK-JS-HTTPSERVER-1012732,,True,* ,n/a
Remote Code Execution (RCE),commit-msg,https://security.snyk.io/vuln/SNYK-JS-COMMITMSG-1012729,,False,* ,n/a
Cross-site Scripting (XSS),joplin,https://security.snyk.io/vuln/SNYK-JS-JOPLIN-1012726,CVE-2020-15930,False,<1.1.4 ,n/a
Cross-site Scripting (XSS),react-native-webview,https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEWEBVIEW-1011954,CVE-2020-6506,False,<11.0.0 ,n/a
Arbitrary Code Execution,shiba,https://security.snyk.io/vuln/SNYK-JS-SHIBA-596466,CVE-2020-7738,False,* ,n/a
Arbitrary Command Execution,@knutkirkhorn/free-space,https://security.snyk.io/vuln/SNYK-JS-KNUTKIRKHORNFREESPACE-1009833,,False,<1.3.0 ,n/a
Command Injection,node-idevice,https://security.snyk.io/vuln/SNYK-JS-NODEIDEVICE-609343,,False,* ,n/a
Remote Code Execution (RCE),heroku-exec-util,https://security.snyk.io/vuln/SNYK-JS-HEROKUEXECUTIL-674661,,False,* ,n/a
Improper Authentication,authmagic-timerange-stateless-core,https://security.snyk.io/vuln/SNYK-JS-AUTHMAGICTIMERANGESTATELESSCORE-674658,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),ua-parser-js,https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-610226,CVE-2020-7733,False,<0.7.22 ,https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d
Command Injection,alfred-workflow-nodejs,https://security.snyk.io/vuln/SNYK-JS-ALFREDWORKFLOWNODEJS-608975,,True,* ,n/a
Malicious Package,nagibabel,https://security.snyk.io/vuln/SNYK-JS-NAGIBABEL-674575,,False,* ,n/a
Information Exposure,renovate,https://security.snyk.io/vuln/SNYK-JS-RENOVATE-674573,,False,>=19.180.0 <23.25.1 ,https://github.com/renovatebot/renovate/commit/6c9c4ac14ef478ddbeb534e5a2b95c450af12fc7
Cross-site Scripting (XSS),flsaba,https://security.snyk.io/vuln/SNYK-JS-FLSABA-674473,,False,* ,n/a
Prototype Pollution,keyd,https://security.snyk.io/vuln/SNYK-JS-KEYD-674472,,False,<1.4.3 ,n/a
Prototype Pollution,objtools,https://security.snyk.io/vuln/SNYK-JS-OBJTOOLS-674471,,False,* ,n/a
Denial of Service (DoS),passport-azure-ad,https://security.snyk.io/vuln/SNYK-JS-PASSPORTAZUREAD-608126,,False,<4.3.0 ,https://github.com/AzureAD/passport-azure-ad/pull/474/commits/d8cffbe9a32f740eb9ff1a9f4e9dec9dada3633a
Cross-site Scripting (XSS),trezor-connect,https://security.snyk.io/vuln/SNYK-JS-TREZORCONNECT-598796,,False,<8.1.12 ,n/a
Cross-site Scripting (XSS),joplin,https://security.snyk.io/vuln/SNYK-JS-JOPLIN-674433,,False,<1.1.1 ,https://github.com/laurent22/joplin/commit/57d750bc9aeb0f98d53ed4b924458b54984c15ff
Denial of Service,node-fetch,https://security.snyk.io/vuln/SNYK-JS-NODEFETCH-674311,CVE-2020-15168,False,<2.6.1 >=3.0.0-beta.1 <3.0.0-beta.9 ,https://github.com/node-fetch/node-fetch/commit/2358a6c2563d1730a0cdaccc197c611949f6a334
Prototype Pollution,json-logic-js,https://security.snyk.io/vuln/SNYK-JS-JSONLOGICJS-674308,,True,<2.0.0 ,n/a
Denial of Service (DoS),bcoin,https://security.snyk.io/vuln/SNYK-JS-BCOIN-674318,CVE-2018-17145,False,>=1.0.0-pre <1.0.2 ,n/a
Cross-site Scripting (XSS),zulip,https://security.snyk.io/vuln/SNYK-JS-ZULIP-674319,CVE-2020-24582,False,<5.4.3 ,https://github.com/zulip/zulip-desktop/commit/a9d59b3dcdb59c76a3b5dcb99bb61c78634e3a8f
Improper Input Validation,personnummer,https://security.snyk.io/vuln/SNYK-JS-PERSONNUMMER-674153,,False,<3.1.0 ,https://github.com/personnummer/php/commit/3d22e5316d8546ac939e7818cd69118f874152ab
Authentication Bypass,node-lemonldap-ng-handler,https://security.snyk.io/vuln/SNYK-JS-NODELEMONLDAPNGHANDLER-655999,CVE-2020-24660,False,<0.5.2 ,n/a
Denial of Service (DoS),hermes-engine,https://security.snyk.io/vuln/SNYK-JS-HERMESENGINE-629268,CVE-2020-1913,False,<0.7.0 ,https://github.com/facebook/hermes/commit/2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6
Out-of-Bounds,hermes-engine,https://security.snyk.io/vuln/SNYK-JS-HERMESENGINE-629748,CVE-2020-1912,False,<0.7.0 ,https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168
Cross-site Scripting (XSS),bitcore-node,https://security.snyk.io/vuln/SNYK-JS-BITCORENODE-589925,,False,<8.22.2 ,https://github.com/bitpay/bitcore/commit/038af75d9a53f190c535a6d70552fc1eae929a34
Arbitrary Code Execution,sanitize-html,https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892,,False,<2.0.0-beta ,n/a
Prototype Pollution,extend-merge,https://security.snyk.io/vuln/SNYK-JS-EXTENDMERGE-609868,,False,<1.0.6 ,https://github.com/crysalead-js/extend-merge/commit/6c8dc4e4b5983fa3e85544716f8e347dea2ba3b0
Server-side Request Forgery (SSRF),@uppy/companion,https://security.snyk.io/vuln/SNYK-JS-UPPYCOMPANION-609858,CVE-2020-8135,False,<1.9.3 ,n/a
Directory Traversal,static-server-gx,https://security.snyk.io/vuln/SNYK-JS-STATICSERVERGX-609517,,True,* ,n/a
Cross-site Scripting (XSS),gitbook,https://security.snyk.io/vuln/SNYK-JS-GITBOOK-609389,CVE-2017-16019,False,<3.2.2 ,n/a
Command Injection,bestzip,https://security.snyk.io/vuln/SNYK-JS-BESTZIP-609371,CVE-2020-7730,False,<2.1.7 ,https://github.com/nfriedly/node-bestzip/commit/45d4a901478c6a8f396c8b959dd6cf8fd3f955b6
Arbitrary Code Execution,infraserver,https://security.snyk.io/vuln/SNYK-JS-INFRASERVER-595968,,False,* ,n/a
Prototype Pollution,gedi,https://security.snyk.io/vuln/SNYK-JS-GEDI-598803,CVE-2020-7727,False,* ,n/a
Prototype Pollution,safe-object2,https://security.snyk.io/vuln/SNYK-JS-SAFEOBJECT2-598801,CVE-2020-7726,False,* ,n/a
Prototype Pollution,node-oojs,https://security.snyk.io/vuln/SNYK-JS-NODEOOJS-598678,CVE-2020-7721,False,* ,n/a
Prototype Pollution,nodee-utils,https://security.snyk.io/vuln/SNYK-JS-NODEEUTILS-598679,CVE-2020-7722,False,<1.2.3 ,https://github.com/nodee-apps/utils/commit/52460d936c52f03c9907bc99ac5e890970cef83c
Prototype Pollution,worksmith,https://security.snyk.io/vuln/SNYK-JS-WORKSMITH-598798,CVE-2020-7725,False,* ,n/a
Prototype Pollution,promisehelpers,https://security.snyk.io/vuln/SNYK-JS-PROMISEHELPERS-598686,CVE-2020-7723,False,* ,n/a
Prototype Pollution,tiny-conf,https://security.snyk.io/vuln/SNYK-JS-TINYCONF-598792,CVE-2020-7724,False,* ,n/a
Prototype Pollution,dot-notes,https://security.snyk.io/vuln/SNYK-JS-DOTNOTES-598668,CVE-2020-7717,False,* ,n/a
Prototype Pollution,deeps,https://security.snyk.io/vuln/SNYK-JS-DEEPS-598667,CVE-2020-7716,False,* ,n/a
Prototype Pollution,deep-get-set,https://security.snyk.io/vuln/SNYK-JS-DEEPGETSET-598666,CVE-2020-7715,False,* ,n/a
Prototype Pollution,confucious,https://security.snyk.io/vuln/SNYK-JS-CONFUCIOUS-598665,CVE-2020-7714,False,* ,n/a
Prototype Pollution,node-forge,https://security.snyk.io/vuln/SNYK-JS-NODEFORGE-598677,CVE-2020-7720,False,<0.10.0 ,n/a
Prototype Pollution,gammautils,https://security.snyk.io/vuln/SNYK-JS-GAMMAUTILS-598670,CVE-2020-7718,False,* ,n/a
Prototype Pollution,arr-flatten-unflatten,https://security.snyk.io/vuln/SNYK-JS-ARRFLATTENUNFLATTEN-598396,CVE-2020-7713,False,* ,n/a
Prototype Pollution,locutus,https://security.snyk.io/vuln/SNYK-JS-LOCUTUS-598675,CVE-2020-7719,False,<2.0.12 ,n/a
Directory Traversal,hangersteak,https://security.snyk.io/vuln/SNYK-JS-HANGERSTEAK-608973,,True,<0.2.5 ,https://github.com/eldoy/hangersteak/commit/9e853cced065c5a98f242c7ac75438d035f63532
Command Injection,json,https://security.snyk.io/vuln/SNYK-JS-JSON-597481,CVE-2020-7712,True,<10.0.0 ,n/a
Prototype Pollution,hermes-engine,https://security.snyk.io/vuln/SNYK-JS-HERMESENGINE-608850,CVE-2020-1911,False,<0.7.0 ,https://github.com/facebook/hermes/commit/fe52854cdf6725c2eaa9e125995da76e6ceb27da
Remote Memory Exposure,bl,https://security.snyk.io/vuln/SNYK-JS-BL-608877,CVE-2020-8244,True,>=2.2.0 <2.2.1 >=3.0.0 <3.0.1 >=4.0.0 <4.0.3 <1.2.3 ,https://github.com/rvagg/bl/commit/0bd87ec97be399b129fc62feff2943ffa21bcc00
Denial of Service (DoS),aedes,https://security.snyk.io/vuln/SNYK-JS-AEDES-608837,CVE-2020-13410,False,<0.42.1 ,n/a
Malicious Package,fallguys,https://security.snyk.io/vuln/SNYK-JS-FALLGUYS-608657,,False,* ,n/a
Directory Traversal,min-http-server,https://security.snyk.io/vuln/SNYK-JS-MINHTTPSERVER-608658,,False,* ,n/a
Prototype Pollution,json-bigint,https://security.snyk.io/vuln/SNYK-JS-JSONBIGINT-608659,CVE-2020-8237,False,<1.0.0 ,n/a
Remote Code Execution (RCE),windows-edge,https://security.snyk.io/vuln/SNYK-JS-WINDOWSEDGE-608480,,True,<1.1.0 ,https://github.com/eugeneware/windows-edge/commit/20ce41e1111d05533d9b4f6e2da274c13b278e0d
Denial of Service (DoS),meemo-app,https://security.snyk.io/vuln/SNYK-JS-MEEMOAPP-608290,,False,<1.13.1 ,https://github.com/nebulade/meemo/commit/be31ad3da7d4f8653d6813e84125bb4d25b5658b
Command Injection,extra-asciinema,https://security.snyk.io/vuln/SNYK-JS-EXTRAASCIINEMA-608292,,False,<1.0.23 ,https://github.com/nodef/extra-asciinema/commit/fd1a8a38d6c72e1eb573b2ab03d5e86de8047480
Denial of Service (DoS),cloudron-surfer,https://security.snyk.io/vuln/SNYK-JS-CLOUDRONSURFER-608291,,False,<5.10.3 ,n/a
Prototype Pollution,lodash,https://security.snyk.io/vuln/SNYK-JS-LODASH-608086,,True,<4.17.17 ,n/a
Prototype Pollution,lodash.set,https://security.snyk.io/vuln/SNYK-JS-LODASHSET-1320032,,True,* ,n/a
Cross-site Scripting (XSS),jquery-confirm,https://security.snyk.io/vuln/SNYK-JS-JQUERYCONFIRM-608085,,False,* ,n/a
Sandbox Escape,safe-eval,https://security.snyk.io/vuln/SNYK-JS-SAFEEVAL-608076,CVE-2020-7710,False,* ,n/a
Arbitrary Code Execution,grunt,https://security.snyk.io/vuln/SNYK-JS-GRUNT-597546,CVE-2020-7729,False,<1.3.0 ,https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
Improper Authorization,nodebb,https://security.snyk.io/vuln/SNYK-JS-NODEBB-607916,CVE-2020-15149,True,>=1.12.2 <1.14.3 ,https://github.com/NodeBB/NodeBB/commit/c2477d9d5ffc43e5ffeb537ea2ceb4ce9592aa39
Command Injection,extra-ffmpeg,https://security.snyk.io/vuln/SNYK-JS-EXTRAFFMPEG-607911,,True,* ,https://github.com/nodef/extra-ffmpeg/commit/e39f999494209c042b39cd74edc44758ff29172b
Prototype Pollution,object-path,https://security.snyk.io/vuln/SNYK-JS-OBJECTPATH-1017036,CVE-2020-15256,True,<0.11.5 ,https://github.com/skratchdot/object-path-set/commit/55f06d75abf5885f9cba3b7760acb38d7d7d06c0
Prototype Pollution,object-path-set,https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908,CVE-2020-15256,True,<1.0.1 ,https://github.com/skratchdot/object-path-set/commit/55f06d75abf5885f9cba3b7760acb38d7d7d06c0
Prototype Pollution,supermixer,https://security.snyk.io/vuln/SNYK-JS-SUPERMIXER-607909,CVE-2020-24939,True,<1.0.5 ,https://github.com/stampit-org/supermixer/commit/94dcc6fc45e0fed96187cb52aaffadf76dbbc0a3
Command Injection,vboxmanage.js,https://security.snyk.io/vuln/SNYK-JS-VBOXMANAGEJS-607910,,True,<1.0.9 ,https://github.com/danielgindi/node-vboxmanage/commit/8efe421dd19c474cbdeb0908cbcc7aabfe343d5e
Cross-site Scripting (XSS),auth0-lock,https://security.snyk.io/vuln/SNYK-JS-AUTH0LOCK-607904,CVE-2020-15119,False,<11.26.3 ,n/a
Prototype Pollution,linux-cmdline,https://security.snyk.io/vuln/SNYK-JS-LINUXCMDLINE-598674,CVE-2020-7704,False,<1.0.1 ,https://github.com/piranna/linux-cmdline/commit/53c61a88bc47eb25d71832205056beaab95cf677
Prototype Pollution,connie-lang,https://security.snyk.io/vuln/SNYK-JS-CONNIELANG-598853,CVE-2020-7706,False,<0.1.1 ,https://github.com/mattinsler/connie-lang/commit/ef376d404c712dd28309ba07f28a8f87f24a015a
Prototype Pollution,property-expr,https://security.snyk.io/vuln/SNYK-JS-PROPERTYEXPR-598800,CVE-2020-7707,False,<2.0.3 ,https://github.com/jquense/expr/commit/df846910915d59f711ce63c1f817815bceab5ff7
Prototype Pollution,@irrelon/path,https://security.snyk.io/vuln/SNYK-JS-IRRELONPATH-598673,CVE-2020-7708,False,<4.7.0 ,https://github.com/Irrelon/irrelon-path/commit/8a126b160c1a854ae511659c111413ad9910ebe3
Server-side Request Forgery (SSRF),ftp-srv,https://security.snyk.io/vuln/SNYK-JS-FTPSRV-598863,CVE-2020-15152,False,>=1.0.0 <4.3.4 ,https://github.com/autovance/ftp-srv/commit/e449e75219d918c400dec65b4b0759f60476abca
Prototype Pollution,irrelon-path,https://security.snyk.io/vuln/SNYK-JS-IRRELONPATH-598672,CVE-2020-7708,False,<4.7.0 ,https://github.com/Irrelon/irrelon-path/commit/8a126b160c1a854ae511659c111413ad9910ebe3
Prototype Pollution,templ8,https://security.snyk.io/vuln/SNYK-JS-TEMPL8-598770,CVE-2020-7702,False,* ,n/a
Prototype Pollution,nis-utils,https://security.snyk.io/vuln/SNYK-JS-NISUTILS-598799,CVE-2020-7703,False,* ,n/a
Prototype Pollution,jsonpointer,https://security.snyk.io/vuln/SNYK-JS-JSONPOINTER-598804,,False,<4.1.0 ,https://github.com/janl/node-jsonpointer/commit/234e3437019c6c07537ed2ad1e03b3e132b85e34
Cross-site Scripting (XSS),bootstrap-switch,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPSWITCH-597113,,True,* ,n/a
Prototype Pollution,lodash,https://security.snyk.io/vuln/SNYK-JS-LODASH-590103,,False,<4.17.20 ,n/a
Prototype Pollution,madlib-object-utils,https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676,CVE-2020-7701,False,<0.1.7 ,n/a
Prototype Pollution,phpjs,https://security.snyk.io/vuln/SNYK-JS-PHPJS-598681,CVE-2020-7700,False,* ,n/a
Cross-site Scripting (XSS),buefy,https://security.snyk.io/vuln/SNYK-JS-BUEFY-598386,,False,<0.9.0 ,https://github.com/buefy/buefy/commit/47d225053458657b4c4030d48ef946c51f7f5994
Cross-site Scripting (XSS),@progress/kendo-angular-editor,https://security.snyk.io/vuln/SNYK-JS-PROGRESSKENDOANGULAREDITOR-598159,,False,<1.2.3 ,n/a
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/SNYK-JS-TINYMCE-598223,CVE-2020-12648,False,<4.9.11 >=5.0.0 <5.4.0 ,n/a
Improper Input Validation,jpv,https://security.snyk.io/vuln/SNYK-JS-JPV-598089,CVE-2020-17479,False,<2.2.2 ,https://github.com/manvel-khnkoyan/jpv/commit/e3eec1215caa8d5c560f5e88d0943422831927d6
Cross-site Scripting (XSS),prismjs,https://security.snyk.io/vuln/SNYK-JS-PRISMJS-597628,CVE-2020-15138,False,>=1.1.0 <1.21.0 ,https://github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c
Regular Expression Denial of Service (ReDoS),wappalyzer,https://security.snyk.io/vuln/SNYK-JS-WAPPALYZER-597530,,True,<6.0.6 ,https://github.com/AliasIO/wappalyzer/commit/ad853a3abdd1f558895aaa75852c0510d3b1b87d
Cross-Site Request Forgery (CSRF),polaris-website,https://security.snyk.io/vuln/SNYK-JS-POLARISWEBSITE-597473,,False,<1.1.1 ,n/a
Cross-site Request Forgery (CSRF),save-server,https://security.snyk.io/vuln/SNYK-JS-SAVESERVER-597396,CVE-2020-15135,False,<1.0.7 ,https://github.com/Neztore/save-server/commit/05409a72dfb3d41eb497079f40a4b8e1ff8b4a61
Server-side Request Forgery (SSRF),ftp-srv,https://security.snyk.io/vuln/SNYK-JS-FTPSRV-597159,,False,>=4.0.0 <4.3.4 >=3.1.0 <3.1.2 <2.19.6 ,n/a
Regular Expression Denial of Service (ReDoS),markdown,https://security.snyk.io/vuln/SNYK-JS-MARKDOWN-597156,,False,* ,n/a
Cross-site Scripting (XSS),markdown-it-katex,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNITKATEX-597160,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),is-my-json-valid,https://security.snyk.io/vuln/SNYK-JS-ISMYJSONVALID-597165,,True,<2.20.2 ,https://github.com/mafintosh/is-my-json-valid/commit/c3fc04fc455d40e9b29537f8e2c73a28ce106edb
Arbitrary Code Execution,is-my-json-valid,https://security.snyk.io/vuln/SNYK-JS-ISMYJSONVALID-597167,,True,<2.20.3 ,https://github.com/mafintosh/is-my-json-valid/commit/3419563687df463b4ca709a2b46be8e15d6a2b3d
Incorrect Comparison,slp-validate,https://security.snyk.io/vuln/SNYK-JS-SLPVALIDATE-597083,CVE-2020-15131,False,<1.2.2 ,https://github.com/simpleledger/slp-validate.js/commit/3963cf914afae69084059b82483da916d97af65c
Incorrect Comparison,slpjs,https://security.snyk.io/vuln/SNYK-JS-SLPJS-597082,CVE-2020-15130,False,<0.27.4 ,https://github.com/simpleledger/slpjs/commit/290c20e8bff13ac81459d43e54cac232b5e3456c
Information Exposure,auth0,https://security.snyk.io/vuln/SNYK-JS-AUTH0-596476,CVE-2020-15125,False,<2.27.1 ,https://github.com/auth0/node-auth0/pull/507/commits/62ca61b3348ec8e74d7d00358661af1a8bc98a3c
Prototype Pollution,express-fileupload,https://security.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-595969,CVE-2020-7699,False,<1.1.10 ,n/a
Command Injection,git-tags-remote,https://security.snyk.io/vuln/SNYK-JS-GITTAGSREMOTE-596503,,True,<1.0.3 ,n/a
Prototype Pollution,flat,https://security.snyk.io/vuln/SNYK-JS-FLAT-596927,,True,>=5.0.0 <5.0.2 >=4.0.0 <4.1.1 >=3.0.0 <3.0.1 >=2.0.0 <2.0.2 >=5.0.0 <5.0.2 <1.6.2 ,n/a
Denial of Service (DoS),fastify,https://security.snyk.io/vuln/SNYK-JS-FASTIFY-596516,CVE-2020-8192,False,<2.15.1 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-608662,CVE-2020-6541,False,>=7.0.0 <7.3.3 >=8.0.0 <8.5.1 >=9.0.0 <9.2.2 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-598894,CVE-2020-6532,False,>=7.0.0 <7.3.3 >=8.0.0 <8.5.1 >=9.0.0 <9.2.1 ,n/a
Type Confusion,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-598949,CVE-2020-6537,False,>=9.0.0 <9.2.1 ,n/a
Denial of Service (DoS),fastify,https://security.snyk.io/vuln/SNYK-JS-FASTIFY-595959,,False,>=2.0.0 <2.15.1 >=3.0.0-alpha.1 <3.0.0-rc.5 ,n/a
Arbitrary Code Execution,jingo,https://security.snyk.io/vuln/SNYK-JS-JINGO-595966,,False,<1.9.6 ,https://github.com/claudioc/jingo/commit/6d4738c1aba892c372c4d0628a8a0a1d237ec95d
Prototype Pollution,fast-json-patch,https://security.snyk.io/vuln/SNYK-JS-FASTJSONPATCH-595663,,False,<2.2.1 ,https://github.com/Starcounter-Jack/JSON-Patch/pull/219/commits/dd5d353f5d65888aeac91359484a73f0e2a9e5bd
Regular Expression Denial of Service (ReDoS),marked,https://security.snyk.io/vuln/SNYK-JS-MARKED-584281,,False,<1.1.1 ,https://github.com/markedjs/marked/commit/bd4f8c464befad2b304d51e33e89e567326e62e0
Prototype Pollution,typeorm,https://security.snyk.io/vuln/SNYK-JS-TYPEORM-590152,CVE-2020-8158,False,<0.2.25 ,n/a
Insufficiently Protected Credentials,parse,https://security.snyk.io/vuln/SNYK-JS-PARSE-590110,,True,<2.10.0 ,n/a
Command Injection,diskstats,https://security.snyk.io/vuln/SNYK-JS-DISKSTATS-590099,,True,<0.1.0 ,https://github.com/PhilipSkinner/diskstats/commit/5631570fcaea48e9e86735c7e68757aa3c44e106
Command Injection,xps,https://security.snyk.io/vuln/SNYK-JS-XPS-590098,,True,<1.0.3 ,https://github.com/sorellabs/xps/commit/768481146b8ead3811310eecc0f56e2d107cb740
Access Restriction Bypass,parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-590063,CVE-2020-15126,False,>=3.5.0 <4.3.0 ,https://github.com/parse-community/parse-server/commit/78239ac9071167fdf243c55ae4bc9a2c0b0d89aa
Command Injection,mock2easy,https://security.snyk.io/vuln/SNYK-JS-MOCK2EASY-572312,CVE-2020-7697,False,* ,n/a
Denial of Service (DoS),sails-hook-sockets,https://security.snyk.io/vuln/SNYK-JS-SAILSHOOKSOCKETS-589929,CVE-2018-21036,False,<1.5.5 ,https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44
Command Injection,codecov,https://security.snyk.io/vuln/SNYK-JS-CODECOV-585979,CVE-2020-15123,False,<3.7.1 ,https://github.com/codecov/codecov-node/commit/c0711c656686e902af2cd92d6aecc8074de4d83d
Cross-site Request Forgery (CSRF),express-cart,https://security.snyk.io/vuln/SNYK-JS-EXPRESSCART-585983,,True,* ,https://github.com/mrvautin/expressCart/commit/cd3ba1bc609c2f2946bfbc7ee2fccf3483eb71fb
Prototype Pollution,i18next,https://security.snyk.io/vuln/SNYK-JS-I18NEXT-585930,,True,<19.8.3 ,https://github.com/i18next/i18next/commit/ed6169fa21b67d8e73b20d82579aff6f9b808a69
Prototype Pollution,fine-uploader,https://security.snyk.io/vuln/SNYK-JS-FINEUPLOADER-585902,,True,* ,n/a
Regular Expression Denial of Service (ReDoS),xlsx,https://security.snyk.io/vuln/SNYK-JS-XLSX-585898,,False,<0.16.0 ,https://github.com/SheetJS/sheetjs/commit/257d4e6db2444ce1a0be814c1c352423f4aba7b5
Cross-site Scripting (XSS),jquery-form,https://security.snyk.io/vuln/SNYK-JS-JQUERYFORM-574783,,False,* ,n/a
Prototype Pollution,ajv,https://security.snyk.io/vuln/SNYK-JS-AJV-584908,CVE-2020-15366,False,<6.12.3 ,n/a
Insecure Defaults,tmi.js,https://security.snyk.io/vuln/SNYK-JS-TMIJS-584986,,False,<1.7.0 ,https://github.com/tmijs/tmi.js/commit/df228dc818dbfe203bf85d19c54e7be1e6177077
Command Injection,windows-shortcuts,https://security.snyk.io/vuln/SNYK-JS-WINDOWSSHORTCUTS-584567,,False,* ,n/a
Cross-site Scripting (XSS),admin-lte,https://security.snyk.io/vuln/SNYK-JS-ADMINLTE-584564,,False,<3.1.0-rc ,https://github.com/ColorlibHQ/AdminLTE/commit/903143a1e1c02b94ec1194b7cec65675755c14a9
Improper Input Validation,scratch-vm,https://security.snyk.io/vuln/SNYK-JS-SCRATCHVM-584565,CVE-2020-14000,False,>=0.1.0-prerelease.1524239808 <0.2.0-prerelease.20200714185213 ,n/a
Information Exposure,react-native-fast-image,https://security.snyk.io/vuln/SNYK-JS-REACTNATIVEFASTIMAGE-572228,CVE-2020-7696,False,<8.3.0 ,https://github.com/DylanVann/react-native-fast-image/commit/4a7cd64f5b0aa40b04d63ccb105ee2b511abe624
Command Injection,standard-version,https://security.snyk.io/vuln/SNYK-JS-STANDARDVERSION-575708,,True,<8.0.1 ,https://github.com/conventional-changelog/standard-version/commit/871201ff8de6091d4b9b2ce9bf8611a1fc2f7836
Cross-site Scripting (XSS),@knight-lab/timelinejs,https://security.snyk.io/vuln/SNYK-JS-KNIGHTLABTIMELINEJS-575559,CVE-2020-15092,False,<3.7.0 ,https://github.com/NUKnightLab/TimelineJS3/commit/09a855ef0b9a626cd296ec4137628af141b062f3
Buffer Overflow,i18next,https://security.snyk.io/vuln/SNYK-JS-I18NEXT-575536,,False,<19.5.5 ,https://github.com/i18next/i18next/commit/360c8a92dcfe90964b433fa947f7f467a10887da
Cross-site Scripting (XSS),tiptap,https://security.snyk.io/vuln/SNYK-JS-TIPTAP-575143,,False,<1.29.0 ,n/a
Insertion of Sensitive Information into Log File,npm-registry-fetch,https://security.snyk.io/vuln/SNYK-JS-NPMREGISTRYFETCH-575432,,False,<4.0.5 >=5.0.0 <8.1.1 ,https://github.com/npm/npm-registry-fetch/commit/18bf9b97fb1deecdba01ffb05580370846255c88
Directory Traversal,socket.io-file,https://security.snyk.io/vuln/SNYK-JS-SOCKETIOFILE-575434,CVE-2020-15779,False,* ,n/a
Insertion of Sensitive Information into Log File,npm,https://security.snyk.io/vuln/SNYK-JS-NPM-575435,CVE-2020-15095,False,<6.14.6 ,https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
Denial of Service (DoS),sockjs,https://security.snyk.io/vuln/SNYK-JS-SOCKJS-575261,CVE-2020-7693,True,<0.3.20 ,https://github.com/sockjs/sockjs-node/commit/dd7e642cd69ee74385825816d30642c43e051d16
Arbitrary File Read,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-575393,CVE-2020-4075,False,<7.2.4 >=8.0.0 <8.2.4 ,n/a
Privilege Escalation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-575394,CVE-2020-4076,False,<7.2.4 >=8.0.0 <8.2.4 ,n/a
Command Injection,strider-git,https://security.snyk.io/vuln/SNYK-JS-STRIDERGIT-572913,,True,<2.0.0 ,https://github.com/Strider-CD/strider-git/commit/13da05fff05f7089dbb97a393be097deaadd2a9e
Privilege Escalation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-575395,CVE-2020-4077,False,<7.2.4 >=8.0.0 <8.2.4 ,n/a
Privilege Escalation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-575396,CVE-2020-15096,False,<6.1.11 >=7.0.0 <7.2.4 >=8.0.0 <8.2.4 ,n/a
Cross-site Scripting (XSS),formiojs,https://security.snyk.io/vuln/SNYK-JS-FORMIOJS-560149,,True,<4.12.1-rc.19 ,https://github.com/formio/formio.js/commit/f38b61ae2f0792119f5156deba04921dee3e1a75
Cross-site Scripting (XSS),jspdf,https://security.snyk.io/vuln/SNYK-JS-JSPDF-568273,CVE-2020-7691,True,<2.0.0 ,n/a
Cross-site Scripting (XSS),jspdf,https://security.snyk.io/vuln/SNYK-JS-JSPDF-575256,CVE-2020-7690,True,<2.0.0 ,n/a
Cross-site Scripting (XSS),keycloak-connect,https://security.snyk.io/vuln/SNYK-JS-KEYCLOAKCONNECT-575263,CVE-2020-1694,False,<10.0.0 ,https://github.com/keycloak/keycloak-nodejs-connect/commit/49f313dc831abd4e4901b6ac99e7f38f84688eb0
Remote Code Execution (RCE),locutus,https://security.snyk.io/vuln/SNYK-JS-LOCUTUS-575119,CVE-2020-13619,False,<2.0.13 ,https://github.com/locutusjs/locutus/commit/a05e9e733a84759fff85c4790056867e492476aa
Cross-site Scripting (XSS),tileserver-gl,https://security.snyk.io/vuln/SNYK-JS-TILESERVERGL-575121,CVE-2020-15500,False,<3.1.0 ,https://github.com/maptiler/tileserver-gl/commit/f8563e1f2be805c342edaa092c550b1ef6560f0f
Cryptographic Issues,bcrypt,https://security.snyk.io/vuln/SNYK-JS-BCRYPT-575033,,False,<5.0.0 ,n/a
Insecure Encryption,bcrypt,https://security.snyk.io/vuln/SNYK-JS-BCRYPT-572911,CVE-2020-7689,False,<5.0.0 ,n/a
Cross-site Scripting (XSS),jsoneditor,https://security.snyk.io/vuln/SNYK-JS-JSONEDITOR-575026,CVE-2020-23849,False,<9.0.2 ,https://github.com/josdejong/jsoneditor/commit/87bc7b256125541e4e32d1928bc5446361c9e738
Authorization Bypass,express-jwt,https://security.snyk.io/vuln/SNYK-JS-EXPRESSJWT-575022,CVE-2020-15084,False,<6.0.0 ,https://github.com/auth0/express-jwt/commit/7ecab5f8f0cab5297c2b863596566eb0c019cdef
Insecure Defaults,swagger-ui,https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-572012,,False,<3.26.1 ,https://github.com/swagger-api/swagger-ui/commit/a616cb471d31f04a28d185aeb1bcb83637afc3cf
Arbitrary Code Injection,wifiscanner,https://security.snyk.io/vuln/SNYK-JS-WIFISCANNER-574786,CVE-2020-15362,False,* ,n/a
Arbitrary Code Execution,gitlab-workflow,https://security.snyk.io/vuln/SNYK-JS-GITLABWORKFLOW-573137,CVE-2020-13279,False,* ,n/a
Server-side Request Forgery (SSRF),@uppy/companion,https://security.snyk.io/vuln/SNYK-JS-UPPYCOMPANION-574719,CVE-2020-8205,False,<1.13.2 >=2.0.0-alpha.0 <2.0.0-alpha.5 ,n/a
Cross-site Scripting (XSS),docsify,https://security.snyk.io/vuln/SNYK-JS-DOCSIFY-567099,CVE-2020-7680,True,<4.11.4 ,n/a
Cross-site Scripting (XSS),redoc,https://security.snyk.io/vuln/SNYK-JS-REDOC-574605,,False,<2.0.0-rc.28 ,https://github.com/Redocly/redoc/commit/62c01da420fca2137674ae562d4ecba54db97da9
Command Injection,mversion,https://security.snyk.io/vuln/SNYK-JS-MVERSION-573174,CVE-2020-7688,True,<2.0.1 ,https://github.com/mikaelbr/mversion/commit/b7a8b32600e60759a7ad3921ec4a2750bf173482
Remote Code Execution (RCE),bunyan,https://security.snyk.io/vuln/SNYK-JS-BUNYAN-573166,,False,<1.8.13 >=2.0.0 <2.0.3 ,https://github.com/trentm/node-bunyan/commit/9d68e23559b4c0245b05bb171c0de2064404a885
SQL Injection,influx,https://security.snyk.io/vuln/SNYK-JS-INFLUX-559587,,True,<5.5.3 ,n/a
Remote Code Execution (RCE),jsrsasign,https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-572938,CVE-2020-14968,False,<8.0.18 ,n/a
Memory Corruption,jsrsasign,https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-572937,CVE-2020-14967,False,<8.0.18 ,n/a
Command Injection,limdu,https://security.snyk.io/vuln/SNYK-JS-LIMDU-572951,CVE-2020-4066,False,* ,https://github.com/erelsgl/limdu/commit/03475a6a6bb253de6fad8f7f39cfb3504f11438d
Signature Bypass,jsrsasign,https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-572936,CVE-2020-14966,False,<8.0.18 ,n/a
Access Restriction Bypass,strapi,https://security.snyk.io/vuln/SNYK-JS-STRAPI-572909,CVE-2020-13961,False,<3.0.2 ,n/a
Arbitrary Command Injection,node-rsync,https://security.snyk.io/vuln/SNYK-JS-NODERSYNC-568773,,True,* ,n/a
Arbitrary Command Injection,scp,https://security.snyk.io/vuln/SNYK-JS-SCP-1009828,,True,* ,n/a
Directory Traversal,fast-http,https://security.snyk.io/vuln/SNYK-JS-FASTHTTP-572892,CVE-2020-7687,True,* ,n/a
Directory Traversal,marked-tree,https://security.snyk.io/vuln/SNYK-JS-MARKEDTREE-590121,CVE-2020-7682,True,* ,n/a
Directory Traversal,marscode,https://security.snyk.io/vuln/SNYK-JS-MARSCODE-590122,CVE-2020-7681,True,* ,n/a
Directory Traversal,rollup-plugin-server,https://security.snyk.io/vuln/SNYK-JS-ROLLUPPLUGINSERVER-590123,CVE-2020-7683,True,* ,n/a
Directory Traversal,rollup-plugin-dev-server,https://security.snyk.io/vuln/SNYK-JS-ROLLUPPLUGINDEVSERVER-590124,CVE-2020-7686,True,* ,n/a
Directory Traversal,rollup-plugin-serve-favicon,https://security.snyk.io/vuln/SNYK-JS-ROLLUPPLUGINSERVEFAVICON-585950,CVE-2020-7684,True,* ,https://github.com/thgh/rollup-plugin-serve/commit/3d144f2f47e86fcba34f5a144968da94220e3969
Directory Traversal,rollup-plugin-serve-favicon,https://security.snyk.io/vuln/SNYK-JS-ROLLUPPLUGINSERVEFAVICON-585950,CVE-2020-7684,True,* ,https://github.com/thgh/rollup-plugin-serve/commit/3d144f2f47e86fcba34f5a144968da94220e3969
Path Traversal,sapper,https://security.snyk.io/vuln/SNYK-JS-SAPPER-572858,,True,<0.27.11 ,n/a
Regular Expression Denial of Service (ReDoS),wappalyzer,https://security.snyk.io/vuln/SNYK-JS-WAPPALYZER-572854,,True,<6.0.3 ,n/a
Prototype Pollution,casperjs,https://security.snyk.io/vuln/SNYK-JS-CASPERJS-572803,CVE-2020-7679,True,* ,n/a
Improper Authorization,@sap-cloud-sdk/core,https://security.snyk.io/vuln/SNYK-JS-SAPCLOUDSDKCORE-572711,,False,>=1.19.0 <1.21.2 ,n/a
Directory Traversal,mjml,https://security.snyk.io/vuln/SNYK-JS-MJML-572496,CVE-2020-12827,False,<4.6.3 ,https://github.com/mjmlio/mjml/commit/30e29ed2cdaec8684d60a6d12ea07b611c765a12
Cryptographic Issues,elliptic,https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-571484,CVE-2020-13822,True,<6.5.3 ,n/a
Cross-site Scripting (XSS),dijit,https://security.snyk.io/vuln/SNYK-JS-DIJIT-572370,CVE-2020-4051,False,<1.11.11 >=1.12.0 <1.12.9 >=1.13.0 <1.13.8 >=1.14.0 <1.14.7 >=1.15.0 <1.15.4 >=1.16.0 <1.16.3 ,https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301
Remote Code Execution (RCE),mversion,https://security.snyk.io/vuln/SNYK-JS-MVERSION-572433,CVE-2020-4059,False,<2.0.0 ,https://github.com/mikaelbr/mversion/commit/6c76c9efd27c7ff5a5c6f187e8b7a435c4722338
Cross-site Scripting (XSS),tui-editor,https://security.snyk.io/vuln/SNYK-JS-TUIEDITOR-571463,,True,<2.2.0 ,n/a
Arbitrary Code Execution,thenify,https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690,CVE-2020-7677,True,<3.3.1 ,https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a
Arbitrary Code Execution,node-import,https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691,CVE-2020-7678,True,* ,n/a
Server-side Request Forgery (SSRF),redash,https://security.snyk.io/vuln/SNYK-JS-REDASH-572119,CVE-2020-12725,False,* ,n/a
Information Exposure,ssb-db,https://security.snyk.io/vuln/SNYK-JS-SSBDB-572109,CVE-2020-4045,False,>=20.0.0 <20.0.1 ,https://github.com/ssbc/ssb-db/commit/43334d0871c9cc6220e0f6d6338499060f7761d4
Information Exposure,ssb-server,https://security.snyk.io/vuln/SNYK-JS-SSBSERVER-572110,CVE-2020-4045,False,>=16.0.0 <16.0.1 ,https://github.com/ssbc/ssb-db/commit/43334d0871c9cc6220e0f6d6338499060f7761d4
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/SNYK-JS-ANGULAR-572020,,True,<1.8.0 ,https://github.com/angular/angular.js/commit/2df43c07779137d1bddf7f3b282a1287a8634acd
Cross-site Scripting (XSS),layui-src,https://security.snyk.io/vuln/SNYK-JS-LAYUISRC-572018,,True,* ,n/a
Cross-site Scripting (XSS),vue-instantsearch,https://security.snyk.io/vuln/SNYK-JS-VUEINSTANTSEARCH-572014,,False,<3.0.0 ,https://github.com/algolia/vue-instantsearch/commit/0b205203968b1c76d7e4abccc45f580e9c4df833
Cross-site Scripting (XSS),highcharts,https://security.snyk.io/vuln/SNYK-JS-HIGHCHARTS-571995,,True,<7.2.2 >=8.0.0 <8.1.1 ,n/a
Arbitrary File Read,next,https://security.snyk.io/vuln/SNYK-JS-NEXT-571938,,False,<5.1.0 ,https://github.com/vercel/next.js/commit/c8da345765e1e96b98a1625acfd70470956505de#diff-b98f02bc5ed76ee139b182c00ce7b559
Command Injection,devcert,https://security.snyk.io/vuln/SNYK-JS-DEVCERT-571955,CVE-2020-8186,False,<1.1.1 ,https://github.com/davewasmer/devcert/commit/e0e8ae31c7a5f2371f091f27ced65ed43e7752c2
Cross-site Scripting (XSS),graphql-playground-html,https://security.snyk.io/vuln/SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775,CVE-2020-4038,False,<1.6.22 ,https://github.com/prisma-labs/graphql-playground/commit/bf1883db538c97b076801a60677733816cb3cfb7
Information Exposure,apollo-server-core,https://security.snyk.io/vuln/SNYK-JS-APOLLOSERVERCORE-571663,,False,<2.14.2 ,https://github.com/apollographql/apollo-server/commit/e2e816316f5c28a03de2ee1589edb2b10c358114
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/SNYK-JS-ANGULAR-570058,CVE-2020-7676,False,<1.8.0 ,n/a
Arbitrary Code Execution,node-extend,https://security.snyk.io/vuln/SNYK-JS-NODEEXTEND-571491,CVE-2020-7673,True,* ,n/a
Arbitrary Code Execution,access-policy,https://security.snyk.io/vuln/SNYK-JS-ACCESSPOLICY-571490,CVE-2020-7674,True,* ,n/a
Arbitrary Code Execution,mosc,https://security.snyk.io/vuln/SNYK-JS-MOSC-571492,CVE-2020-7672,True,* ,n/a
Arbitrary Code Execution,cd-messenger,https://security.snyk.io/vuln/SNYK-JS-CDMESSENGER-571493,CVE-2020-7675,True,* ,n/a
Prototype Pollution,@fluentui/styles,https://security.snyk.io/vuln/SNYK-JS-FLUENTUISTYLES-570808,,True,<0.50.0 ,n/a
Prototype Pollution,@uifabric/utilities,https://security.snyk.io/vuln/SNYK-JS-UIFABRICUTILITIES-571487,,True,<7.20.3 ,n/a
Server-side Request Forgery (SSRF),ghost,https://security.snyk.io/vuln/SNYK-JS-GHOST-571479,,False,<2.38.2 ,n/a
Denial of Service (DoS),html-to-text,https://security.snyk.io/vuln/SNYK-JS-HTMLTOTEXT-571464,,False,<6.0.0 ,n/a
SQL Injection,@nozbe/watermelondb,https://security.snyk.io/vuln/SNYK-JS-NOZBEWATERMELONDB-571372,CVE-2020-4035,False,<0.15.1 ,https://github.com/Nozbe/WatermelonDB/commit/924c7ae2a8d7d6459656751e5b9b1bf91a218025
Cross-site Scripting (XSS),@elastic/app-search-javascript,https://security.snyk.io/vuln/SNYK-JS-ELASTICAPPSEARCHJAVASCRIPT-571374,CVE-2020-7011,False,<7.7.0 ,n/a
Cross-site Scripting (XSS),@elastic/app-search-node,https://security.snyk.io/vuln/SNYK-JS-ELASTICAPPSEARCHNODE-571373,CVE-2020-7011,False,<7.7.0 ,n/a
Prototype Pollution,kibana,https://security.snyk.io/vuln/SNYK-JS-KIBANA-571291,CVE-2020-7012,False,>=6.7.0 <6.8.9 >=7.0.0 <7.6.3 ,n/a
Prototype Pollution,kibana,https://security.snyk.io/vuln/SNYK-JS-KIBANA-571290,CVE-2020-7013,False,<6.8.9 <7.7.0 ,n/a
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/SNYK-JS-KIBANA-571289,CVE-2020-7015,False,<6.8.9 <7.7.0 ,n/a
Remote Memory Exposure,node-addon-api,https://security.snyk.io/vuln/SNYK-JS-NODEADDONAPI-571001,,False,>=0.0.0 <1.7.2 >=2.0.0 <2.0.1 ,https://github.com/nodejs/node-addon-api/commit/265fea9edd5f2ae9fc5be020ea72b6a117accdba
HTML Injection,nervjs,https://security.snyk.io/vuln/SNYK-JS-NERVJS-571003,,False,<1.5.7 ,https://github.com/NervJS/nerv/commit/50dbefc8a5a683259d932e5fbf7c17bc473a968a
Regular Expression Denial of Service (ReDoS),websocket-extensions,https://security.snyk.io/vuln/SNYK-JS-WEBSOCKETEXTENSIONS-570623,CVE-2020-7663,True,<0.1.4 ,https://github.com/faye/websocket-extensions-node/commit/29496f6838bfadfe5a2f85dff33ed0ba33873237
Regular Expression Denial of Service (ReDoS),url-regex,https://security.snyk.io/vuln/SNYK-JS-URLREGEX-569472,CVE-2020-7661,True,* ,n/a
Insufficient Input Validation,bson-objectid,https://security.snyk.io/vuln/SNYK-JS-BSONOBJECTID-570765,CVE-2019-19729,True,* ,n/a
Arbitrary Code Injection,serialize-javascript,https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-570062,CVE-2020-7660,True,<3.1.0 ,https://github.com/yahoo/serialize-javascript/commit/f21a6fb3ace2353413761e79717b2d210ba6ccbd
Remote Code Execution (RCE),dns-sync,https://security.snyk.io/vuln/SNYK-JS-DNSSYNC-570585,CVE-2020-11079,False,<0.2.0 ,https://github.com/skoranga/node-dns-sync/commit/cb10a5ac7913eacc031ade7d91596277f31645dc
Information Exposure,snyk-broker,https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570613,CVE-2020-7654,False,<4.73.1 ,https://github.com/snyk/broker/commit/7ab581db3234dfd257ed77a055601ec6e396becc
Arbitrary File Read,snyk-broker,https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570612,CVE-2020-7653,False,<4.80.0 ,n/a
Arbitrary File Read,snyk-broker,https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570611,CVE-2020-7652,False,<4.80.0 ,n/a
Arbitrary File Read,snyk-broker,https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570610,CVE-2020-7651,False,<4.79.0 ,
Arbitrary File Read,snyk-broker,https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570609,CVE-2020-7650,False,>=4.72.0 <4.73.1 ,https://github.com/snyk/broker/commit/cda1ad74fbaa4642e3fcd0386ce39fcbfe3dea24
Directory Traversal,snyk-broker,https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570608,CVE-2020-7649,False,<4.73.0 ,https://github.com/snyk/broker/commit/90e0bac07a800b7c4c6646097c9c89d6b878b429
Arbitrary File Read,snyk-broker,https://security.snyk.io/vuln/SNYK-JS-SNYKBROKER-570607,CVE-2020-7648,False,<4.72.2 ,https://github.com/snyk/broker/commit/3e5654e7df9c9bb547da69d6db4b303c825d4dee
Information Exposure,appium,https://security.snyk.io/vuln/SNYK-JS-APPIUM-570540,,False,<1.18.0-beta.0 ,n/a
Regular Expression Denial of Service (ReDoS),codemirror,https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-569611,,False,<5.54.0 ,https://github.com/codemirror/CodeMirror/commit/890cb6bea3e73118d69f4e279da1dff57d7e4627
Command Injection,jison,https://security.snyk.io/vuln/SNYK-JS-JISON-570539,CVE-2020-8178,False,* ,n/a
Credential Exposure,aegir,https://security.snyk.io/vuln/SNYK-JS-AEGIR-570512,CVE-2020-11059,False,>=21.7.0 <21.10.1 ,n/a
Cross-site Scripting (XSS),bootstrap-select,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457,,True,<1.13.6 ,n/a
Signature Validation Bypass,electron-updater,https://security.snyk.io/vuln/SNYK-JS-ELECTRONUPDATER-567704,,False,<4.3.1 ,n/a
Cross-site Scripting (XSS),markdown-to-jsx,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-570059,,False,<6.11.4 ,https://github.com/probablyup/markdown-to-jsx/commit/105d6a6998f9fb23795843355da4a7ed1e106a29
Insecure Configuration,vega-embed,https://security.snyk.io/vuln/SNYK-JS-VEGAEMBED-567898,,False,<6.7.0 ,https://github.com/vega/vega-embed/commit/9ec8ecd8c3fb593e13f58e48539d0f7698dd64ba
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-570624,CVE-2020-6467,False,<8.3.1 ,n/a
Type Confusion,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-570833,CVE-2020-6468,True,<7.3.1 ,n/a
Cross-site Scripting (XSS),jquery,https://security.snyk.io/vuln/SNYK-JS-JQUERY-569619,CVE-2020-7656,True,<1.9.0 ,n/a
Arbitrary Code Execution,front-matter,https://security.snyk.io/vuln/SNYK-JS-FRONTMATTER-569103,,False,<4.0.1 ,https://github.com/jxson/front-matter/commit/1d9094f639f302d932d3a041cc215bbfcc6db51e
Improper Output Neutralization for Logs,generator-jhipster,https://security.snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-568301,,False,<6.9.0 ,https://github.com/jhipster/generator-jhipster/commit/579af972bbde63a0691cb2769b7365b832ccfac4
Cryptographic Issues,openpgp,https://security.snyk.io/vuln/SNYK-JS-OPENPGP-569476,,False,<0.10.0 ,n/a
Denial of Service (DoS),http-proxy,https://security.snyk.io/vuln/SNYK-JS-HTTPPROXY-569139,,True,<1.18.1 ,n/a
Buffer Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-569122,CVE-2020-6831,False,>=6.0.0 <6.1.12 >=7.0.0 <7.3.0 >=8.0.0 <8.3.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-569120,CVE-2020-6463,False,>=6.0.0 <6.1.12 >=7.0.0 <7.3.0 >=8.0.0 <8.3.0 ,n/a
Improper Validation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-569117,CVE-2020-6460,False,>=6.0.0 <6.1.12 >=7.0.0 <7.3.0 >=8.0.0 <8.3.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-569114,CVE-2020-6459,False,>=6.0.0 <6.1.12 >=7.0.0 <7.3.0 >=8.0.0 <8.3.0 ,n/a
Cross-site Scripting (XSS),summernote,https://security.snyk.io/vuln/SNYK-JS-SUMMERNOTE-568471,,False,* ,n/a
Prototype Pollution,objutil,https://security.snyk.io/vuln/SNYK-JS-OBJUTIL-559496,,True,* ,n/a
DLL Injection,kerberos,https://security.snyk.io/vuln/SNYK-JS-KERBEROS-568900,CVE-2020-13110,True,<1.0.0 ,n/a
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/SNYK-JS-TINYMCE-568922,CVE-2019-1010091,False,<4.9.10 >=5.0.0 <5.2.2 ,https://github.com/tinymce/tinymce/pull/5593/files
Improper Validation,slp-validate,https://security.snyk.io/vuln/SNYK-JS-SLPVALIDATE-568898,CVE-2020-11072,False,<1.2.1 ,https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754
Improper Validation,slpjs,https://security.snyk.io/vuln/SNYK-JS-SLPJS-568899,CVE-2020-11072,False,<0.27.2 ,https://github.com/simpleledger/slpjs/commit/3671be2ffb6d4cfa94c00c6dc8649d1ba1d75754
Cross-site Scripting (XSS),buefy,https://security.snyk.io/vuln/SNYK-JS-BUEFY-567814,,False,<0.8.18 ,https://github.com/buefy/buefy/commit/f0ff2ae65fee34e247e74e6ab4881c929928c066
Remote Code Execution (RCE),logkitty,https://security.snyk.io/vuln/SNYK-JS-LOGKITTY-568763,CVE-2020-8149,True,<0.7.1 ,n/a
Type Confusion,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-569113,CVE-2020-6464,False,>=6.0.0 <6.1.12 >=7.0.0 <7.3.0 >=8.0.0 <8.3.0 ,n/a
Cross-site Scripting (XSS),instantsearch.js,https://security.snyk.io/vuln/SNYK-JS-INSTANTSEARCHJS-568472,,True,<4.3.1 ,https://github.com/algolia/instantsearch.js/commit/8552221eff17a4ae5ba9c454054b0eb6e002934d
Out-of-bounds Write,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-568790,CVE-2020-6458,False,>=7.0.0 <7.3.0 >=8.0.0 <8.3.0 ,n/a
Arbitrary File Read,curlrequest,https://security.snyk.io/vuln/SNYK-JS-CURLREQUEST-568274,CVE-2020-7646,True,* ,n/a
Regular Expression Denial of Service (ReDoS),markdown,https://security.snyk.io/vuln/SNYK-JS-MARKDOWN-560793,,True,* ,n/a
Cross-site Scripting (XSS),jquery,https://security.snyk.io/vuln/SNYK-JS-JQUERY-567880,CVE-2020-11022,True,>=1.2.0 <3.5.0 ,https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
Information Disclosure,@actions/http-client,https://security.snyk.io/vuln/SNYK-JS-ACTIONSHTTPCLIENT-567876,CVE-2020-11021,False,<1.0.8 ,https://github.com/actions/http-client/commit/f6aae3dda4f4c9dc0b49737b36007330f78fd53a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-569042,CVE-2020-6461,False,>=6.0.0 <6.1.12 >=7.0.0 <7.3.0 >=8.0.0 <8.3.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-569099,CVE-2020-6462,False,>=6.0.0 <6.1.12 >=7.0.0 <7.3.0 >=8.0.0 <8.3.0 ,https://github.com/electron/electron/pull/23519#issuecomment-627758777
Prototype Pollution,@sailshq/lodash,https://security.snyk.io/vuln/SNYK-JS-SAILSHQLODASH-567754,CVE-2020-8203,True,* ,n/a
Prototype Pollution,lodash,https://security.snyk.io/vuln/SNYK-JS-LODASH-567746,CVE-2020-8203,True,<4.17.16 ,n/a
Improper Access Control,faye,https://security.snyk.io/vuln/SNYK-JS-FAYE-567757,CVE-2020-11020,False,<1.0.4 >=1.1.0 <1.1.3 >=1.2.0 <1.2.5 ,https://github.com/faye/faye/commit/3e22055d314f3dfb4e087cccedd40b21c91788a8
Prototype Pollution,handlebars,https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-567742,,False,<4.6.0 ,n/a
Remote Code Execution (RCE),git-promise,https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476,,True,<1.0.0 ,https://github.com/piuccio/git-promise/commit/ce122adb7b7ceae3813abeedadf73d57a67d39ba
Cross-Site Request Forgery (CSRF),faye,https://security.snyk.io/vuln/SNYK-JS-FAYE-567269,,False,<1.1.0 ,https://github.com/faye/faye/commit/de93b9d1bb7397631d8357325b4af665f8c1f1e1
Arbitrary File Read,macaddress,https://security.snyk.io/vuln/SNYK-JS-MACADDRESS-567156,,False,<0.4.3 ,https://github.com/scravy/node-macaddress/commit/ca9e24df906c9066d49fba658e35ce44584552c7
Denial of Service (DoS),jpeg-js,https://security.snyk.io/vuln/SNYK-JS-JPEGJS-570039,CVE-2020-8175,False,<0.4.0 ,https://github.com/eugeneware/jpeg-js/commit/135705b1510afb6cb4275a4655d92c58f6843e79
Cross-site Scripting (XSS),lazysizes,https://security.snyk.io/vuln/SNYK-JS-LAZYSIZES-567144,CVE-2020-7642,True,<5.2.1-rc1 ,https://github.com/aFarkas/lazysizes/commit/3720ab8262552d4e063a38d8492f9490a231fd48
Cross-site Scripting (XSS),froala-editor,https://security.snyk.io/vuln/SNYK-JS-FROALAEDITOR-598256,CVE-2019-19935,False,<3.2.2 ,https://github.com/froala/wysiwyg-editor/commit/eb1ccbd0f4004427bfaff1450b6187c6d2cfb9eb
Cross-site Scripting (XSS),svg2png,https://security.snyk.io/vuln/SNYK-JS-SVG2PNG-567041,CVE-2020-11887,False,* ,n/a
Command Injection,gry,https://security.snyk.io/vuln/SNYK-JS-GRY-566987,,True,<6.0.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-569109,CVE-2020-6457,False,>=6.0.0 <6.1.12 >=7.0.0 <7.3.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565571,CVE-2020-6429,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0 <8.2.0 ,n/a
Buffer Underflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565488,,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0-beta.1 <8.2.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565490,,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0-beta.1 <8.2.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565705,,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0-beta.1 <8.0.0-beta.6 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565709,,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0-beta.1 <8.2.1 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565494,,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0-beta.1 <8.2.1 ,n/a
Site Isolation Bypass,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565713,,False,<7.2.2 >=8.0.0-beta.1 <8.2.1 ,n/a
Cross-site Request Forgery (CSRF),@fraction/oasis,https://security.snyk.io/vuln/SNYK-JS-FRACTIONOASIS-565719,CVE-2020-11003,False,<2.15.0 ,https://github.com/fraction/oasis/commit/012db59be279f34095e7e9860f29f19e287c9a99
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565364,CVE-2020-6422,False,>=7.0.0 <7.2.2 >=8.0.0 <8.2.1 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565366,CVE-2020-6428,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0 <8.2.1 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565368,CVE-2020-6449,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0 <8.2.1 ,n/a
Cross-site Scripting (XSS),jquery,https://security.snyk.io/vuln/SNYK-JS-JQUERY-565129,CVE-2020-11023,True,>=1.5.1 <3.5.0 ,https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-575475,CVE-2020-6454,False,>=8.0.0 <8.4.0 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565329,CVE-2020-6423,False,>=7.0.0 <7.2.2 >=8.0.0 <8.2.2 >=9.0.0-beta.1 <9.0.0-beta.10 ,n/a
Improper Access Control,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565362,CVE-2020-6426,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0 <8.2.1 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565441,CVE-2020-6427,False,>=8.0.0 <8.2.1 <7.2.2 ,n/a
Command Injection,vizion,https://security.snyk.io/vuln/SNYK-JS-VIZION-565230,,False,<2.1.0 ,https://github.com/keymetrics/vizion/commit/15d7bbebffe0ad616623a5f3ffe65a503f7ade99
Malicious Package,m-backdoor,https://security.snyk.io/vuln/SNYK-JS-MBACKDOOR-565090,,False,* ,n/a
Prototype Pollution,grunt-util-property,https://security.snyk.io/vuln/SNYK-JS-GRUNTUTILPROPERTY-565088,CVE-2020-7641,True,* ,n/a
Prototype Pollution,paypal-adaptive,https://security.snyk.io/vuln/SNYK-JS-PAYPALADAPTIVE-565089,CVE-2020-7643,True,* ,n/a
Insufficiently Protected Credentials,auth0-js,https://security.snyk.io/vuln/SNYK-JS-AUTH0JS-565004,CVE-2020-5263,False,>=8.0.0 <9.13.2 ,https://github.com/auth0/auth0.js/commit/355ca749b229fb93142f0b3978399b248d710828
Cross-Site Request Forgery (CSRF),ghost,https://security.snyk.io/vuln/SNYK-JS-GHOST-564439,,False,<3.13.0 ,https://github.com/TryGhost/Ghost/commit/a701ee70239fb77943ab878ec87615d776218daa
Arbitrary Code Execution,pixl-class,https://security.snyk.io/vuln/SNYK-JS-PIXLCLASS-564968,CVE-2020-7640,False,<1.0.3 ,https://github.com/jhuckaby/pixl-class/commit/47677a3638e3583e42f3a05cc7f0b30293d2acc8
Arbitrary Code Execution,fun-map,https://security.snyk.io/vuln/SNYK-JS-FUNMAP-564436,CVE-2020-7640,False,* ,https://github.com/jhuckaby/pixl-class/commit/47677a3638e3583e42f3a05cc7f0b30293d2acc8
Buffer Overflow,node-weakauras-parser,https://security.snyk.io/vuln/SNYK-JS-NODEWEAKAURASPARSER-564886,,False,>=1.0.4 <1.0.5 >=2.0.0 <2.0.2 >=3.0.0 <3.0.1 ,https://github.com/Zireael-N/node-weakauras-parser/commit/bc146da09db689e554d28e948f1cf1c138f09f69#diff-023afe6291ac9ada88788108cb3367b3R38-R43
Cross-site Scripting (XSS),react-dom,https://security.snyk.io/vuln/npm:react-dom:20180802,CVE-2018-6341,False,>=16.0.0 <16.0.1 >=16.1.0 <16.1.2 >=16.2.0 <16.2.1 >=16.3.0 <16.3.3 >=16.4.0 <16.4.2 ,https://github.com/facebook/react/pull/13302/commits/cac762a32b322f5d99a5a8c807cf70f16a948fd8
Cross-site Scripting (XSS),vue,https://security.snyk.io/vuln/npm:vue:20180802,CVE-2018-6341,False,<2.5.17 ,https://github.com/facebook/react/pull/13302/commits/cac762a32b322f5d99a5a8c807cf70f16a948fd8
Cross-site Scripting (XSS),svelte,https://security.snyk.io/vuln/SNYK-JS-SVELTE-564437,CVE-2018-6341,False,<2.9.8 ,https://github.com/facebook/react/pull/13302/commits/cac762a32b322f5d99a5a8c807cf70f16a948fd8
Cross-site Scripting (XSS),preact-render-to-string,https://security.snyk.io/vuln/npm:preact-render-to-string:20180802,CVE-2018-6341,False,<3.7.2 ,https://github.com/facebook/react/pull/13302/commits/cac762a32b322f5d99a5a8c807cf70f16a948fd8
Prototype Pollution,eivindfjeldstad-dot,https://security.snyk.io/vuln/SNYK-JS-EIVINDFJELDSTADDOT-564434,CVE-2020-7639,True,* ,https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b
Command Injection,adb-driver,https://security.snyk.io/vuln/SNYK-JS-ADBDRIVER-564430,CVE-2020-7636,True,* ,n/a
Command Injection,diskusage-ng,https://security.snyk.io/vuln/SNYK-JS-DISKUSAGENG-564425,CVE-2020-7631,True,<1.0.0 ,https://github.com/iximiuz/node-diskusage-ng/commit/48e7e093486b528f0c81ec699573e0e4a431b8d3#diff-38182cfe286a150ebcc88df0ec57ed66
Prototype Pollution,@eivifj/dot,https://security.snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435,CVE-2020-7639,True,<1.0.3 ,https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b
Command Injection,node-mpv,https://security.snyk.io/vuln/SNYK-JS-NODEMPV-564426,CVE-2020-7632,True,>=0.12.2 ,n/a
Prototype Pollution,confinit,https://security.snyk.io/vuln/SNYK-JS-CONFINIT-564433,CVE-2020-7638,True,<0.4.0 ,n/a
Command Injection,compass-compile,https://security.snyk.io/vuln/SNYK-JS-COMPASSCOMPILE-564429,CVE-2020-7635,True,* ,n/a
Prototype Pollution,class-transformer,https://security.snyk.io/vuln/SNYK-JS-CLASSTRANSFORMER-564431,CVE-2020-7637,True,<0.3.1 ,n/a
Command Injection,apiconnect-cli-plugins,https://security.snyk.io/vuln/SNYK-JS-APICONNECTCLIPLUGINS-564427,CVE-2020-7633,True,>=1.0.1 ,n/a
Command Injection,heroku-addonpool,https://security.snyk.io/vuln/SNYK-JS-HEROKUADDONPOOL-564428,CVE-2020-7634,True,<0.1.16 ,https://github.com/nodef/heroku-addonpool/commit/b1a5b316473ac92d783f3d54ee048d54082da38d
Heap Overflow,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565051,CVE-2020-6452,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0 <8.2.1 ,n/a
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-564272,CVE-2020-6451,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0 <8.2.1 ,n/a
Regular Expression Denial of Service (ReDoS),papaparse,https://security.snyk.io/vuln/SNYK-JS-PAPAPARSE-564258,,False,<5.2.0 ,https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621
Command Injection,effect,https://security.snyk.io/vuln/SNYK-JS-EFFECT-564256,CVE-2020-7624,True,* ,n/a
Command Injection,git-add-remote,https://security.snyk.io/vuln/SNYK-JS-GITADDREMOTE-564269,CVE-2020-7630,True,* ,n/a
Command Injection,op-browser,https://security.snyk.io/vuln/SNYK-JS-OPBROWSER-564259,CVE-2020-7625,True,<1.0.9 ,n/a
Command Injection,umount,https://security.snyk.io/vuln/SNYK-JS-UMOUNT-564265,CVE-2020-7628,True,* ,n/a
Command Injection,karma-mojo,https://security.snyk.io/vuln/SNYK-JS-KARMAMOJO-564260,CVE-2020-7626,True,* ,n/a
Command Injection,strong-nginx-controller,https://security.snyk.io/vuln/SNYK-JS-STRONGNGINXCONTROLLER-564248,CVE-2020-7621,True,* ,n/a
Command Injection,jscover,https://security.snyk.io/vuln/SNYK-JS-JSCOVER-564250,CVE-2020-7623,False,* ,n/a
Command Injection,install-package,https://security.snyk.io/vuln/SNYK-JS-INSTALLPACKAGE-564267,CVE-2020-7629,True,<0.4.1 ,n/a
Command Injection,node-key-sender,https://security.snyk.io/vuln/SNYK-JS-NODEKEYSENDER-564261,CVE-2020-7627,True,* ,n/a
Command Injection,karma-mojo,https://security.snyk.io/vuln/SNYK-JS-KARMAMOJO-564260,CVE-2020-7626,True,* ,n/a
Command Injection,npm-programmatic,https://security.snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115,CVE-2020-7614,True,* ,n/a
Prototype Pollution,ini-parser,https://security.snyk.io/vuln/SNYK-JS-INIPARSER-564122,CVE-2020-7617,True,* ,n/a
Prototype Pollution,sds,https://security.snyk.io/vuln/SNYK-JS-SDS-564123,CVE-2020-7618,True,<4.0.0 ,https://github.com/monsterkodi/sds/commit/a228f025fd1be033088b7abbc0f77118d573f216
Command Injection,fsa,https://security.snyk.io/vuln/SNYK-JS-FSA-564118,CVE-2020-7615,True,* ,n/a
Command Injection,clamscan,https://security.snyk.io/vuln/SNYK-JS-CLAMSCAN-564113,CVE-2020-7613,True,<1.3.0 ,https://github.com/kylefarris/clamscan/commit/5f557c970817fe8c578ec3f7ad3bcbcef4cf5538
Prototype Pollution,express-mock-middleware,https://security.snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120,CVE-2020-7616,True,* ,n/a
Timing Attack,jsrsasign,https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-561755,,False,<8.0.13 ,https://github.com/kjur/jsrsasign/commit/9dcb89c57408a3d4b5b66aa9138426bd92819e73
Path Traversal,next,https://security.snyk.io/vuln/SNYK-JS-NEXT-561584,CVE-2020-5284,False,<9.3.2 ,n/a
Regular Expression Denial of Service (ReDoS),mocha,https://security.snyk.io/vuln/SNYK-JS-MOCHA-561476,,False,<6.0.0 ,https://github.com/mochajs/mocha/commit/1a43d8b11a64e4e85fe2a61aed91c259bbbac559
Signature Validation Bypass,electron-updater,https://security.snyk.io/vuln/SNYK-JS-ELECTRONUPDATER-561421,,False,<4.2.2 ,n/a
Regular Expression Denial of Service (ReDoS),prismjs,https://security.snyk.io/vuln/SNYK-JS-PRISMJS-561410,,False,<1.5.0 ,https://github.com/PrismJS/prism/commit/ab65be2
Cross-site Scripting (XSS),tui-editor,https://security.snyk.io/vuln/SNYK-JS-TUIEDITOR-561349,,True,>=0.0.0 ,n/a
Cross-site Scripting (XSS),@toast-ui/editor,https://security.snyk.io/vuln/SNYK-JS-TOASTUIEDITOR-570416,,True,<2.1.0 ,n/a
Insufficient Validation,google-closure-library,https://security.snyk.io/vuln/SNYK-JS-GOOGLECLOSURELIBRARY-561341,CVE-2020-8910,False,<20200315.0.0 ,https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9
Improper Authentication,eth-ledger-bridge-keyring,https://security.snyk.io/vuln/SNYK-JS-ETHLEDGERBRIDGEKEYRING-561121,,False,<0.2.1 ,https://github.com/MetaMask/eth-ledger-bridge-keyring/commit/f32e529d13a53e55f558d903534d631846dc26ce
Improper Authentication,@metamask/eth-ledger-bridge-keyring,https://security.snyk.io/vuln/SNYK-JS-METAMASKETHLEDGERBRIDGEKEYRING-561120,,False,<0.2.2 ,https://github.com/MetaMask/eth-ledger-bridge-keyring/commit/f32e529d13a53e55f558d903534d631846dc26ce
Directory Traversal,sapper,https://security.snyk.io/vuln/SNYK-JS-SAPPER-561051,,True,<0.27.11 ,https://github.com/sveltejs/sapper/commit/63ffe9043170fbed8a5d260decfdc05e4440a555
Internal Property Tampering,bson,https://security.snyk.io/vuln/SNYK-JS-BSON-561052,CVE-2020-7610,False,>=1.0.0 <1.1.4 ,https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8
Prototype Pollution,utils-extend,https://security.snyk.io/vuln/SNYK-JS-UTILSEXTEND-560385,CVE-2020-8147,True,* ,n/a
Machine-In-The-Middle,lix,https://security.snyk.io/vuln/SNYK-JS-LIX-560905,CVE-2020-10800,False,* ,n/a
Cross-site Sripting  (XSS),htmr,https://security.snyk.io/vuln/SNYK-JS-HTMR-560840,,True,<0.8.7 ,n/a
Arbitrary Code Execution,node-rules,https://security.snyk.io/vuln/SNYK-JS-NODERULES-560426,CVE-2020-7609,False,>=3.0.0 <5.0.0 ,n/a
Prototype Pollution,yargs-parser,https://security.snyk.io/vuln/SNYK-JS-YARGSPARSER-560381,CVE-2020-7608,True,>5.0.0-security.0 <5.0.1 >=6.0.0 <13.1.2 >=14.0.0 <15.0.1 >=16.0.0 <18.1.1 ,n/a
Command Injection,gulp-styledocco,https://security.snyk.io/vuln/SNYK-JS-GULPSTYLEDOCCO-560126,CVE-2020-7607,True,* ,n/a
Command Injection,docker-compose-remote-api,https://security.snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125,CVE-2020-7606,True,* ,n/a
Command Injection,gulp-tape,https://security.snyk.io/vuln/SNYK-JS-GULPTAPE-560124,CVE-2020-7605,True,* ,n/a
Command Injection,closure-compiler-stream,https://security.snyk.io/vuln/SNYK-JS-CLOSURECOMPILERSTREAM-560123,CVE-2020-7603,True,* ,n/a
Command Injection,pulverizr,https://security.snyk.io/vuln/SNYK-JS-PULVERIZR-560122,CVE-2020-7604,True,* ,n/a
Command Injection,node-prompt-here,https://security.snyk.io/vuln/SNYK-JS-NODEPROMPTHERE-560115,CVE-2020-7602,True,* ,n/a
Command Injection,gulp-scss-lint,https://security.snyk.io/vuln/SNYK-JS-GULPSCSSLINT-560114,CVE-2020-7601,True,* ,n/a
Prototype Pollution,querymen,https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867,CVE-2020-7600,True,<2.1.4 ,https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef
Prototype Pollution,dojo,https://security.snyk.io/vuln/SNYK-JS-DOJO-559224,CVE-2020-5258,True,<1.11.10 >=1.12.1 <1.12.8 >=1.13.0 <1.13.7 >=1.14.0 <1.14.6 >=1.15.0 <1.15.3 >=1.16.0 <1.16.2 ,https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d
Prototype Pollution,dojox,https://security.snyk.io/vuln/SNYK-JS-DOJOX-559225,CVE-2020-5259,False,<1.12.8 >=1.13.0 <1.13.7 >=1.14.0 <1.14.6 >=1.15.0 <1.15.3 >=1.16.0 <1.16.2 ,n/a
Prototype Pollution,minimist,https://security.snyk.io/vuln/SNYK-JS-MINIMIST-559764,CVE-2020-7598,True,<0.2.1 >=1.0.0 <1.2.3 ,n/a
Command Injection,blamer,https://security.snyk.io/vuln/SNYK-JS-BLAMER-559541,CVE-2019-10807,True,<1.0.1 ,https://github.com/kucherenko/blamer/commit/5fada8c9b6986ecd28942b724fa682e77ce1e11c
Server Side Request Forgery (SSRF),ghost,https://security.snyk.io/vuln/SNYK-JS-GHOST-559536,CVE-2020-8134,True,<2.38.1 >=3.0.0 <3.10.0 ,n/a
Out-of-bounds Read,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-565052,CVE-2019-20503,False,<6.1.10 >=7.0.0 <7.2.2 >=8.0.0 <8.2.0 ,https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467
Cross-site Scripting (XSS),ckeditor4-dev,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR4DEV-559506,CVE-2020-9281,False,<4.14.0 ,https://github.com/ckeditor/ckeditor4/commit/0e15fa67271bd2e8b165c48368968f2e908860d7
Prototype Pollution,utilitify,https://security.snyk.io/vuln/SNYK-JS-UTILITIFY-559497,CVE-2019-10808,True,<1.0.3 ,https://github.com/xcritical-software/utilitify/commit/88d6e27009823338bf319ffb768fe6b08e8ad2d1
Regular Expression Denial of Service (ReDoS),acorn,https://security.snyk.io/vuln/SNYK-JS-ACORN-559469,,False,>=5.5.0 <5.7.4 >=6.0.0 <6.4.1 >=7.0.0 <7.1.1 ,https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
Improper Access Control,vp-toolkit,https://security.snyk.io/vuln/SNYK-JS-VPTOOLKIT-559428,,False,<0.2.2 ,n/a
Improper Access Control,vp-toolkit,https://security.snyk.io/vuln/SNYK-JS-VPTOOLKIT-559427,,False,<0.2.2 ,n/a
Prototype Pollution,vega-util,https://security.snyk.io/vuln/SNYK-JS-VEGAUTIL-559223,CVE-2019-10806,True,<1.13.1 ,n/a
Cross-site Scripting (XSS),jquery-confirm,https://security.snyk.io/vuln/SNYK-JS-JQUERYCONFIRM-548943,,True,* ,n/a
Prototype Pollution,notevil,https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-559176,,False,<1.3.3 ,n/a
Improper Input Validation,parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-559169,CVE-2020-5251,False,<4.1.0 ,n/a
Improper Authorization,react-oauth-flow,https://security.snyk.io/vuln/SNYK-JS-REACTOAUTHFLOW-559019,,False,>=0.0.0 ,n/a
Prototype Pollution,uppy,https://security.snyk.io/vuln/SNYK-JS-UPPY-559068,CVE-2020-8137,True,<1.9.3 ,https://github.com/transloadit/uppy/commit/d98384989fd00d955a7de1504d48433357a3b2e5
Prototype Pollution,fastify,https://security.snyk.io/vuln/SNYK-JS-FASTIFY-559018,CVE-2020-8137,True,<1.0.5 ,https://github.com/transloadit/uppy/commit/d98384989fd00d955a7de1504d48433357a3b2e5
Internal Property Tampering,valib,https://security.snyk.io/vuln/SNYK-JS-VALIB-559015,CVE-2019-10805,True,* ,n/a
Command Injection,serial-number,https://security.snyk.io/vuln/SNYK-JS-SERIALNUMBER-559010,CVE-2019-10804,True,* ,n/a
Command Injection,push-dir,https://security.snyk.io/vuln/SNYK-JS-PUSHDIR-559009,CVE-2019-10803,True,* ,n/a
Command Injection,giting,https://security.snyk.io/vuln/SNYK-JS-GITING-559008,CVE-2019-10802,True,<0.0.8 ,https://github.com/MangoRaft/git/commit/9be41081f547d3dcef25e7d7c957bc2a3be2dfe0
Command Injection,enpeem,https://security.snyk.io/vuln/SNYK-JS-ENPEEM-559007,CVE-2019-10801,True,* ,n/a
Arbitrary File Write via Archive Extraction (Zip Slip),decompress-tar,https://security.snyk.io/vuln/SNYK-JS-DECOMPRESSTAR-559095,CVE-2020-12265,True,* ,n/a
Arbitrary File Write via Archive Extraction (Zip Slip),decompress,https://security.snyk.io/vuln/SNYK-JS-DECOMPRESS-557358,CVE-2020-12265,True,<4.2.1 ,n/a
Improper Integrity Checks,yarn,https://security.snyk.io/vuln/SNYK-JS-YARN-557182,CVE-2019-15608,False,<1.19 ,n/a
Remote Code Execution (RCE),irc-framework,https://security.snyk.io/vuln/SNYK-JS-IRCFRAMEWORK-557137,,False,<4.7.0 ,n/a
Remote Code Execution (RCE),discord-markdown,https://security.snyk.io/vuln/SNYK-JS-DISCORDMARKDOWN-552161,,False,<2.3.1 ,https://github.com/brussell98/discord-markdown/commit/7ce2eb66520815dcf5e97ef2bc8a2d5979da66e7
Remote Code Execution (RCE),pdf-image,https://security.snyk.io/vuln/SNYK-JS-PDFIMAGE-551984,CVE-2020-8132,True,* ,n/a
Command Injection,compile-sass,https://security.snyk.io/vuln/SNYK-JS-COMPILESASS-551804,CVE-2019-10799,True,<1.0.5 ,n/a
Prototype Pollution,rdf-graph-array,https://security.snyk.io/vuln/SNYK-JS-RDFGRAPHARRAY-551803,CVE-2019-10798,True,* ,n/a
Regular Expression Denial of Service (ReDoS),uap-core,https://security.snyk.io/vuln/SNYK-JS-UAPCORE-551924,CVE-2020-5243,False,<0.7.3 ,n/a
Prototype Pollution,undefsafe,https://security.snyk.io/vuln/SNYK-JS-UNDEFSAFE-548940,CVE-2019-10795,True,<2.0.3 ,https://github.com/remy/undefsafe/commit/f272681b3a50e2c4cbb6a8533795e1453382c822
Command Injection,rpi,https://security.snyk.io/vuln/SNYK-JS-RPI-548942,CVE-2019-10796,True,* ,n/a
Remote Code Execution (RCE),mongodb-query-parser,https://security.snyk.io/vuln/SNYK-JS-MONGODBQUERYPARSER-548939,,True,<2.0.0 ,https://github.com/mongodb-js/query-parser/commit/814b86b50665a3c2647c2f5d8c7f1b3ac3b54984
Cross-site Scripting (XSS),joplin,https://security.snyk.io/vuln/SNYK-JS-JOPLIN-548932,CVE-2020-9038,True,<1.0.156 ,https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283baa2c065df0d0bc
Denial of Service (DoS),@commercial/subtext,https://security.snyk.io/vuln/SNYK-JS-COMMERCIALSUBTEXT-548914,,False,>=5.1.1 <5.1.2 ,https://github.com/hapijs/subtext/commit/b55f5508e1688cc1024b75dc2301adb5c63ad4de
Prototype Pollution,@commercial/subtext,https://security.snyk.io/vuln/SNYK-JS-COMMERCIALSUBTEXT-548908,,False,<5.1.2 ,https://github.com/hapijs/subtext/commit/b55f5508e1688cc1024b75dc2301adb5c63ad4de
Prototype Pollution,@hapi/subtext,https://security.snyk.io/vuln/SNYK-JS-HAPISUBTEXT-548912,,False,<6.1.3 >=7.0.0 <7.0.3 ,https://github.com/hapijs/subtext/commit/0c1a3f6e3384324a4ac7a1cee36634e9bf2be9d8
Denial of Service (DoS),@hapi/subtext,https://security.snyk.io/vuln/SNYK-JS-HAPISUBTEXT-548916,,False,>=4.1.0 <6.1.3 >=7.0.0 <7.0.3 ,https://github.com/hapijs/subtext/commit/d21f9608043476c234c7a642777351a62301553d
Denial of Service (DoS),hapi,https://security.snyk.io/vuln/SNYK-JS-HAPI-548911,,False,* ,n/a
Denial of Service (DoS),@hapi/ammo,https://security.snyk.io/vuln/SNYK-JS-HAPIAMMO-548918,,False,<3.1.2 >=4.0.0 <5.0.1 ,https://github.com/hapijs/ammo/commit/9b137633e20243110f8fec5e7401e33a54e2c968
Prototype Pollution,subtext,https://security.snyk.io/vuln/SNYK-JS-SUBTEXT-548913,,False,* ,n/a
Denial of Service (DoS),subtext,https://security.snyk.io/vuln/SNYK-JS-SUBTEXT-548915,,False,>=4.1.0 ,n/a
Denial of Service (DoS),@hapi/accept,https://security.snyk.io/vuln/SNYK-JS-HAPIACCEPT-548917,,False,>=3.2.0 <3.2.4 >=4.0.0 <5.0.1 ,https://github.com/hapijs/accept/commit/256272606ec21840a8669d65d94b64bcb5069f6b
Denial of Service (DoS),@commercial/ammo,https://security.snyk.io/vuln/SNYK-JS-COMMERCIALAMMO-548919,,False,<2.1.1 ,https://github.com/hapijs/ammo/commit/3a0c4a2064958d6e08263567481f57c9cff8afcd
Denial of Service (DoS),ammo,https://security.snyk.io/vuln/SNYK-JS-AMMO-548920,,False,* ,n/a
Prototype Pollution,component-flatten,https://security.snyk.io/vuln/SNYK-JS-COMPONENTFLATTEN-548907,CVE-2019-10794,True,* ,n/a
Prototype Pollution,dot-object,https://security.snyk.io/vuln/SNYK-JS-DOTOBJECT-548905,CVE-2019-10793,True,<2.1.3 ,https://github.com/rhalff/dot-object/commit/f76cff5fe6d01d30ce110d8f454db2e5bd28a7de
Prototype Pollution,bodymen,https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897,CVE-2019-10792,True,<1.1.1 ,https://github.com/diegohaz/bodymen/commit/5d52e8cf360410ee697afd90937e6042c3a8653b
Command Injection,codecov,https://security.snyk.io/vuln/SNYK-JS-CODECOV-548879,CVE-2020-7597,True,<3.6.5 ,https://github.com/codecov/codecov-node/commit/02cf13d8b93ac547b5b4c2cfe186b7d874fd234f
Access Restriction Bypass,marky-markdown,https://security.snyk.io/vuln/SNYK-JS-MARKYMARKDOWN-548872,,False,* ,n/a
HTML Injection,marky-markdown,https://security.snyk.io/vuln/SNYK-JS-MARKYMARKDOWN-548871,,False,* ,n/a
Arbitrary File Overwrite,yarn,https://security.snyk.io/vuln/SNYK-JS-YARN-548869,CVE-2020-8131,False,<1.22.0 ,https://github.com/yarnpkg/yarn/commit/0e7133ca28618513503b4e1d9063f1c18ea318e5
Insecure Randomness,crypto-js,https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472,,False,>=3.3.0 <4.0.0 <3.2.1 ,https://github.com/brix/crypto-js/pull/257/commits/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b
Prototype Pollution,@hapi/hoek,https://security.snyk.io/vuln/SNYK-JS-HAPIHOEK-548452,,False,<8.5.1 >=9.0.0 <9.0.3 ,https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90
Cross-site Scripting (XSS),sockjs,https://security.snyk.io/vuln/SNYK-JS-SOCKJS-548397,CVE-2020-8823,True,<0.3.0 ,n/a
Arbitrary Code Execution,script-manager,https://security.snyk.io/vuln/SNYK-JS-SCRIPTMANAGER-548308,CVE-2020-8129,False,<0.9.0 ,https://github.com/pofider/node-script-manager/commit/ac645ab2e58785324c467e0583d7f277a7aa07b3
Cross-site Scripting (XSS),dojox,https://security.snyk.io/vuln/SNYK-JS-DOJOX-548257,CVE-2019-10785,True,>=1.16.0 <1.16.1 >=1.15.0 <1.15.2 >=1.4.0 <1.14.5 >=1.13.0 <1.13.6 >=1.12.0 <1.12.7 <1.11.9 ,n/a
Command Injection,promise-probe,https://security.snyk.io/vuln/SNYK-JS-PROMISEPROBE-546816,CVE-2019-10791,True,<0.10.0 ,https://github.com/dottgonzo/node-promise-probe/commit/0d9affb67fc1ad985903536d35372cf55efe5a45
Internal Property Tampering,taffy,https://security.snyk.io/vuln/SNYK-JS-TAFFY-546521,CVE-2019-10790,True,* ,n/a
Command Injection,curling,https://security.snyk.io/vuln/SNYK-JS-CURLING-546484,CVE-2019-10789,True,<1.1.0 ,n/a
Unauthorised File Access,harp,https://security.snyk.io/vuln/SNYK-JS-HARP-544928,,False,<0.40.2 ,n/a
Command Injection,im-metadata,https://security.snyk.io/vuln/SNYK-JS-IMMETADATA-544184,CVE-2019-10788,True,* ,https://github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639
Command Injection,im-resize,https://security.snyk.io/vuln/SNYK-JS-IMRESIZE-544183,CVE-2019-10787,True,* ,https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472af1414d44937ce1f03
Command Injection,network-manager,https://security.snyk.io/vuln/SNYK-JS-NETWORKMANAGER-544035,CVE-2019-10786,True,* ,n/a
Arbitrary Code Injection,listening-processes,https://security.snyk.io/vuln/SNYK-JS-LISTENINGPROCESSES-544025,,True,* ,n/a
SQL Injection,increments,https://security.snyk.io/vuln/SNYK-JS-INCREMENTS-544024,,True,* ,n/a
SQL Injection,@azhou/basemodel,https://security.snyk.io/vuln/SNYK-JS-AZHOUBASEMODEL-544026,,True,* ,n/a
Insecure Cryptography Algorithm,simple-crypto-js,https://security.snyk.io/vuln/SNYK-JS-SIMPLECRYPTOJS-544027,,False,<2.3.0 ,n/a
Cross-site Scripting (XSS),auth0-lock,https://security.snyk.io/vuln/SNYK-JS-AUTH0LOCK-543943,CVE-2019-20174,False,<11.21.0 ,n/a
Cross-site Scripting (XSS),reveal.js,https://security.snyk.io/vuln/SNYK-JS-REVEALJS-543841,CVE-2020-8127,False,<3.9.2 ,https://github.com/hakimel/reveal.js/commit/b6cc6b4916d594ac9f5aeed34d4c4c93dafc1a12
Improper Authorization,@ensdomains/ens,https://security.snyk.io/vuln/SNYK-JS-ENSDOMAINSENS-543830,CVE-2020-5232,False,<0.4.0 ,https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf
Command Injection,kill-port-process,https://security.snyk.io/vuln/SNYK-JS-KILLPORTPROCESS-543829,CVE-2019-15609,False,<2.2.0 ,n/a
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/SNYK-JS-TINYMCE-543825,CVE-2020-17480,False,>=5.0.0 <5.1.4 <4.9.7 ,https://github.com/tinymce/tinymce/commit/425a859780fd7d839593c57636e9ba3473e79a12
Cross-site Scripting (XSS),file-browser,https://security.snyk.io/vuln/SNYK-JS-FILEBROWSER-543672,,False,* ,n/a
Directory Traversal,md-fileserver,https://security.snyk.io/vuln/SNYK-JS-MDFILESERVER-543671,,False,>=1.3.2 <1.4.0 ,n/a
Directory Traversal,deliver-or-else,https://security.snyk.io/vuln/SNYK-JS-DELIVERORELSE-543670,,False,* ,n/a
Command Injection,lsof,https://security.snyk.io/vuln/SNYK-JS-LSOF-543632,CVE-2019-10783,True,* ,n/a
Denial of Service (DoS),strapi,https://security.snyk.io/vuln/SNYK-JS-STRAPI-543624,CVE-2020-8123,False,<3.0.0-beta.18.4 ,n/a
Prototype Pollution,dot-prop,https://security.snyk.io/vuln/SNYK-JS-DOTPROP-543489,CVE-2020-8116,True,>1.0.1 <4.2.1 >=5.0.0 <5.1.1 ,https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2
Improper Input Validation,url-parse,https://security.snyk.io/vuln/SNYK-JS-URLPARSE-543307,CVE-2020-8124,True,<1.4.5 ,n/a
Remote Code Execution (RCE),angular-expressions,https://security.snyk.io/vuln/SNYK-JS-ANGULAREXPRESSIONS-543284,CVE-2020-5219,False,<1.0.1 ,https://github.com/peerigon/angular-expressions/commit/061addfb9a9e932a970e5fcb913d020038e65667
Command Injection,codecov,https://security.snyk.io/vuln/SNYK-JS-CODECOV-543183,CVE-2020-7596,True,<3.6.2 ,https://github.com/codecov/codecov-node/commit/2f4eff90dd21e58dd56074dc4933b15a91373de6
Cross-site Scripting (XSS),primeng,https://security.snyk.io/vuln/SNYK-JS-PRIMENG-537902,,False,<9.0.0-rc.3 ,https://github.com/primefaces/primeng/commit/538f389856e734ce0be5a1770c1f87bba9d38186
Denial of Service (DoS),sequelize,https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-543029,,False,<4.44.4 ,n/a
Prototype Pollution,klona,https://security.snyk.io/vuln/SNYK-JS-KLONA-543063,CVE-2020-8125,False,<1.1.1 ,https://github.com/lukeed/klona/commit/200e8d1fd383a54790ee6fc8228264c21954e38e
Insecure Encryption,parsel,https://security.snyk.io/vuln/SNYK-JS-PARSEL-543171,CVE-2020-6762,False,>=0.0.0 ,n/a
Insecure Encryption,parsel,https://security.snyk.io/vuln/SNYK-JS-PARSEL-543172,CVE-2020-6763,False,>=0.0.0 ,n/a
Internal Property Tampering,schema-inspector,https://security.snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970,CVE-2019-10781,False,<1.6.9 ,https://github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d
Validation Bypass,kind-of,https://security.snyk.io/vuln/SNYK-JS-KINDOF-537849,CVE-2019-20149,True,>=6.0.0 <6.0.3 ,n/a
Denial of Service (DoS),node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-542662,,False,>=3.3.0 <4.13.1 ,https://github.com/sass/node-sass/commit/338fd7a14d3b8bd374a382336df16f9c6792b884
Arbitrary Code Execution,cordova-plugin-inappbrowser,https://security.snyk.io/vuln/SNYK-JS-CORDOVAPLUGININAPPBROWSER-541840,CVE-2019-0219,False,<3.1.0 ,https://github.com/apache/cordova-android/commit/a88b8de8207130231836ff4c2b67159c8c48b0ba
Malicious 󠅮󠅰󠅭Package,1337qq-js,https://security.snyk.io/vuln/SNYK-JS-1337QQJS-541596,,False,>=0.0.0 ,n/a
Cross-site Scripting (XSS),node-red,https://security.snyk.io/vuln/SNYK-JS-NODERED-541514,CVE-2019-15607,False,<0.20.7 ,n/a
Cross-site Scripting (XSS),hexo-admin,https://security.snyk.io/vuln/SNYK-JS-HEXOADMIN-541512,,False,* ,n/a
Remote Code Execution (RCE),meta-git,https://security.snyk.io/vuln/SNYK-JS-METAGIT-541513,,False,* ,n/a
Remote Code Execution (RCE),npm-git-publish,https://security.snyk.io/vuln/SNYK-JS-NPMGITPUBLISH-541508,,False,* ,n/a
Arbitrary Code Injection,hot-formula-parser,https://security.snyk.io/vuln/SNYK-JS-HOTFORMULAPARSER-541328,CVE-2020-6836,True,<3.0.1 ,https://github.com/handsontable/formula-parser/commit/396b089738d4bf30eb570a4fe6a188affa95cd5e
Directory Traversal,total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-537824,,False,<3.3.3 ,https://github.com/totaljs/framework/commit/fa6a0d7e3c256ae9b892a30273c5fe77fc99ffb5
Cross-site Scripting (XSS),@hapi/boom,https://security.snyk.io/vuln/SNYK-JS-HAPIBOOM-541183,,False,<0.3.8 ,https://github.com/hapijs/boom/commit/0f8640bdba65aec6e6799bfc16ff5753150bfcaf
Cross-site Scripting (XSS),hellojs,https://security.snyk.io/vuln/SNYK-JS-HELLOJS-540823,,False,<1.18.2 ,n/a
Arbitrary Code Injection,soletta-dev-app,https://security.snyk.io/vuln/SNYK-JS-SOLETTADEVAPP-459558,,False,* ,n/a
Command Injection,devcert-sanscache,https://security.snyk.io/vuln/SNYK-JS-DEVCERTSANSCACHE-540926,CVE-2019-10778,True,<0.4.7 ,https://github.com/guybedford/devcert/commit/571f4e6d077f7f21c6aed655ae380d85a7a5d3b8
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540996,CVE-2018-11698,False,<3.6.0 ,https://github.com/sass/libsass/commit/8f40dc03e5ab5a8b2ebeb72b31f8d1adbb2fd6ae
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540984,CVE-2017-11605,False,<4.3.0 ,n/a
NULL Pointer Dereference,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540994,CVE-2018-19797,False,<3.6.0 ,https://github.com/sass/libsass/commit/e94b5f91ec372a84be1f9c0da32cb6e0af0b99fe
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-541002,CVE-2018-19839,False,* ,https://github.com/sass/libsass/commit/2cabd116b95d67dcd9d44fcb936dee03f4fc71b9
NULL Pointer Dereference,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540992,CVE-2019-18799,False,* ,https://github.com/sass/libsass/commit/e1c16e09b4a953757a15149deaaf28a3fd81dc97
Denial of Service (DoS),node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540978,CVE-2018-20822,False,* ,n/a
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540986,CVE-2017-10687,False,<4.4.0 ,n/a
NULL Pointer Dereference,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540974,CVE-2018-11695,False,<4.9.0 ,https://github.com/sass/libsass/commit/0bc35e3d26922229d5a3e3308860cf0fcee5d1cf
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540962,CVE-2017-11341,False,<4.4.0 ,n/a
Out-of-Bounds,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540998,CVE-2019-6284,False,* ,https://github.com/sass/libsass/pull/2857/commits/0f3d3f8df99af422af055c41d778ca9c5c60a0bb
Uncontrolled Recursion,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540960,CVE-2017-12964,False,<4.4.0 ,n/a
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540990,CVE-2019-6286,False,<3.6.0 ,https://github.com/sass/libsass/commit/8e681e20795ee1cf203ff7002367c29735addf67
Uncontrolled Recursion,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540970,CVE-2017-11554,False,<4.4.0 ,https://github.com/sass/libsass/commit/7664114543757e932f5b1a2ff5295aa9b34f8623
Improper Input Validation,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540966,CVE-2017-11555,False,<4.4.0 ,n/a
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540958,CVE-2019-18798,False,* ,https://github.com/sass/libsass/commit/e1c16e09b4a953757a15149deaaf28a3fd81dc97
Uncontrolled Recursion,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540964,CVE-2019-18797,False,* ,n/a
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540962,CVE-2017-11341,False,<4.4.0 ,n/a
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540984,CVE-2017-11605,False,<4.3.0 ,n/a
Out-of-Bounds,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540998,CVE-2019-6284,False,* ,https://github.com/sass/libsass/pull/2857/commits/0f3d3f8df99af422af055c41d778ca9c5c60a0bb
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-541002,CVE-2018-19839,False,* ,https://github.com/sass/libsass/commit/2cabd116b95d67dcd9d44fcb936dee03f4fc71b9
Denial of Service (DoS),node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540982,CVE-2018-19838,False,<4.11.0 ,n/a
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-540972,CVE-2017-12963,False,<4.4.0 ,n/a
Use After Free,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-541000,CVE-2018-19827,False,* ,https://github.com/sass/libsass/commit/b21fb9f84096d9927780b86fa90629a096af358d
Command Injection,aws-lambda,https://security.snyk.io/vuln/SNYK-JS-AWSLAMBDA-540839,CVE-2019-10777,True,<1.0.5 ,https://github.com/awspilot/cli-lambda-deploy/commit/0985a18bffb265817bc84836c9a65f2bb04a51ac
Improper Link Resolution Before File Access,nodegit,https://security.snyk.io/vuln/SNYK-JS-NODEGIT-542723,CVE-2019-1354,False,<0.26.3 ,https://github.com/git/git/commit/e1d911dd4c7b76a5a8cec0f5c8de15981e34da83
Improper Handling of Alternate Data Stream,nodegit,https://security.snyk.io/vuln/SNYK-JS-NODEGIT-542722,CVE-2019-1353,False,<0.26.3 ,https://github.com/git/git/commit/9102f958ee5254b10c0be72672aa3305bf4f4704
Improper Handling of Alternate Data Stream,nodegit,https://security.snyk.io/vuln/SNYK-JS-NODEGIT-542721,CVE-2019-1352,False,<0.26.3 ,https://github.com/git/git/commit/7c3745fc6185495d5765628b4dfe1bd2c25a2981
Directory Traversal,nodegit,https://security.snyk.io/vuln/SNYK-JS-NODEGIT-542720,CVE-2019-1351,False,<0.26.3 ,https://github.com/git/git/commit/f82a97eb9197c1e3768e72648f37ce0ca3233734
Command Injection,git-diff-apply,https://security.snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774,CVE-2019-10776,True,<0.22.2 ,https://github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5
Improper Authentication,express-laravel-passport,https://security.snyk.io/vuln/SNYK-JS-EXPRESSLARAVELPASSPORT-540726,,False,* ,n/a
Cross-site Scripting (XSS),atlasboard-atlassian-package,https://security.snyk.io/vuln/SNYK-JS-ATLASBOARDATLASSIANPACKAGE-540725,,False,* ,n/a
Buffer Over-read,dbus,https://security.snyk.io/vuln/SNYK-JS-DBUS-540504,CVE-2019-15903,False,* ,https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
Cross-site Scripting (XSS),seeftl,https://security.snyk.io/vuln/SNYK-JS-SEEFTL-540434,CVE-2019-15603,False,* ,n/a
Denial of Service (DoS),ecstatic,https://security.snyk.io/vuln/SNYK-JS-ECSTATIC-540354,CVE-2019-10775,True,<4.1.4 ,https://github.com/jfhbrook/node-ecstatic/commit/72044b89941ada4a5e864d77257b4efb20aef498
Cross-site Scripting (XSS),fileview,https://security.snyk.io/vuln/SNYK-JS-FILEVIEW-540148,CVE-2019-15602,False,* ,n/a
Information Exposure,type-graphql,https://security.snyk.io/vuln/SNYK-JS-TYPEGRAPHQL-538910,,False,<0.17.6 ,https://github.com/MichalLytek/type-graphql/commit/26ee0cedee1e3260fe9a5188df2bfb142b51031b
Outdated Static Dependency,vue-moment,https://security.snyk.io/vuln/SNYK-JS-VUEMOMENT-538934,,False,<4.1.0 ,https://github.com/brockpetrie/vue-moment/commit/a265e54660a7181a6795a12a97cebac5b305746e
Cross-site Scripting (XSS),nextcloud-vue-collections,https://security.snyk.io/vuln/SNYK-JS-NEXTCLOUDVUECOLLECTIONS-538459,,False,<0.4.2 ,https://github.com/juliushaertl/nextcloud-vue-collections/commit/8ec1fca214f003538cec4137792ede928f25f583
Cross-site Scripting (XSS),autolinker,https://security.snyk.io/vuln/SNYK-JS-AUTOLINKER-564438,,True,<3.14.0 ,https://github.com/gregjacobs/Autolinker.js/commit/f21ea015366cfa62c4e45d4bd117681e82e9b2bf
Arbitrary File Write,@pnpm/package-bins,https://security.snyk.io/vuln/SNYK-JS-PNPMPACKAGEBINS-539934,CVE-2019-10773,False,<4.0.1 ,https://github.com/pnpm/package-bins/commit/adefce5b1ba635d3c8d48692f753a3f49ea0bb3b
Arbitrary File Write,yarn,https://security.snyk.io/vuln/SNYK-JS-YARN-537806,CVE-2019-10773,False,<1.21.1 ,https://github.com/pnpm/package-bins/commit/adefce5b1ba635d3c8d48692f753a3f49ea0bb3b
Cross-site Scripting (XSS),trix,https://security.snyk.io/vuln/SNYK-JS-TRIX-537647,,False,<1.2.3 ,n/a
Arbitrary File Write,bin-links,https://security.snyk.io/vuln/SNYK-JS-BINLINKS-537610,CVE-2019-16776,False,<1.1.5 ,n/a
Arbitrary File Write,npm,https://security.snyk.io/vuln/SNYK-JS-NPM-537606,CVE-2019-16776,False,<6.13.3 ,n/a
Unauthorized File Access,bin-links,https://security.snyk.io/vuln/SNYK-JS-BINLINKS-537609,CVE-2019-16775,False,<1.1.5 ,n/a
Unauthorized File Access,npm,https://security.snyk.io/vuln/SNYK-JS-NPM-537604,CVE-2019-16775,False,<6.13.3 ,n/a
Arbitrary File Overwrite,npm,https://security.snyk.io/vuln/SNYK-JS-NPM-537603,CVE-2019-16777,False,<6.13.4 ,n/a
Arbitrary File Overwrite,bin-links,https://security.snyk.io/vuln/SNYK-JS-BINLINKS-537608,CVE-2019-16777,False,<1.1.6 ,n/a
Command Injection,chrome-launcher,https://security.snyk.io/vuln/SNYK-JS-CHROMELAUNCHER-537575,CVE-2020-7645,True,<0.13.2 ,n/a
Arbitrary Code Execution,safer-eval,https://security.snyk.io/vuln/SNYK-JS-SAFEREVAL-534901,CVE-2019-10769,True,* ,n/a
Cross-site Scripting (XSS),serialize-javascript,https://security.snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-536840,CVE-2019-16772,False,<2.1.1 ,https://github.com/commenthol/serialize-to-js/commit/181d7d583ae5293cd47cc99b14ad13352875f3e3
Cross-site Scripting (XSS),serialize-to-js,https://security.snyk.io/vuln/SNYK-JS-SERIALIZETOJS-536958,CVE-2019-16772,False,<3.0.1 ,https://github.com/commenthol/serialize-to-js/commit/181d7d583ae5293cd47cc99b14ad13352875f3e3
Cross-site Scripting (XSS),sceditor,https://security.snyk.io/vuln/SNYK-JS-SCEDITOR-536836,CVE-2019-19466,False,<3.0.0 ,https://github.com/samclarke/SCEditor/commit/dc33475096819cc0425262c510dad929193e92de#diff-a8bf4bc665548e816752e97e8aa326a315d5c57d46fac72b7f45f7fab00339f5
Command Injection,node-df,https://security.snyk.io/vuln/SNYK-JS-NODEDF-536779,CVE-2019-15597,True,* ,n/a
Directory Traversal,http_server,https://security.snyk.io/vuln/SNYK-JS-HTTPSERVER-536780,CVE-2019-15600,True,* ,n/a
Command Injection,tree-kill,https://security.snyk.io/vuln/SNYK-JS-TREEKILL-536781,CVE-2019-15599,True,<1.2.2 ,https://github.com/pkrumins/node-tree-kill/commit/ff73dbf144c4c2daa67799a50dfff59cd455c63c
Command Injection,treekill,https://security.snyk.io/vuln/SNYK-JS-TREEKILL-536805,CVE-2019-15599,True,* ,https://github.com/pkrumins/node-tree-kill/commit/ff73dbf144c4c2daa67799a50dfff59cd455c63c
Arbitrary Code Injection,strapi,https://security.snyk.io/vuln/SNYK-JS-STRAPI-536641,CVE-2019-19609,False,<3.0.0-beta.17.8 ,n/a
Improper Input Validation,jpv,https://security.snyk.io/vuln/SNYK-JS-JPV-536466,CVE-2019-19507,False,<2.1.0 ,https://github.com/manvel-khnkoyan/jpv/commit/fdab85599fd92aea87af35fb4c52ba26ccbdd427#diff-b9cfc7f2cdf78a7f4b91a753d10865a2
Cross-site Scripting (XSS),viewerjs,https://security.snyk.io/vuln/SNYK-JS-VIEWERJS-536441,,False,<1.3.6 ,https://github.com/fengyuanchen/viewerjs/commit/00771b70dde5cd07745dda30c445961e2d3e4289
Privilege Escalation,ezmaster,https://security.snyk.io/vuln/SNYK-JS-EZMASTER-536386,CVE-2019-16767,False,<5.2.11 ,n/a
Cross-site Scripting (XSS),devalue,https://security.snyk.io/vuln/SNYK-JS-DEVALUE-536388,,False,<2.0.1 ,https://github.com/Rich-Harris/devalue/commit/0debc411fef5028abfac1d40b7553c0bde089c5f
Man in The Middle (MiTM),mysql2,https://security.snyk.io/vuln/SNYK-JS-MYSQL2-536208,,False,<1.0.0-rc.1 ,n/a
Cross-site Scripting (XSS),trix,https://security.snyk.io/vuln/SNYK-JS-TRIX-536207,,False,<1.2.2 ,https://github.com/basecamp/trix/commit/f85a4b2a3a5581ef5c82f16a0b4f832647fb1cdd
Information Exposure,renovate,https://security.snyk.io/vuln/SNYK-JS-RENOVATE-536203,,False,>=13.87.0 <19.38.7 ,n/a
Malicious Package,bsae-x,https://security.snyk.io/vuln/SNYK-JS-BSAEX-536163,CVE-2019-19771,False,* ,n/a
Malicious Package,bs85check,https://security.snyk.io/vuln/SNYK-JS-BS85CHECK-536164,CVE-2019-19771,False,* ,n/a
Malicious Package,bs85,https://security.snyk.io/vuln/SNYK-JS-BS85-536165,CVE-2019-19771,False,* ,n/a
Malicious Package,bs58chekc,https://security.snyk.io/vuln/SNYK-JS-BS58CHEKC-536166,CVE-2019-19771,False,* ,n/a
Malicious Package,bs58chek,https://security.snyk.io/vuln/SNYK-JS-BS58CHEK-536167,CVE-2019-19771,False,* ,n/a
Malicious Package,bs58chcek,https://security.snyk.io/vuln/SNYK-JS-BS58CHCEK-536168,CVE-2019-19771,False,* ,n/a
Malicious Package,path-to-regxep,https://security.snyk.io/vuln/SNYK-JS-PATHTOREGXEP-536142,CVE-2019-19771,False,* ,n/a
Malicious Package,bpi66,https://security.snyk.io/vuln/SNYK-JS-BPI66-536169,CVE-2019-19771,False,* ,n/a
Malicious Package,bpi39,https://security.snyk.io/vuln/SNYK-JS-BPI39-536170,CVE-2019-19771,False,* ,n/a
Malicious Package,bp66,https://security.snyk.io/vuln/SNYK-JS-BP66-536171,CVE-2019-19771,False,* ,n/a
Malicious Package,ripedm160,https://security.snyk.io/vuln/SNYK-JS-RIPEDM160-536139,CVE-2019-19771,False,* ,n/a
Malicious Package,ecuvre,https://security.snyk.io/vuln/SNYK-JS-ECUVRE-536147,CVE-2019-19771,False,* ,n/a
Malicious Package,ecruve,https://security.snyk.io/vuln/SNYK-JS-ECRUVE-536148,CVE-2019-19771,False,* ,n/a
Malicious Package,web3-eht,https://security.snyk.io/vuln/SNYK-JS-WEB3EHT-536127,CVE-2019-19771,False,* ,n/a
Malicious Package,lodahs,https://security.snyk.io/vuln/SNYK-JS-LODAHS-536126,CVE-2019-19771,False,* ,n/a
Malicious Package,bip30,https://security.snyk.io/vuln/SNYK-JS-BIP30-536185,CVE-2019-19771,False,* ,n/a
Malicious Package,bictore-lib,https://security.snyk.io/vuln/SNYK-JS-BICTORELIB-536186,CVE-2019-19771,False,* ,n/a
Malicious Package,bictoinjs-lib,https://security.snyk.io/vuln/SNYK-JS-BICTOINJSLIB-536187,CVE-2019-19771,False,* ,n/a
Malicious Package,bictoind-rpc,https://security.snyk.io/vuln/SNYK-JS-BICTOINDRPC-536188,CVE-2019-19771,False,* ,n/a
Malicious Package,bictoin-ops,https://security.snyk.io/vuln/SNYK-JS-BICTOINOPS-536189,CVE-2019-19771,False,* ,n/a
Malicious Package,dhkey,https://security.snyk.io/vuln/SNYK-JS-DHKEY-536149,CVE-2019-19771,False,* ,n/a
Malicious Package,bconi,https://security.snyk.io/vuln/SNYK-JS-BCONI-536190,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcroe-lib,https://security.snyk.io/vuln/SNYK-JS-BITCROELIB-536172,CVE-2019-19771,False,* ,n/a
Malicious Package,singale,https://security.snyk.io/vuln/SNYK-JS-SINGALE-536132,CVE-2019-19771,False,* ,n/a
Malicious Package,bcion,https://security.snyk.io/vuln/SNYK-JS-BCION-536191,CVE-2019-19771,False,* ,n/a
Malicious Package,degbu,https://security.snyk.io/vuln/SNYK-JS-DEGBU-536150,CVE-2019-19771,False,* ,n/a
Malicious Package,babel-loadre,https://security.snyk.io/vuln/SNYK-JS-BABELLOADRE-536194,CVE-2019-19771,False,* ,n/a
Malicious Package,babel-laoder,https://security.snyk.io/vuln/SNYK-JS-BABELLAODER-536195,CVE-2019-19771,False,* ,n/a
Malicious Package,bitconijs-lib,https://security.snyk.io/vuln/SNYK-JS-BITCONIJSLIB-536173,CVE-2019-19771,False,* ,n/a
Malicious Package,bitconid-rpc,https://security.snyk.io/vuln/SNYK-JS-BITCONIDRPC-536174,CVE-2019-19771,False,* ,n/a
Malicious Package,bitconi-ops,https://security.snyk.io/vuln/SNYK-JS-BITCONIOPS-536175,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcoisnj-lib,https://security.snyk.io/vuln/SNYK-JS-BITCOISNJLIB-536176,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcoin-sweep,https://security.snyk.io/vuln/SNYK-JS-BITCOINSWEEP-536177,CVE-2019-19771,False,* ,n/a
Malicious Package,cxt,https://security.snyk.io/vuln/SNYK-JS-CXT-536151,CVE-2019-19771,False,* ,n/a
Malicious Package,ripmed160,https://security.snyk.io/vuln/SNYK-JS-RIPMED160-536138,CVE-2019-19771,False,* ,n/a
Malicious Package,hw-trnasport-u2f,https://security.snyk.io/vuln/SNYK-JS-HWTRNASPORTU2F-536143,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcoin-osp,https://security.snyk.io/vuln/SNYK-JS-BITCOINOSP-536178,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcoin-osp,https://security.snyk.io/vuln/SNYK-JS-BITCOINOSP-536178,CVE-2019-19771,False,* ,n/a
Malicious Package,crytpo-js,https://security.snyk.io/vuln/SNYK-JS-CRYTPOJS-536152,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcoimjs-lib,https://security.snyk.io/vuln/SNYK-JS-BITCOIMJSLIB-536179,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcoimd-rpc,https://security.snyk.io/vuln/SNYK-JS-BITCOIMDRPC-536180,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcoijns-lib,https://security.snyk.io/vuln/SNYK-JS-BITCOIJNSLIB-536181,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcionjslib,https://security.snyk.io/vuln/SNYK-JS-BITCIONJSLIB-536182,CVE-2019-19771,False,* ,n/a
Malicious Package,crpyto-js,https://security.snyk.io/vuln/SNYK-JS-CRPYTOJS-536153,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcionjs,https://security.snyk.io/vuln/SNYK-JS-BITCIONJS-536183,CVE-2019-19771,False,* ,n/a
Malicious Package,bitcion-ops,https://security.snyk.io/vuln/SNYK-JS-BITCIONOPS-536184,CVE-2019-19771,False,* ,n/a
Malicious Package,rceat,https://security.snyk.io/vuln/SNYK-JS-RCEAT-536141,CVE-2019-19771,False,* ,n/a
Malicious Package,hdkye,https://security.snyk.io/vuln/SNYK-JS-HDKYE-536144,CVE-2019-19771,False,* ,n/a
Malicious Package,hdeky,https://security.snyk.io/vuln/SNYK-JS-HDEKY-536145,CVE-2019-19771,False,* ,n/a
Malicious Package,conistring,https://security.snyk.io/vuln/SNYK-JS-CONISTRING-536154,CVE-2019-19771,False,* ,n/a
Malicious Package,commanedr,https://security.snyk.io/vuln/SNYK-JS-COMMANEDR-536155,CVE-2019-19771,False,* ,n/a
Malicious Package,commandre,https://security.snyk.io/vuln/SNYK-JS-COMMANDRE-536156,CVE-2019-19771,False,* ,n/a
Malicious Package,ripedm160,https://security.snyk.io/vuln/SNYK-JS-RIPEDM160-536139,CVE-2019-19771,False,* ,n/a
Malicious Package,colne,https://security.snyk.io/vuln/SNYK-JS-COLNE-536157,CVE-2019-19771,False,* ,n/a
Malicious Package,coinstrng,https://security.snyk.io/vuln/SNYK-JS-COINSTRNG-536158,CVE-2019-19771,False,* ,n/a
Malicious Package,coinstrig,https://security.snyk.io/vuln/SNYK-JS-COINSTRIG-536159,CVE-2019-19771,False,* ,n/a
Malicious Package,coinstirng,https://security.snyk.io/vuln/SNYK-JS-COINSTIRNG-536160,CVE-2019-19771,False,* ,n/a
Malicious Package,coinpayment,https://security.snyk.io/vuln/SNYK-JS-COINPAYMENT-536161,CVE-2019-19771,False,* ,n/a
Malicious Package,wallet-address-validtaor,https://security.snyk.io/vuln/SNYK-JS-WALLETADDRESSVALIDTAOR-536130,CVE-2019-19771,False,* ,n/a
Malicious Package,ripmed160,https://security.snyk.io/vuln/SNYK-JS-RIPMED160-536138,CVE-2019-19771,False,* ,n/a
Malicious Package,baes-x,https://security.snyk.io/vuln/SNYK-JS-BAESX-536192,CVE-2019-19771,False,* ,n/a
Malicious Package,lodahs,https://security.snyk.io/vuln/SNYK-JS-LODAHS-536126,CVE-2019-19771,False,* ,n/a
Malicious Package,scrytsy,https://security.snyk.io/vuln/SNYK-JS-SCRYTSY-536135,CVE-2019-19771,False,* ,n/a
Malicious Package,fs-extar,https://security.snyk.io/vuln/SNYK-JS-FSEXTAR-536146,CVE-2019-19771,False,* ,n/a
Malicious Package,babel-loqder,https://security.snyk.io/vuln/SNYK-JS-BABELLOQDER-536193,CVE-2019-19771,False,* ,n/a
Malicious Package,path-to-regxep,https://security.snyk.io/vuln/SNYK-JS-PATHTOREGXEP-536142,CVE-2019-19771,False,* ,n/a
Malicious Package,we3b,https://security.snyk.io/vuln/SNYK-JS-WE3B-536128,CVE-2019-19771,False,* ,n/a
Malicious Package,babel-loqder,https://security.snyk.io/vuln/SNYK-JS-BABELLOQDER-536193,CVE-2019-19771,False,* ,n/a
Malicious Package,lodahs,https://security.snyk.io/vuln/SNYK-JS-LODAHS-536126,CVE-2019-19771,False,* ,n/a
Malicious Package,cionstring,https://security.snyk.io/vuln/SNYK-JS-CIONSTRING-536162,CVE-2019-19771,False,* ,n/a
Authentication Bypass,@cubejs-backend/api-gateway,https://security.snyk.io/vuln/SNYK-JS-CUBEJSBACKENDAPIGATEWAY-536072,,False,>=0.11.0 <0.11.17 ,n/a
Cross-site Scripting (XSS),smartbanner.js,https://security.snyk.io/vuln/SNYK-JS-SMARTBANNERJS-536070,,False,<1.14.1 ,n/a
Information Exposure,gun,https://security.snyk.io/vuln/SNYK-JS-GUN-536071,,False,<0.2019.416 ,n/a
Unsafe Dependency Resolution,generator-jhipster,https://security.snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-536074,,False,<6.3.1 ,n/a
Buffer Overflow,centra,https://security.snyk.io/vuln/SNYK-JS-CENTRA-536073,,False,<2.4.0 ,n/a
Cross-site Scripting (XSS),editor.md,https://security.snyk.io/vuln/SNYK-JS-EDITORMD-536076,CVE-2019-14517,False,>0.0.0 ,n/a
Sandbox Breakout,realms-shim,https://security.snyk.io/vuln/SNYK-JS-REALMSSHIM-536069,,False,<1.2.1 ,n/a
NULL Pointer Dereference,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-535505,CVE-2018-11696,False,<4.11.0 ,https://github.com/sass/libsass/commit/38f4c3699d06b64128bebc7cf1e8b3125be74dc4
Resource Exhaustion,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-535504,CVE-2018-19837,False,<4.11.0 ,https://github.com/sass/libsass/commit/210fdff7a65370c2ae24e022a2b35da8c423cc5f
Uncontrolled Recursion,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-535503,CVE-2017-11556,False,<4.8.0 ,https://github.com/sass/libsass/commit/7664114543757e932f5b1a2ff5295aa9b34f8623
NULL Pointer Dereference,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-535502,CVE-2018-20190,False,<3.6.0 ,https://github.com/sass/libsass/commit/69ae7ef4775e1dbd5985940927e28fe34201331d
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-535501,CVE-2018-11693,False,<4.11.0 ,https://github.com/sass/libsass/commit/c0a6cf39dea9b2522a08d61b731bc72dfb362584
NULL Pointer Dereference,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-535500,CVE-2018-11694,False,* ,https://github.com/sass/libsass/commit/280ffd8c692cc24199b678f38fc796825d7df4a1
Out-of-bounds Read,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-535499,CVE-2017-11608,False,<4.2.0 ,https://github.com/sass/libsass/commit/648f763ede97f9a2c2c843a0a18ac18bbde3507b
Out-of-Bounds,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-535498,CVE-2019-6283,False,* ,n/a
Use After Free,node-sass,https://security.snyk.io/vuln/SNYK-JS-NODESASS-535497,CVE-2018-11499,False,>=4.4.0 <4.13.1 ,https://github.com/sass/libsass/commit/930857ce4938f64ce1c31463dbd19b1aa781a5f7
Cross-site Scripting (XSS),pannellum,https://security.snyk.io/vuln/SNYK-JS-PANNELLUM-535489,CVE-2019-16763,False,>=2.5.0 <2.5.5 ,https://github.com/mpetroff/pannellum/commit/cc2f3d99953de59db908e0c6efd1c2c17f7c6914
Malicious 󠅮󠅰󠅭Package,cxct,https://security.snyk.io/vuln/SNYK-JS-CXCT-535487,,False,* ,n/a
Directory Traversal,iobroker.js-controller,https://security.snyk.io/vuln/SNYK-JS-IOBROKERJSCONTROLLER-534881,CVE-2019-10767,False,<2.0.25 ,https://github.com/ioBroker/ioBroker.js-controller/commit/f6e292c6750a491a5000d0f851b2fede4f9e2fda
Prototype Pollution,handlebars,https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-534988,,False,>=4.0.0 <4.5.3 <3.0.8 ,https://github.com/wycats/handlebars.js/commit/198887808780bbef9dba67a8af68ece091d5baa7
Directory Traversal,iobroker.admin,https://security.snyk.io/vuln/SNYK-JS-IOBROKERADMIN-534634,CVE-2019-10765,False,<3.6.12 ,https://github.com/ioBroker/ioBroker.admin/commit/16b2b325ab47896090bc7f54b77b0a97ed74f5cd
Prototype Pollution,angular,https://security.snyk.io/vuln/SNYK-JS-ANGULAR-534884,CVE-2019-10768,True,>=1.4.0-beta.6 <1.7.9 ,https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
Cross-site Scripting (XSS),iobroker.web,https://security.snyk.io/vuln/SNYK-JS-IOBROKERWEB-534971,CVE-2019-10771,False,<2.4.10 ,https://github.com/ioBroker/ioBroker.web/commit/24ebb6d3714feac87570ce7a2e827fd2f91aa043
Malicious Package,malicious-npm-package,https://security.snyk.io/vuln/SNYK-JS-MALICIOUSNPMPACKAGE-534578,,False,* ,n/a
Inadequate Encryption Strength,slpjs,https://security.snyk.io/vuln/SNYK-JS-SLPJS-534575,CVE-2019-16762,False,<0.21.4 ,https://github.com/simpleledger/slpjs/commit/ac8809b42e47790a6f0205991b36f2699ed10c84
Inadequate Encryption Strength,slp-validate,https://security.snyk.io/vuln/SNYK-JS-SLPVALIDATE-534572,CVE-2019-16761,False,<1.0.1 ,https://github.com/simpleledger/slp-validate/commit/50ad96c2798dad6b9f9a13333dd05232defe5730
Arbitrary Code Execution,handlebars,https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-534478,,False,>=4.0.0 <4.5.3 <3.0.8 ,n/a
Malicious Package,sj-labc,https://security.snyk.io/vuln/SNYK-JS-SJLABC-514529,,False,* ,n/a
Malicious Package,superhappyfuntime,https://security.snyk.io/vuln/SNYK-JS-SUPERHAPPYFUNTIME-514530,,False,* ,n/a
Malicious Package,arsenic-tabasco-cyborg-peanut-butter,https://security.snyk.io/vuln/SNYK-JS-ARSENICTABASCOCYBORGPEANUTBUTTER-514531,,False,* ,n/a
Improper Access Control,pomelo,https://security.snyk.io/vuln/SNYK-JS-POMELO-515804,CVE-2019-18954,False,<2.2.7 ,https://github.com/NetEase/pomelo/commit/5b999c56c7244e23e5003878402a3c54ab51ed8c
Timing Attack,elliptic,https://security.snyk.io/vuln/SNYK-JS-ELLIPTIC-511941,,False,<6.5.2 ,https://github.com/indutny/elliptic/commit/ec735edde187a43693197f6fa3667ceade751a3a
Denial of Service (DoS),php-unserialize,https://security.snyk.io/vuln/SNYK-JS-PHPUNSERIALIZE-483165,,False,* ,n/a
Arbitrary Code Execution,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-483056,,False,<5.0.0-beta.1 ,https://github.com/electron/electron/commit/fade3eb67999a11f17a8b64e63653d25f7bfe065
Arbitrary Code Execution,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-483050,,False,<2.0.17 >=3.0.0 <3.0.15 >=3.1.0 <3.1.3 >=4.0.0 <4.0.4 >=5.0.0-beta.1 <5.0.0-beta.2 ,https://github.com/electron/electron/commit/0309654cc19e07a9a028293aa39a51a1bf18d844
Improper Access Control,strapi,https://security.snyk.io/vuln/SNYK-JS-STRAPI-480418,CVE-2019-18818,False,<3.0.0-beta.17.5 ,n/a
Prototype Pollution,chartkick,https://security.snyk.io/vuln/SNYK-JS-CHARTKICK-480562,CVE-2019-18841,False,>=3.1.0 <3.2.0 ,https://github.com/ankane/chartkick.js/commit/3f833c2b229db140295b44074fef56428e0a8b91
Malicious Package,sj-tw-test-security,https://security.snyk.io/vuln/SNYK-JS-SJTWTESTSECURITY-480452,,False,* ,n/a
Malicious Package,sj-tw-sec,https://security.snyk.io/vuln/SNYK-JS-SJTWSEC-480451,,False,* ,n/a
Malicious Package,sj-tw-abc,https://security.snyk.io/vuln/SNYK-JS-SJTWABC-480457,,False,* ,n/a
Malicious Package,owl-orchard-apple-sunshine,https://security.snyk.io/vuln/SNYK-JS-OWLORCHARDAPPLESUNSHINE-480442,,False,* ,n/a
Machine-In-The-Middle,airtable,https://security.snyk.io/vuln/SNYK-JS-AIRTABLE-480404,,False,>=0.1.19 <0.7.2 ,n/a
Arbitrary Code Injection,marsdb,https://security.snyk.io/vuln/SNYK-JS-MARSDB-480405,,False,* ,n/a
Directory Traversal,f-serv,https://security.snyk.io/vuln/SNYK-JS-FSERV-480393,,False,* ,n/a
Denial of Service (DoS),handlebars,https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-480388,,False,>=4.0.0 <4.4.5 ,https://github.com/wycats/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b
Authentication Bypass,saml2-js,https://security.snyk.io/vuln/SNYK-JS-SAML2JS-474637,,False,<2.0.5 ,https://github.com/Clever/saml2/commit/ae0da4d0a0ea682a737be481e3bd78798be405c0
Cross-site Scripting (XSS),ids-enterprise,https://security.snyk.io/vuln/SNYK-JS-IDSENTERPRISE-474628,,True,<4.23.0-dev.20191105 ,https://github.com/infor-design/enterprise/commit/7909c7ee08be232631edd9fec00001d69c2ac78b
Improper Access Control,cezerin,https://security.snyk.io/vuln/SNYK-JS-CEZERIN-474608,CVE-2019-18608,False,* ,n/a
Denial of Service (DoS),thrift,https://security.snyk.io/vuln/SNYK-JS-THRIFT-474613,CVE-2019-0205,False,<0.13.0-hotfix.1 ,https://github.com/apache/thrift/commit/798e90aa8715ed0deff68ef4784926fe2be5c0ea
Cross-site Scripting (XSS),vuetify,https://security.snyk.io/vuln/SNYK-JS-VUETIFY-474604,,True,<2.1.9 ,https://github.com/vuetifyjs/vuetify/commit/c0a81f193743df261905a214de037ed1d183d9e4
Malicious Package,buffar-xor,https://security.snyk.io/vuln/SNYK-JS-BUFFARXOR-474553,,False,* ,n/a
Malicious Package,budfer-xor,https://security.snyk.io/vuln/SNYK-JS-BUDFERXOR-474556,,False,* ,n/a
Malicious Package,bubfer-xor,https://security.snyk.io/vuln/SNYK-JS-BUBFERXOR-474557,,False,* ,n/a
Malicious Package,btffer-xor,https://security.snyk.io/vuln/SNYK-JS-BTFFERXOR-474558,,False,* ,n/a
Malicious Package,bufder-xor,https://security.snyk.io/vuln/SNYK-JS-BUFDERXOR-474554,,False,* ,n/a
Malicious Package,bs-sha3,https://security.snyk.io/vuln/SNYK-JS-BSSHA3-474515,,False,* ,n/a
Malicious Package,js-rha3,https://security.snyk.io/vuln/SNYK-JS-JSRHA3-474506,,False,* ,n/a
Malicious Package,bufber-xor,https://security.snyk.io/vuln/SNYK-JS-BUFBERXOR-474555,,False,* ,n/a
Malicious Package,js-shq3,https://security.snyk.io/vuln/SNYK-JS-JSSHQ3-474500,,False,* ,n/a
Malicious Package,js-she3,https://security.snyk.io/vuln/SNYK-JS-JSSHE3-474502,,False,* ,n/a
Malicious Package,js-cha3,https://security.snyk.io/vuln/SNYK-JS-JSCHA3-474508,,False,* ,n/a
Malicious Package,js-3ha3,https://security.snyk.io/vuln/SNYK-JS-JS3HA3-474509,,False,* ,n/a
Malicious Package,jr-sha3,https://security.snyk.io/vuln/SNYK-JS-JRSHA3-474510,,False,* ,n/a
Malicious Package,js-sha7,https://security.snyk.io/vuln/SNYK-JS-JSSHA7-474505,,False,* ,n/a
Malicious Package,js-sla3,https://security.snyk.io/vuln/SNYK-JS-JSSLA3-474497,,False,* ,n/a
Malicious Package,jq-sha3,https://security.snyk.io/vuln/SNYK-JS-JQSHA3-474511,,False,* ,n/a
Malicious Package,jc-sha3,https://security.snyk.io/vuln/SNYK-JS-JCSHA3-474512,,False,* ,n/a
Malicious Package,j3-sha3,https://security.snyk.io/vuln/SNYK-JS-J3SHA3-474513,,False,* ,n/a
Malicious Package,b5ffer-xor,https://security.snyk.io/vuln/SNYK-JS-B5FFERXOR-474561,,False,* ,n/a
Malicious Package,js-shc3,https://security.snyk.io/vuln/SNYK-JS-JSSHC3-474503,,False,* ,n/a
Malicious Package,cuffer-xor,https://security.snyk.io/vuln/SNYK-JS-CUFFERXOR-474519,,False,* ,n/a
Malicious Package,hs-sha3,https://security.snyk.io/vuln/SNYK-JS-HSSHA3-474514,,False,* ,n/a
Malicious Package,js-shas,https://security.snyk.io/vuln/SNYK-JS-JSSHAS-474504,,False,* ,n/a
Malicious Package,js-qha3,https://security.snyk.io/vuln/SNYK-JS-JSQHA3-474507,,False,* ,n/a
Malicious Package,jsmsha3,https://security.snyk.io/vuln/SNYK-JS-JSMSHA3-474494,,False,* ,n/a
Malicious Package,beffer-xor,https://security.snyk.io/vuln/SNYK-JS-BEFFERXOR-474560,,False,* ,n/a
Malicious Package,ruffer-xor,https://security.snyk.io/vuln/SNYK-JS-RUFFERXOR-474516,,False,* ,n/a
Malicious Package,js-wha3,https://security.snyk.io/vuln/SNYK-JS-JSWHA3-474495,,False,* ,n/a
Malicious Package,ns-sha3,https://security.snyk.io/vuln/SNYK-JS-NSSHA3-474491,,False,* ,n/a
Malicious Package,js-sxa3,https://security.snyk.io/vuln/SNYK-JS-JSSXA3-474496,,False,* ,n/a
Malicious Package,ks-sha3,https://security.snyk.io/vuln/SNYK-JS-KSSHA3-474492,,False,* ,n/a
Malicious Package,fuffer-xor,https://security.snyk.io/vuln/SNYK-JS-FUFFERXOR-474518,,False,* ,n/a
Malicious Package,juffer-xor,https://security.snyk.io/vuln/SNYK-JS-JUFFERXOR-474517,,False,* ,n/a
Malicious Package,jw-sha3,https://security.snyk.io/vuln/SNYK-JS-JWSHA3-474493,,False,* ,n/a
Malicious Package,js-rha3,https://security.snyk.io/vuln/SNYK-JS-JSRHA3-474506,,False,* ,n/a
Malicious Package,js-sia3,https://security.snyk.io/vuln/SNYK-JS-JSSIA3-474499,,False,* ,n/a
Malicious Package,js-shi3,https://security.snyk.io/vuln/SNYK-JS-JSSHI3-474501,,False,* ,n/a
Malicious Package,bunfer-xor,https://security.snyk.io/vuln/SNYK-JS-BUNFERXOR-474522,,False,* ,n/a
Malicious Package,bufver-xor,https://security.snyk.io/vuln/SNYK-JS-BUFVERXOR-474524,,False,* ,n/a
Malicious Package,bugfer-xor,https://security.snyk.io/vuln/SNYK-JS-BUGFERXOR-474523,,False,* ,n/a
Malicious Package,bufner-xor,https://security.snyk.io/vuln/SNYK-JS-BUFNERXOR-474525,,False,* ,n/a
Malicious Package,bufger-xor,https://security.snyk.io/vuln/SNYK-JS-BUFGERXOR-474526,,False,* ,n/a
Malicious Package,ns-sha3,https://security.snyk.io/vuln/SNYK-JS-NSSHA3-474491,,False,* ,n/a
Malicious Package,buffur-xor,https://security.snyk.io/vuln/SNYK-JS-BUFFURXOR-474527,,False,* ,n/a
Malicious Package,buffmr-xor,https://security.snyk.io/vuln/SNYK-JS-BUFFMRXOR-474528,,False,* ,n/a
Malicious Package,buffgr-xor,https://security.snyk.io/vuln/SNYK-JS-BUFFGRXOR-474529,,False,* ,n/a
Malicious Package,js-shc3,https://security.snyk.io/vuln/SNYK-JS-JSSHC3-474503,,False,* ,n/a
Malicious Package,buffez-xor,https://security.snyk.io/vuln/SNYK-JS-BUFFEZXOR-474530,,False,* ,n/a
Malicious Package,buffev-xor,https://security.snyk.io/vuln/SNYK-JS-BUFFEVXOR-474531,,False,* ,n/a
Malicious Package,buffes-xor,https://security.snyk.io/vuln/SNYK-JS-BUFFESXOR-474532,,False,* ,n/a
Malicious Package,js-sia3,https://security.snyk.io/vuln/SNYK-JS-JSSIA3-474499,,False,* ,n/a
Malicious Package,buffermxor,https://security.snyk.io/vuln/SNYK-JS-BUFFERMXOR-474533,,False,* ,n/a
Malicious Package,buffer-zor,https://security.snyk.io/vuln/SNYK-JS-BUFFERZOR-474534,,False,* ,n/a
Malicious Package,buffer-yor,https://security.snyk.io/vuln/SNYK-JS-BUFFERYOR-474535,,False,* ,n/a
Malicious Package,buffer-xoz,https://security.snyk.io/vuln/SNYK-JS-BUFFERXOZ-474536,,False,* ,n/a
Malicious Package,buffer-xov,https://security.snyk.io/vuln/SNYK-JS-BUFFERXOV-474537,,False,* ,n/a
Malicious Package,buffer-xos,https://security.snyk.io/vuln/SNYK-JS-BUFFERXOS-474538,,False,* ,n/a
Malicious Package,buffer-xop,https://security.snyk.io/vuln/SNYK-JS-BUFFERXOP-474539,,False,* ,n/a
Malicious Package,buffer-xob,https://security.snyk.io/vuln/SNYK-JS-BUFFERXOB-474540,,False,* ,n/a
Malicious Package,buffer-xo2,https://security.snyk.io/vuln/SNYK-JS-BUFFERXO2-474541,,False,* ,n/a
Malicious Package,buffer-xnr,https://security.snyk.io/vuln/SNYK-JS-BUFFERXNR-474542,,False,* ,n/a
Malicious Package,buffer-xmr,https://security.snyk.io/vuln/SNYK-JS-BUFFERXMR-474543,,False,* ,n/a
Malicious Package,buffer-xkr,https://security.snyk.io/vuln/SNYK-JS-BUFFERXKR-474544,,False,* ,n/a
Malicious Package,buffer-xgr,https://security.snyk.io/vuln/SNYK-JS-BUFFERXGR-474545,,False,* ,n/a
Malicious Package,buffer-por,https://security.snyk.io/vuln/SNYK-JS-BUFFERPOR-474546,,False,* ,n/a
Malicious Package,buffer-hor,https://security.snyk.io/vuln/SNYK-JS-BUFFERHOR-474547,,False,* ,n/a
Malicious Package,buffer-8or,https://security.snyk.io/vuln/SNYK-JS-BUFFER8OR-474548,,False,* ,n/a
Malicious Package,b5ffer-xor,https://security.snyk.io/vuln/SNYK-JS-B5FFERXOR-474561,,False,* ,n/a
Malicious Package,cuffer-xor,https://security.snyk.io/vuln/SNYK-JS-CUFFERXOR-474519,,False,* ,n/a
Malicious Package,ruffer-xor,https://security.snyk.io/vuln/SNYK-JS-RUFFERXOR-474516,,False,* ,n/a
Malicious Package,bqffer-xor,https://security.snyk.io/vuln/SNYK-JS-BQFFERXOR-474559,,False,* ,n/a
Malicious Package,bufber-xor,https://security.snyk.io/vuln/SNYK-JS-BUFBERXOR-474555,,False,* ,n/a
Command Injection,pm2,https://security.snyk.io/vuln/SNYK-JS-PM2-474345,,True,<4.3.0 ,https://github.com/Unitech/pm2/pull/4595/commits/4c40fe54005575848bf169344e47e05a5c555574
Unauthorized File Access,node-git-server,https://security.snyk.io/vuln/SNYK-JS-NODEGITSERVER-474343,,False,<0.6.1 ,https://github.com/gabrielcsapo/node-git-server/commit/ac26650f69bc445d71e4f2c55328676d10a4be43
Command Injection,pm2,https://security.snyk.io/vuln/SNYK-JS-PM2-474304,,True,<4.3.0 ,n/a
Denial of Service (DoS),express-fileupload,https://security.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-473997,,False,<1.1.6-alpha.6 ,n/a
Denial of Service (DoS),vue-apollo,https://security.snyk.io/vuln/SNYK-JS-VUEAPOLLO-474013,,False,>=3.0.0-alpha.1 <3.0.0 ,https://github.com/vuejs/vue-apollo/commit/c3b840c368d50cb21f7410119a50443596baa537
Cross-site Scripting (XSS),easy-autocomplete,https://security.snyk.io/vuln/SNYK-JS-EASYAUTOCOMPLETE-473996,,False,* ,n/a
Cross-site Scripting (XSS),ant-design-pro,https://security.snyk.io/vuln/SNYK-JS-ANTDESIGNPRO-473995,CVE-2019-18350,False,* ,https://github.com/ant-design/ant-design-pro/commit/840034ca90a66ebe7835934cffcb85654e86f593
Cross-site Scripting (XSS),hexo-admin,https://security.snyk.io/vuln/SNYK-JS-HEXOADMIN-473901,,False,* ,n/a
Denial of Service (DoS),mongodb,https://security.snyk.io/vuln/SNYK-JS-MONGODB-473855,,False,<3.1.13 ,n/a
Sandbox Bypass,vm2,https://security.snyk.io/vuln/SNYK-JS-VM2-473188,CVE-2019-10761,True,<3.6.11 ,https://github.com/patriksimek/vm2/commit/4b22d704e4794af63a5a2d633385fd20948f6f90
Remote Code Execution (RCE),mongo-express,https://security.snyk.io/vuln/SNYK-JS-MONGOEXPRESS-473215,CVE-2019-10758,True,<0.54.0 ,n/a
Relative Path Overwrite (RPO),swagger-ui,https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-472935,CVE-2019-17495,False,<3.23.11 ,https://github.com/springfox/springfox/commit/26f72f0d16b166e12c20255a4ee907dc10685cf8#diff-97232cc54495752f2b1fbafb152d5d04e19e8e4b3ede08c67e1966233c9a19e1
Information Exposure,mongoose,https://security.snyk.io/vuln/SNYK-JS-MONGOOSE-472486,CVE-2019-17426,False,<4.13.21 >=5.0.0 <5.7.5 ,https://github.com/Automattic/mongoose/commit/f3eca5b94d822225c04e96cbeed9f095afb3c31c
Regular Expression Denial of Service (ReDoS),simple-markdown,https://security.snyk.io/vuln/SNYK-JS-SIMPLEMARKDOWN-469242,,True,<0.6.1 ,https://github.com/Khan/simple-markdown/commit/015a719bf5cdc561feea05500ecb3274ef609cd2
Regular Expression Denial of Service (ReDoS),markdown-it,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-459438,,False,<10.0.0 ,https://github.com/markdown-it/markdown-it/commit/07a62c6c751455da95a4ec9dfad2576b9dcd766a
Directory Traversal,statics-server,https://security.snyk.io/vuln/SNYK-JS-STATICSSERVER-472065,CVE-2019-15596,True,* ,n/a
SQL Injection,knex,https://security.snyk.io/vuln/SNYK-JS-KNEX-471962,CVE-2019-10757,False,<0.19.5 ,https://github.com/tgriesser/knex/commit/988fb243898d746a759d422762685a79eddf99ca
Cross-site Scripting (XSS),node-red-dashboard,https://security.snyk.io/vuln/SNYK-JS-NODEREDDASHBOARD-471939,CVE-2019-10756,False,<2.17.0 ,https://github.com/node-red/node-red-dashboard/commit/870382792f679b0a6bbf45b29ca7f6428e51623b
Denial of Service (DoS),angular,https://security.snyk.io/vuln/SNYK-JS-ANGULAR-471885,,False,<1.6.3 ,https://github.com/angular/angular.js/commit/3bb1dd5d7f7dcde6fea5a3148f8f10e92f451e9d
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/SNYK-JS-ANGULAR-471882,,False,<1.6.5 ,https://github.com/angular/angular.js/commit/8f31f1ff43b673a24f84422d5c13d6312b2c4d94
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/SNYK-JS-ANGULAR-471879,,False,<1.6.0-rc.0 ,https://github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4
Authentication Bypass,http-auth,https://security.snyk.io/vuln/SNYK-JS-HTTPAUTH-471683,,False,<3.2.4 ,n/a
Outdated Static Dependency,ses,https://security.snyk.io/vuln/SNYK-JS-SES-471681,,False,<0.6.3 ,n/a
Sandbox Breakout,realms-shim,https://security.snyk.io/vuln/SNYK-JS-REALMSSHIM-471680,,False,<1.2.0 ,n/a
Denial of Service (DoS),apostrophe,https://security.snyk.io/vuln/SNYK-JS-APOSTROPHE-471679,,False,<2.97.1 ,n/a
Malicious Package,comander,https://security.snyk.io/vuln/SNYK-JS-COMANDER-471676,,False,* ,n/a
Malicious Package,bmap,https://security.snyk.io/vuln/SNYK-JS-BMAP-471675,,False,<1.0.3 ,n/a
Malicious Package,pizza-pasta,https://security.snyk.io/vuln/SNYK-JS-PIZZAPASTA-471670,,False,=1.0.3 ,n/a
Malicious Package,8.9.4,https://security.snyk.io/vuln/SNYK-JS-894-471667,,False,* ,n/a
Malicious Package,log-symboles,https://security.snyk.io/vuln/SNYK-JS-LOGSYMBOLES-471671,,False,* ,n/a
Malicious Package,require-port,https://security.snyk.io/vuln/SNYK-JS-REQUIREPORT-471682,,False,=1.0.0 ,n/a
Malicious Package,yeoman-genrator,https://security.snyk.io/vuln/SNYK-JS-YEOMANGENRATOR-471678,,False,=2.0.2 ,n/a
Malicious Package,ember_cli_babe,https://security.snyk.io/vuln/SNYK-JS-EMBERCLIBABE-471668,,False,* ,n/a
Malicious Package,uglyfi.js,https://security.snyk.io/vuln/SNYK-JS-UGLYFIJS-471672,,False,* ,n/a
Man-in-the-Middle (MitM),https-proxy-agent,https://security.snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131,,True,<2.2.3 ,https://github.com/TooTallNate/node-https-proxy-agent/commit/36d8cf509f877fa44f4404fce57ebaf9410fe51b
XML External Entity (XXE) Injection,dbus,https://security.snyk.io/vuln/SNYK-JS-DBUS-540502,CVE-2018-20843,False,* ,https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
Reverse Tabnabbing,showdown,https://security.snyk.io/vuln/SNYK-JS-SHOWDOWN-469487,,False,<1.9.1 ,n/a
Configuration Override,helmet-csp,https://security.snyk.io/vuln/SNYK-JS-HELMETCSP-469436,,False,>=1.2.2 <2.9.2 ,https://github.com/helmetjs/csp/commit/67a69baafa8198a154f0505a0cf0875f76f6186a
Denial of Service (DoS),http-live-simulator,https://security.snyk.io/vuln/SNYK-JS-HTTPLIVESIMULATOR-469235,,True,>=1.0.7 <1.0.8 ,https://github.com/prahladyeri/http-live-simulator/commit/f9f13b5bfc4f95eeeb33c850f58425e65a71aa5a
Cross-site Scripting (XSS),pdfjs-dist,https://security.snyk.io/vuln/SNYK-JS-PDFJSDIST-469200,CVE-2018-5158,False,<2.0.943 ,https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97
Cross-site Scripting (XSS),@novnc/novnc,https://security.snyk.io/vuln/SNYK-JS-NOVNCNOVNC-469136,CVE-2017-18635,True,<0.6.2 ,https://github.com/novnc/noVNC/commit/6048299a138e078aed210f163111698c8c526a13#diff-286f7dc7b881e942e97cd50c10898f03L534
Prototype Pollution,handlebars,https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-469063,CVE-2019-19919,False,>=4.0.0 <4.3.0 <3.8.0 ,https://github.com/wycats/handlebars.js/commit/213c0bbe3c4bd83a534d67384e5afa0000347ff6
Cross-site Scripting (XSS),dompurify,https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-468981,CVE-2019-16728,False,<2.0.3 ,n/a
Malicious Package,discord.js-user,https://security.snyk.io/vuln/SNYK-JS-DISCORDJSUSER-467462,,False,* ,n/a
Cross-site Scripting (XSS),@botpress/channel-web,https://security.snyk.io/vuln/SNYK-JS-BOTPRESSCHANNELWEB-466988,,False,<12.1.4 ,https://github.com/botpress/botpress/commit/40bf2d736acf147269db192fd383869010f99ca9
Remote Code Execution (RCE),notevil,https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-467405,,False,<1.3.2 ,https://github.com/mmckegg/notevil/commit/5a2292f92096d73732df5a49698c231eeadbf032
Regular Expression Denial of Service (ReDoS),csv-parse,https://security.snyk.io/vuln/SNYK-JS-CSVPARSE-467403,CVE-2019-17592,False,<4.4.6 ,https://github.com/adaltas/node-csv-parse/commit/b9d35940c6815cdf1dfd6b21857a1f6d0fd51e4a
Credential Exposure,ibm_db,https://security.snyk.io/vuln/SNYK-JS-IBMDB-459762,,False,<2.6.0 ,https://github.com/ibmdb/node-ibm_db/commit/526c88b5eedc605274def65405279f6708d91ce8
Denial of Service (DoS),@hapi/subtext,https://security.snyk.io/vuln/SNYK-JS-HAPISUBTEXT-467262,,False,<6.1.2 ,https://github.com/brave-intl/subtext/commit/9557c115b1384191a0d6e4a9ea028fedf8b44ae6
Denial of Service (DoS),@commercial/subtext,https://security.snyk.io/vuln/SNYK-JS-COMMERCIALSUBTEXT-467263,,False,<5.1.1 ,https://github.com/brave-intl/subtext/commit/9557c115b1384191a0d6e4a9ea028fedf8b44ae6
Denial of Service (DoS),subtext,https://security.snyk.io/vuln/SNYK-JS-SUBTEXT-467257,,False,* ,https://github.com/brave-intl/subtext/commit/9557c115b1384191a0d6e4a9ea028fedf8b44ae6
Arbitrary File Read,html-pdf,https://security.snyk.io/vuln/SNYK-JS-HTMLPDF-467248,CVE-2019-15138,False,<3.0.0 ,n/a
Cross-site Scripting (XSS),ids-enterprise,https://security.snyk.io/vuln/SNYK-JS-IDSENTERPRISE-467124,,False,<4.22.0-beta.0 ,https://github.com/infor-design/enterprise/commit/f4c296d3f9b9b6d89510987f0999f5cc452a8035
Arbitrary Code Execution,gitlabhook,https://security.snyk.io/vuln/SNYK-JS-GITLABHOOK-466987,CVE-2019-5485,True,* ,n/a
Cross-site Scripting (XSS),http_server,https://security.snyk.io/vuln/SNYK-JS-HTTPSERVER-466986,,False,* ,n/a
Insecure Randomness,generator-jhipster-kotlin,https://security.snyk.io/vuln/SNYK-JS-GENERATORJHIPSTERKOTLIN-466981,CVE-2019-16303,True,<1.2.0 ,n/a
Insecure Randomness,generator-jhipster,https://security.snyk.io/vuln/SNYK-JS-GENERATORJHIPSTER-466980,CVE-2019-16303,True,<6.3.0 ,n/a
Improper Access Control,cryptpad,https://security.snyk.io/vuln/SNYK-JS-CRYPTPAD-466668,CVE-2019-15302,False,<3.0.0 ,https://github.com/xwiki-labs/cryptpad/commit/a368948fb64407f939976dc80a8c1eda1b7220c2
Malicious Package,evil-package,https://security.snyk.io/vuln/SNYK-JS-EVILPACKAGE-461166,,False,* ,n/a
Remote Code Execution (RCE),total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-461099,CVE-2019-15954,True,>=3.1.0 ,n/a
Improper Access Control,total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-461096,CVE-2019-15953,False,>=3.1.0 ,n/a
Improper Authentication,total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-461098,CVE-2019-15955,False,>=3.1.0 ,n/a
Directory Traversal,total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-461097,CVE-2019-15952,False,>=3.1.0 <3.4.0 ,https://github.com/totaljs/framework/commit/fa6a0d7e3c256ae9b892a30273c5fe77fc99ffb5
Directory Traversal,larvitbase-www,https://security.snyk.io/vuln/SNYK-JS-LARVITBASEWWW-460645,,False,<0.7.6 ,https://github.com/larvit/larvitbase-www/commit/c73eefd490192cd438e9fbea86bfc5cb57309026
Information Exposure,seneca,https://security.snyk.io/vuln/SNYK-JS-SENECA-460597,CVE-2019-5483,False,<3.9.0 ,https://github.com/senecajs/seneca/commit/98af1536196d4461e050ab6b71ca7563ea79ed8f
Cross-site Scripting (XSS),mavon-editor,https://security.snyk.io/vuln/SNYK-JS-MAVONEDITOR-459108,,False,<2.8.2 ,https://github.com/hinesboy/mavonEditor/commit/5592ec3761bd3b5a12ba6f99ce3c4057c6e33f72
Regular Expression Denial of Service (ReDoS),simple-markdown,https://security.snyk.io/vuln/SNYK-JS-SIMPLEMARKDOWN-460540,,False,<0.5.2 ,https://github.com/Khan/simple-markdown/commit/89797fef9abb4cab2fb76a335968266a92588816
Malicious Package,mogodb,https://security.snyk.io/vuln/SNYK-JS-MOGODB-460529,,False,* ,n/a
Malicious Package,file-logging,https://security.snyk.io/vuln/SNYK-JS-FILELOGGING-460536,,False,* ,n/a
Malicious Package,k0a_multer,https://security.snyk.io/vuln/SNYK-JS-K0AMULTER-460532,,False,* ,n/a
Malicious Package,node-spdy,https://security.snyk.io/vuln/SNYK-JS-NODESPDY-460524,,False,* ,n/a
Malicious Package,import-mysql,https://security.snyk.io/vuln/SNYK-JS-IMPORTMYSQL-460535,,False,* ,n/a
Malicious Package,mysql-koa,https://security.snyk.io/vuln/SNYK-JS-MYSQLKOA-460526,,False,* ,n/a
Malicious Package,sparkies,https://security.snyk.io/vuln/SNYK-JS-SPARKIES-460521,,False,* ,n/a
Malicious Package,axios-http,https://security.snyk.io/vuln/SNYK-JS-AXIOSHTTP-460539,,False,* ,n/a
Malicious Package,axioss,https://security.snyk.io/vuln/SNYK-JS-AXIOSS-460538,,False,* ,n/a
Malicious Package,koa-body-parse,https://security.snyk.io/vuln/SNYK-JS-KOABODYPARSE-460531,,False,* ,n/a
Malicious Package,mogoose,https://security.snyk.io/vuln/SNYK-JS-MOGOOSE-460527,,False,* ,n/a
Malicious Package,mogodb-core,https://security.snyk.io/vuln/SNYK-JS-MOGODBCORE-460528,,False,* ,n/a
Malicious Package,mogobd,https://security.snyk.io/vuln/SNYK-JS-MOGOBD-460530,,False,* ,n/a
Malicious Package,body-parse-xml,https://security.snyk.io/vuln/SNYK-JS-BODYPARSEXML-460537,,False,* ,n/a
Malicious Package,js-base64-int,https://security.snyk.io/vuln/SNYK-JS-JSBASE64INT-460534,,False,* ,n/a
Malicious Package,js-regular,https://security.snyk.io/vuln/SNYK-JS-JSREGULAR-460533,,False,* ,n/a
Malicious Package,serilize,https://security.snyk.io/vuln/SNYK-JS-SERILIZE-460522,,False,* ,n/a
Malicious Package,serializes,https://security.snyk.io/vuln/SNYK-JS-SERIALIZES-460523,,False,* ,n/a
Malicious Package,node-ftp,https://security.snyk.io/vuln/SNYK-JS-NODEFTP-460525,,False,* ,n/a
Cross-site Scripting (XSS),webtorrent,https://security.snyk.io/vuln/SNYK-JS-WEBTORRENT-460351,CVE-2019-15782,False,<0.107.6 ,https://github.com/webtorrent/webtorrent/commit/22546df6d9ba9ca4523142d98b5e70f6db213f3e
Cross-site Scripting (XSS),vant,https://security.snyk.io/vuln/SNYK-JS-VANT-460461,,False,<2.1.8 ,n/a
Authorization Bypass,graphql-shield,https://security.snyk.io/vuln/SNYK-JS-GRAPHQLSHIELD-460445,,False,<6.0.6 ,n/a
Directory Traversal,public,https://security.snyk.io/vuln/SNYK-JS-PUBLIC-460390,,False,<0.1.3 ,https://github.com/tnantoka/public/commit/eae8ad8017b260f8667ded5e12801bd72b877af2
Cross-site Scripting (XSS),@ckeditor/ckeditor5-link,https://security.snyk.io/vuln/SNYK-JS-CKEDITORCKEDITOR5LINK-72892,CVE-2018-11093,False,<10.0.1 ,https://github.com/ckeditor/ckeditor5-link/commit/8cb782e
SQL Injection,connect-pg-simple,https://security.snyk.io/vuln/SNYK-JS-CONNECTPGSIMPLE-460154,CVE-2019-15658,False,<6.0.1 ,https://github.com/voxpelli/node-connect-pg-simple/commit/df61c9507f804ba72803e4f567c3cbcfa0a9d7e1
Reverse Tabnabbing,quill,https://security.snyk.io/vuln/SNYK-JS-QUILL-460312,,False,<1.3.7 ,n/a
Cross-site Scripting (XSS),status-board,https://security.snyk.io/vuln/SNYK-JS-STATUSBOARD-460295,CVE-2019-15479,False,* ,n/a
Cross-site Scripting (XSS),status-board,https://security.snyk.io/vuln/SNYK-JS-STATUSBOARD-460293,CVE-2019-15478,False,* ,n/a
Cross-site Scripting (XSS),cyberchef,https://security.snyk.io/vuln/SNYK-JS-CYBERCHEF-460296,CVE-2019-15532,False,<8.31.3 ,https://github.com/gchq/CyberChef/commit/01f0625d6a177f9c5df9281f12a27c814c2d8bcf
Directory Traversal,statichttpserver,https://security.snyk.io/vuln/SNYK-JS-STATICHTTPSERVER-460284,CVE-2019-5480,False,* ,n/a
Regular Expression Denial of Service (ReDoS),stylelint,https://security.snyk.io/vuln/SNYK-JS-STYLELINT-460283,,False,<11.0.0 ,https://github.com/stylelint/stylelint/commit/02f27983db9fe4c6ac5ba08d71fa284d13ea1fdf
Cross-site Scripting (XSS),selectize-plugin-a11y,https://security.snyk.io/vuln/SNYK-JS-SELECTIZEPLUGINA11Y-460243,CVE-2019-15482,False,<1.1.0 ,https://github.com/SLMNBJ/selectize-plugin-a11y/pull/9/commits/99c14f7644fdfc815625d7b54829e6c2dca31a8b
Arbitrary Code Execution,eslint-utils,https://security.snyk.io/vuln/SNYK-JS-ESLINTUTILS-460220,CVE-2019-15657,False,>=1.2.0 <1.4.1 ,https://github.com/mysticatea/eslint-utils/commit/08158db1c98fd71cf0f32ddefbc147e2620e724c
Invalid Curve Attack,openpgp,https://security.snyk.io/vuln/SNYK-JS-OPENPGP-460225,CVE-2019-9155,False,<4.2.1 ,https://github.com/openpgpjs/openpgpjs/pull/853/commits/7ba4f8c655e7fd7706e8d7334e44b40fdf56c43e
Improper Authentication,openpgp,https://security.snyk.io/vuln/SNYK-JS-OPENPGP-460247,CVE-2019-9154,False,<4.2.0 ,https://github.com/openpgpjs/openpgpjs/pull/797/commits/47138eed61473e13ee8f05931119d3e10542c5e1
Message Signature Bypass,openpgp,https://security.snyk.io/vuln/SNYK-JS-OPENPGP-460248,CVE-2019-9153,False,<4.2.0 ,https://github.com/openpgpjs/openpgpjs/pull/797/commits/327d3e5392a6f59a4270569d200c7f7a2bfc4cbc
Denial of Service (DoS),serialize-to-js,https://security.snyk.io/vuln/SNYK-JS-SERIALIZETOJS-460149,,False,<2.0.0 ,https://github.com/commenthol/serialize-to-js/pull/8/commits/ef723b5b2924b9a2369b3b12f2417f256660ae49
Command Injection,wizard-syncronizer,https://security.snyk.io/vuln/SNYK-JS-WIZARDSYNCRONIZER-460150,,False,* ,n/a
Arbitrary Code Execution,value-censorship,https://security.snyk.io/vuln/SNYK-JS-VALUECENSORSHIP-460151,,False,* ,n/a
Arbitrary Code Execution,cocos-utils,https://security.snyk.io/vuln/SNYK-JS-COCOSUTILS-460152,,False,* ,n/a
Malicious Package,bb-builder,https://security.snyk.io/vuln/SNYK-JS-BBBUILDER-460132,,False,* ,n/a
Prototype Pollution,mithril,https://security.snyk.io/vuln/SNYK-JS-MITHRIL-460113,,False,>=1.0.0 <1.1.7 >=2.0.0 <2.0.3 ,https://github.com/MithrilJS/mithril.js/commit/97fa1788c2184ff4b87fd3f558b7003f9eeee2b1
Improper Authorization,googleapis,https://security.snyk.io/vuln/SNYK-JS-GOOGLEAPIS-460104,,False,>=36.0.0 <39.1.0 ,https://github.com/googleapis/google-api-nodejs-client/pull/1605/commits/2233076da0838ec963c7b51a7f0ea68e3e3c2bb4
Directory Traversal,larvitbase-api,https://security.snyk.io/vuln/SNYK-JS-LARVITBASEAPI-459899,CVE-2019-5479,False,<0.5.5 ,https://github.com/larvit/larvitbase-api/commit/07ea896a3951172e5b742b9ab83b3592698ef91a
Arbitrary Code Injection,local-devices,https://security.snyk.io/vuln/SNYK-JS-LOCALDEVICES-459898,,False,<3.0.0 ,n/a
SQL Injection,sequelize,https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-459751,CVE-2019-10752,True,>=4.0.0 <4.44.3 >=5.0.0 <5.15.1 ,https://github.com/sequelize/sequelize/commit/9bd0bc111b6f502223edf7e902680f7cc2ed541e
Arbitrary Code Injection,addax,https://security.snyk.io/vuln/SNYK-JS-ADDAX-459559,,False,<1.1.0 ,https://github.com/seetransparent/addax/pull/2/commits/6c6c123086ee0ac40a070651c6d40d07f9dd657d
Arbitrary Code Injection,wxchangba,https://security.snyk.io/vuln/SNYK-JS-WXCHANGBA-459325,,False,* ,n/a
Malicious Package,pyramid-proportion,https://security.snyk.io/vuln/SNYK-JS-PYRAMIDPROPORTION-458731,,False,=1.0.5 ,n/a
Malicious Package,device-mqtt,https://security.snyk.io/vuln/SNYK-JS-DEVICEMQTT-458732,,False,=1.0.11 ,n/a
Malicious Package,pensi-scheduler,https://security.snyk.io/vuln/SNYK-JS-PENSISCHEDULER-458734,,False,=1.1.3 ,n/a
Malicious Package,slush-fullstack-framework,https://security.snyk.io/vuln/SNYK-JS-SLUSHFULLSTACKFRAMEWORK-458733,,False,=0.9.2 ,n/a
Malicious Package,zemen,https://security.snyk.io/vuln/SNYK-JS-ZEMEN-458633,,False,=0.0.5 ,n/a
Malicious Package,jquery-airload,https://security.snyk.io/vuln/SNYK-JS-JQUERYAIRLOAD-458582,,False,=0.2.5 ,n/a
Malicious Package,ngx-context-menu,https://security.snyk.io/vuln/SNYK-JS-NGXCONTEXTMENU-458623,,False,=0.0.26 ,n/a
Denial of Service (DoS),grpc-ts-health-check,https://security.snyk.io/vuln/SNYK-JS-GRPCTSHEALTHCHECK-456752,,False,<2.0.0 ,n/a
Malicious Package,cal_rd,https://security.snyk.io/vuln/SNYK-JS-CALRD-456750,,False,* ,n/a
Malicious Package,sailclothjs,https://security.snyk.io/vuln/SNYK-JS-SAILCLOTHJS-456749,,False,1.2.6 ,n/a
Malicious Package,uploader-plugin,https://security.snyk.io/vuln/SNYK-JS-UPLOADERPLUGIN-456751,,False,1.0.2 ,n/a
Cross-site Scripting (XSS),select2,https://security.snyk.io/vuln/SNYK-JS-SELECT2-456562,CVE-2016-10744,False,<4.0.8 ,https://github.com/select2/docs/commit/1c394a421b76f26b8923a9634437b99fb6bffec3
Cross-site Scripting (XSS),editor.md,https://security.snyk.io/vuln/SNYK-JS-EDITORMD-456539,CVE-2019-14653,False,* ,n/a
Cross-site Scripting (XSS),nodebb,https://security.snyk.io/vuln/SNYK-JS-NODEBB-456334,CVE-2015-9286,False,<0.8.2 ,https://github.com/NodeBB/NodeBB/pull/3371/commits/e24bd2c0e33f642e8fdbc0d6b6a52dc6624d0d9a
Remote Code Execution (RCE),haraka,https://security.snyk.io/vuln/SNYK-JS-HARAKA-456231,CVE-2016-1000282,False,<2.8.20 ,https://github.com/haraka/Haraka/commit/ff7646d879b1c21d0cfcd5f1d62eaf607cc452a8
DNS Rebinding,webtorrent,https://security.snyk.io/vuln/SNYK-JS-WEBTORRENT-456068,,False,<0.105.2 ,https://github.com/webtorrent/webtorrent/commit/8a0936f915c07c6a405caa2360e1c1255767345a
Cross-site Scripting (XSS),min-http-server,https://security.snyk.io/vuln/SNYK-JS-MINHTTPSERVER-456063,CVE-2019-5457,False,* ,n/a
Privilege Escalation,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-455615,CVE-2016-1202,False,<0.33.5 ,https://github.com/electron/electron/commit/9a2e2b365d061ec10cd861391fd5b1344af7194d
Arbitrary Command Injection,node-wifi,https://security.snyk.io/vuln/SNYK-JS-NODEWIFI-455846,,False,<2.0.12 ,https://github.com/friedrith/node-wifi/commit/0b19a2e7492fc78980fb0e19415b2947187fbee3
Arbitrary Code Execution,domokeeper,https://security.snyk.io/vuln/SNYK-JS-DOMOKEEPER-455475,,False,>=0.0.0 ,n/a
Account Enumeration,parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-455637,CVE-2019-1020013,False,<3.6.0 ,n/a
Denial of Service (DoS),parse-server,https://security.snyk.io/vuln/SNYK-JS-PARSESERVER-455635,CVE-2019-1020012,False,<3.4.1 ,https://github.com/parse-community/parse-server/commit/8709daf698ea69b59268cb66f0f7cee75b52daa5
Cross-site Scripting (XSS),plotly.js,https://security.snyk.io/vuln/SNYK-JS-PLOTLYJS-455599,CVE-2017-1000006,False,<1.10.4 >=1.11.0 <1.16.0 ,https://github.com/plotly/plotly.js/commit/0a1526de6ee872993cabac966ed6fdc67cd052f0
Cross-site Scripting (XSS),@risingstack/protect,https://security.snyk.io/vuln/SNYK-JS-RISINGSTACKPROTECT-455402,CVE-2018-1000160,False,* ,n/a
Cross-site Scripting (XSS),http-file-server,https://security.snyk.io/vuln/SNYK-JS-HTTPFILESERVER-455304,CVE-2019-5458,False,* ,n/a
Cross-site Scripting (XSS),console-feed,https://security.snyk.io/vuln/SNYK-JS-CONSOLEFEED-455290,,False,<2.8.10 ,n/a
Directory Traversal,@vivaxy/here,https://security.snyk.io/vuln/SNYK-JS-VIVAXYHERE-455285,,True,<3.2.2 ,https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2
Malicious Package,json-serializer,https://security.snyk.io/vuln/SNYK-JS-JSONSERIALIZER-455284,,False,=2.0.10 ,n/a
Arbitrary Code Injection,tomato,https://security.snyk.io/vuln/SNYK-JS-TOMATO-455283,,False,* ,n/a
Malicious Package,browserift,https://security.snyk.io/vuln/SNYK-JS-BROWSERIFT-455282,,False,* ,n/a
Malicious Package,maleficent,https://security.snyk.io/vuln/SNYK-JS-MALEFICENT-455281,,False,* ,n/a
Arbitrary Code Injection,expressfs,https://security.snyk.io/vuln/SNYK-JS-EXPRESSFS-455280,,False,* ,n/a
Authentication Bypass,otpauth,https://security.snyk.io/vuln/SNYK-JS-OTPAUTH-451697,,False,<3.2.8 ,https://github.com/hectorm/otpauth/commit/662ee16acfd92571a86e3efeeefff246abe8be78
Access Restriction Bypass,msrcrypto,https://security.snyk.io/vuln/SNYK-JS-MSRCRYPTO-451668,CVE-2018-8319,False,<1.4.1 ,n/a
Malicious Package,fast-requests,https://security.snyk.io/vuln/SNYK-JS-FASTREQUESTS-451664,,False,>=0.0.0 ,n/a
Malicious Package,cage-js,https://security.snyk.io/vuln/SNYK-JS-CAGEJS-451665,,False,>=0.0.0 ,n/a
Directory Traversal,atompm,https://security.snyk.io/vuln/SNYK-JS-ATOMPM-451662,,False,<0.8.2 ,https://github.com/AToMPM/atompm/pull/75/commits/260a30f6f225ffde1fb4311e1a96dcc44a9a8c5a
Malicious Package,load-from-cwd-or-npm,https://security.snyk.io/vuln/SNYK-JS-LOADFROMCWDORNPM-451650,,False,>=3.0.2 <3.0.4 ,n/a
Malicious Package,rate-map,https://security.snyk.io/vuln/SNYK-JS-RATEMAP-451649,,False,>=1.0.3 <1.0.5 ,n/a
Cross-site Scripting (XSS),cmmn-js-properties-panel,https://security.snyk.io/vuln/SNYK-JS-CMMNJSPROPERTIESPANEL-451642,,False,<0.8.0 ,https://github.com/bpmn-io/bpmn-js-properties-panel/commit/c446cd41d7c9f459d3e48cd7fc35060090e02206
Cross-site Scripting (XSS),bpmn-js-properties-panel,https://security.snyk.io/vuln/SNYK-JS-BPMNJSPROPERTIESPANEL-451639,,False,<0.31.0 ,https://github.com/bpmn-io/bpmn-js-properties-panel/commit/c446cd41d7c9f459d3e48cd7fc35060090e02206
Cross-site Scripting (XSS),dmn-js-properties-panel,https://security.snyk.io/vuln/SNYK-JS-DMNJSPROPERTIESPANEL-451641,,False,<0.3.0 ,https://github.com/bpmn-io/bpmn-js-properties-panel/commit/c446cd41d7c9f459d3e48cd7fc35060090e02206
Directory Traversal,restify-swagger-jsdoc,https://security.snyk.io/vuln/SNYK-JS-RESTIFYSWAGGERJSDOC-451631,,False,<3.2.1 ,https://github.com/RemyJeancolas/restify-swagger-jsdoc/commit/52abae36aaf2c4147c25da7ac3698fe722f2d119
Improper Authorization,googleapis,https://security.snyk.io/vuln/SNYK-JS-GOOGLEAPIS-451632,,False,>=36.0.0 <39.1.0 ,https://github.com/googleapis/google-api-nodejs-client/commit/db5e0f25c64db76cb87c96b9515205b79e7e775e
Malicious Package,nodes.js,https://security.snyk.io/vuln/SNYK-JS-NODESJS-451630,,False,* ,n/a
Malicious Package,node-buc,https://security.snyk.io/vuln/SNYK-JS-NODEBUC-451578,,False,* ,n/a
Malicious Package,midway-dataproxy,https://security.snyk.io/vuln/SNYK-JS-MIDWAYDATAPROXY-451581,,False,* ,n/a
Malicious Package,ali-contributors,https://security.snyk.io/vuln/SNYK-JS-ALICONTRIBUTORS-451591,,False,* ,n/a
Malicious Package,leetlog,https://security.snyk.io/vuln/SNYK-JS-LEETLOG-451595,,False,>=0.1.2 ,n/a
Malicious Package,luna-mock,https://security.snyk.io/vuln/SNYK-JS-LUNAMOCK-451582,,False,* ,n/a
Malicious Package,retcodelog,https://security.snyk.io/vuln/SNYK-JS-RETCODELOG-451576,,False,* ,n/a
Malicious Package,alico,https://security.snyk.io/vuln/SNYK-JS-ALICO-451590,,False,* ,n/a
Malicious Package,alipayjsapi,https://security.snyk.io/vuln/SNYK-JS-ALIPAYJSAPI-451589,,False,* ,n/a
Malicious Package,my-very-own-package,https://security.snyk.io/vuln/SNYK-JS-MYVERYOWNPACKAGE-451594,,False,* ,n/a
Malicious Package,ali-contributor,https://security.snyk.io/vuln/SNYK-JS-ALICONTRIBUTOR-451592,,False,* ,n/a
Malicious Package,qingting,https://security.snyk.io/vuln/SNYK-JS-QINGTING-451577,,False,* ,n/a
Malicious Package,hsf-clients,https://security.snyk.io/vuln/SNYK-JS-HSFCLIENTS-451583,,False,* ,n/a
Malicious Package,midway-xtpl,https://security.snyk.io/vuln/SNYK-JS-MIDWAYXTPL-451580,,False,* ,n/a
Malicious Package,hpmm,https://security.snyk.io/vuln/SNYK-JS-HPMM-451584,,False,* ,n/a
Malicious Package,diamond-clien,https://security.snyk.io/vuln/SNYK-JS-DIAMONDCLIEN-451585,,False,* ,n/a
Malicious Package,cicada-render,https://security.snyk.io/vuln/SNYK-JS-CICADARENDER-451586,,False,* ,n/a
Malicious Package,next-util,https://security.snyk.io/vuln/SNYK-JS-NEXTUTIL-451579,,False,* ,n/a
Malicious Package,tiar,https://security.snyk.io/vuln/SNYK-JS-TIAR-451573,,False,* ,n/a
Malicious Package,river-mock,https://security.snyk.io/vuln/SNYK-JS-RIVERMOCK-451575,,False,* ,n/a
Malicious Package,secure_identity_login_module,https://security.snyk.io/vuln/SNYK-JS-SECUREIDENTITYLOGINMODULE-451574,,False,* ,n/a
Malicious Package,malicious-do-not-install,https://security.snyk.io/vuln/SNYK-JS-MALICIOUSDONOTINSTALL-451596,,False,* ,n/a
Malicious Package,only-test-not-install,https://security.snyk.io/vuln/SNYK-JS-ONLYTESTNOTINSTALL-451593,,False,* ,n/a
Malicious Package,antd-cloud,https://security.snyk.io/vuln/SNYK-JS-ANTDCLOUD-451588,,False,* ,n/a
Malicious Package,appx-compiler,https://security.snyk.io/vuln/SNYK-JS-APPXCOMPILER-451587,,False,* ,n/a
Directory Traversal,zero,https://security.snyk.io/vuln/SNYK-JS-ZERO-451569,,False,<1.0.6 ,n/a
Cross-site Scripting (XSS),jquery.json-viewer,https://security.snyk.io/vuln/SNYK-JS-JQUERYJSONVIEWER-451572,,False,<1.3.0 ,https://github.com/abodelot/jquery.json-viewer/commit/1c700fa3e4a9e85202aa85807fd19f56da80c9af
Man-in-the-Middle (MitM),yarn,https://security.snyk.io/vuln/SNYK-JS-YARN-451571,CVE-2019-5448,False,<1.17.3 ,https://github.com/yarnpkg/yarn/commit/2f08a7405cc3f6fe47c30293050bb0ac94850932
Directory Traversal,http-file-server,https://security.snyk.io/vuln/SNYK-JS-HTTPFILESERVER-451564,CVE-2019-5447,False,* ,n/a
Reverse Tabnabbing,quill,https://security.snyk.io/vuln/SNYK-JS-QUILL-451551,,False,<1.3.7 ,n/a
Cross-site Scripting (XSS),eco,https://security.snyk.io/vuln/SNYK-JS-ECO-451548,,False,* ,n/a
Information Exposure,kibana,https://security.snyk.io/vuln/SNYK-JS-KIBANA-451546,CVE-2016-10364,False,>=5.0.0 <5.0.2 ,n/a
Cross-site Request Forgery (CSRF),kibana,https://security.snyk.io/vuln/SNYK-JS-KIBANA-451545,CVE-2015-8131,False,<4.1.3 >=4.2.0 <4.2.1 ,n/a
Cross-site Scripting (XSS),oidc-provider,https://security.snyk.io/vuln/SNYK-JS-OIDCPROVIDER-451544,,False,<6.0.3 ,https://github.com/panva/node-oidc-provider/commit/6aedbab1f65c055b32c3d3f22f4ce120423da121
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/SNYK-JS-KIBANA-451541,CVE-2016-1000220,False,>=4.1.0 <4.1.11 >=4.5.0 <4.5.4 ,n/a
Regular Expression Denial of Service (ReDoS),marked,https://security.snyk.io/vuln/SNYK-JS-MARKED-451540,,False,<0.4.0 ,https://github.com/markedjs/marked/commit/09afabf69c6d0c919c03443f47bdfe476566105d
Arbitrary Code Execution,domokeeper,https://security.snyk.io/vuln/SNYK-JS-DOMOKEEPER-451513,,False,* ,n/a
Cross-site Scripting (XSS),mathjax,https://security.snyk.io/vuln/SNYK-JS-MATHJAX-451470,CVE-2018-1999024,False,<2.7.4 ,https://github.com/mathjax/MathJax/commit/a55da396c18cafb767a26aa9ad96f6f4199852f1
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/SNYK-JS-KIBANA-451475,CVE-2016-10366,False,>=4.3.0 <4.6.2 ,n/a
Open Redirect,kibana,https://security.snyk.io/vuln/SNYK-JS-KIBANA-451474,CVE-2016-10365,False,<4.6.2 >=5.0.0 <5.0.1 ,n/a
Prototype Pollution,@sailshq/lodash,https://security.snyk.io/vuln/SNYK-JS-SAILSHQLODASH-460129,CVE-2019-10744,True,<3.10.4 ,n/a
Prototype Pollution,lodash,https://security.snyk.io/vuln/SNYK-JS-LODASH-450202,CVE-2019-10744,True,<4.17.12 ,n/a
Regular Expression Denial of Service (ReDoS),marked,https://security.snyk.io/vuln/SNYK-JS-MARKED-451341,,False,>=0.4.0 <0.7.0 ,https://github.com/markedjs/marked/commit/0ee3aa988b3e846a1952813f9eeaa96c85b3d8f5
Cross-site Scripting (XSS),mxgraph,https://security.snyk.io/vuln/SNYK-JS-MXGRAPH-451302,CVE-2019-13127,False,<4.0.0 ,https://github.com/jgraph/mxgraph/commit/76e8e2809b622659a9c5ffdc4f19922b7a68cfa3
Cross-site Scripting (XSS),takeapeek,https://security.snyk.io/vuln/SNYK-JS-TAKEAPEEK-451265,,False,* ,n/a
Open Redirect,apostrophe,https://security.snyk.io/vuln/SNYK-JS-APOSTROPHE-451089,,False,<2.92.0 ,https://github.com/apostrophecms/apostrophe/commit/1eba144bb82bd43dab72ce36cfbd593361b6d9b7
Arbitrary Code Execution,require-node,https://security.snyk.io/vuln/SNYK-JS-REQUIRENODE-451045,,False,>=1.0.0 <1.3.4 >2.0.0 <2.0.4 ,https://github.com/luoshaohua/require-node/commit/2594c3ea4b405a35920c840d390d5c14dae72217
Prototype Pollution,deeply,https://security.snyk.io/vuln/SNYK-JS-DEEPLY-451026,CVE-2019-10750,True,<3.1.0 ,https://github.com/alexindigo/deeply/commit/6eccb2f03ec8d3eefc6805053c4cc2a36aab1505
Cross-site Scripting (XSS),graylog-web-interface,https://security.snyk.io/vuln/SNYK-JS-GRAYLOGWEBINTERFACE-451022,CVE-2018-14380,False,<2.4.6 ,https://github.com/Graylog2/graylog2-server/commit/52d54c86b8050b554db4146c241167c8d444a1dc
Malicious Package,rpc-websocket,https://security.snyk.io/vuln/SNYK-JS-RPCWEBSOCKET-451021,,False,>=0.7.6 ,n/a
Malicious Package,blingjs,https://security.snyk.io/vuln/SNYK-JS-BLINGJS-451007,,False,=0.0.4 ,n/a
Malicious Package,freshdom,https://security.snyk.io/vuln/SNYK-JS-FRESHDOM-450987,,False,=0.0.6 ,n/a
Malicious Package,jasmin,https://security.snyk.io/vuln/SNYK-JS-JASMIN-451020,,False,=0.0.3 ,n/a
Malicious Package,rc-calendar-jhorst,https://security.snyk.io/vuln/SNYK-JS-RCCALENDARJHORST-450980,,False,=8.4.3 ,n/a
Malicious Package,another-date-range-picker,https://security.snyk.io/vuln/SNYK-JS-ANOTHERDATERANGEPICKER-451011,,False,=4.1.48 ,n/a
Malicious Package,impala,https://security.snyk.io/vuln/SNYK-JS-IMPALA-450989,,False,=1.1.7 ,n/a
Malicious Package,awesome_react_utility,https://security.snyk.io/vuln/SNYK-JS-AWESOMEREACTUTILITY-451009,,False,=1.0.2 ,n/a
Malicious Package,angular-material-sidenav-rnd,https://security.snyk.io/vuln/SNYK-JS-ANGULARMATERIALSIDENAVRND-451015,,False,=0.1.1 ,n/a
Malicious Package,another-date-picker,https://security.snyk.io/vuln/SNYK-JS-ANOTHERDATEPICKER-451013,,False,>=2.0.43 <2.0.45 ,n/a
Malicious Package,oauth-validator,https://security.snyk.io/vuln/SNYK-JS-OAUTHVALIDATOR-450982,,False,=1.0.2 ,n/a
Malicious Package,angular-bmap,https://security.snyk.io/vuln/SNYK-JS-ANGULARBMAP-451017,,False,=0.0.9 ,n/a
Malicious Package,cordova-plugin-china-picker,https://security.snyk.io/vuln/SNYK-JS-CORDOVAPLUGINCHINAPICKER-451001,,False,=1.0.910 ,n/a
Malicious Package,dossier,https://security.snyk.io/vuln/SNYK-JS-DOSSIER-450994,,False,=0.0.4 ,n/a
Malicious Package,coffee-project,https://security.snyk.io/vuln/SNYK-JS-COFFEEPROJECT-451003,,False,=1.7.5 ,n/a
Malicious Package,s3asy,https://security.snyk.io/vuln/SNYK-JS-S3ASY-450971,,False,=0.4.8 ,n/a
Malicious Package,codify,https://security.snyk.io/vuln/SNYK-JS-CODIFY-451005,,False,=0.3.1 ,n/a
Malicious Package,xoc,https://security.snyk.io/vuln/SNYK-JS-XOC-450974,,False,=1.0.7 ,n/a
Malicious Package,@impala/bmap,https://security.snyk.io/vuln/SNYK-JS-IMPALABMAP-451019,,False,=1.0.3 ,n/a
Malicious Package,simple-alipay,https://security.snyk.io/vuln/SNYK-JS-SIMPLEALIPAY-450975,,False,=1.0.1 ,n/a
Malicious Package,nginxbeautifier,https://security.snyk.io/vuln/SNYK-JS-NGINXBEAUTIFIER-450973,,False,=1.0.14 ,n/a
Malicious Package,react-dates-sc,https://security.snyk.io/vuln/SNYK-JS-REACTDATESSC-450978,,False,=0.3.0 ,n/a
Malicious Package,css_transform_support,https://security.snyk.io/vuln/SNYK-JS-CSSTRANSFORMSUPPORT-450997,,False,=1.0.2 ,n/a
Malicious Package,react-server-native,https://security.snyk.io/vuln/SNYK-JS-REACTSERVERNATIVE-450976,,False,=0.0.7 ,n/a
Malicious Package,modlibrary,https://security.snyk.io/vuln/SNYK-JS-MODLIBRARY-450984,,False,=0.1.1 ,n/a
Malicious Package,css_transform_step,https://security.snyk.io/vuln/SNYK-JS-CSSTRANSFORMSTEP-450999,,False,=1.0.6 ,n/a
Malicious Package,dynamo-schema,https://security.snyk.io/vuln/SNYK-JS-DYNAMOSCHEMA-450992,,False,=0.0.3 ,n/a
Malicious Package,dictum.js,https://security.snyk.io/vuln/SNYK-JS-DICTUMJS-450959,,False,>=1.0.5 ,n/a
Malicious Package,axois,https://security.snyk.io/vuln/SNYK-JS-AXOIS-450958,,False,* ,n/a
Malicious Package,regenraotr,https://security.snyk.io/vuln/SNYK-JS-REGENRAOTR-450957,,False,* ,n/a
Malicious Package,regenrator,https://security.snyk.io/vuln/SNYK-JS-REGENRATOR-450956,,False,* ,n/a
Malicious Package,soket.js,https://security.snyk.io/vuln/SNYK-JS-SOKETJS-450934,,False,* ,n/a
Malicious Package,soket.io,https://security.snyk.io/vuln/SNYK-JS-SOKETIO-450954,,False,* ,n/a
Directory Traversal,serve-here.js,https://security.snyk.io/vuln/SNYK-JS-SERVEHEREJS-450884,CVE-2019-5444,False,<1.2.0 ,https://github.com/ChristoPy/serve-here.js/commit/cefb51d03290b6a88dd13143ab2de31b8cf57c39
Cross-site Scripting (XSS),keystone,https://security.snyk.io/vuln/SNYK-JS-KEYSTONE-450882,,False,<4.0.0-beta.1 ,n/a
Cross-site Scripting (XSS),keystone,https://security.snyk.io/vuln/SNYK-JS-KEYSTONE-450881,,False,<4.0.0-beta.1 ,n/a
SQL Injection,sequelize,https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-450222,CVE-2019-10749,True,<3.35.1 ,https://github.com/sequelize/sequelize/commit/ee4017379db0059566ecb5424274ad4e2d66bc68
SQL Injection,sequelize,https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-450221,CVE-2019-10748,True,>=3.0.0 <3.35.1 >=4.0.0 <4.44.3 >=5.0.0 <5.8.11 ,https://github.com/sequelize/sequelize/commit/a72a3f5
Cross-site Scripting (XSS),@berslucas/liljs,https://security.snyk.io/vuln/SNYK-JS-BERSLUCASLILJS-450217,,False,<1.0.2 ,https://github.com/bersLucas/liljs/commit/779c0dcd8aba434a1c94db7d1d2d990a629f9a6c
Prototype Pollution,set-value,https://security.snyk.io/vuln/SNYK-JS-SETVALUE-450213,CVE-2019-10747,True,<2.0.1 >=3.0.0 <3.0.1 ,https://github.com/jonschlinkert/set-value/commit/95e9d9923f8a8b4a01da1ea138fcc39ec7b6b15f
Prototype Pollution,mixin-deep,https://security.snyk.io/vuln/SNYK-JS-MIXINDEEP-450212,CVE-2019-10746,True,>=2.0.0 <2.0.1 <1.3.2 ,https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9
Prototype Pollution,assign-deep,https://security.snyk.io/vuln/SNYK-JS-ASSIGNDEEP-450211,CVE-2019-10745,True,>=1.0.0 <1.0.1 <0.4.8 ,https://github.com/jonschlinkert/assign-deep/commit/90bf1c551d05940898168d04066bbf15060f50cc
Malicious Package,smartsearchwp,https://security.snyk.io/vuln/SNYK-JS-SMARTSEARCHWP-450210,,False,>0.0.1-security ,n/a
SQL Injection,untitled-model,https://security.snyk.io/vuln/SNYK-JS-UNTITLEDMODEL-450197,,False,* ,n/a
Cross-site Scripting (XSS),diagram-js,https://security.snyk.io/vuln/SNYK-JS-DIAGRAMJS-449956,,False,<2.6.2 >=3.0.0 <3.3.1 ,https://github.com/bpmn-io/diagram-js/commit/2565c40449379284a55163f290ec812db34244d1
Cross-site Scripting (XSS),diagram-js-direct-editing,https://security.snyk.io/vuln/SNYK-JS-DIAGRAMJSDIRECTEDITING-450046,,False,<1.4.3 ,https://github.com/bpmn-io/diagram-js/commit/2565c40449379284a55163f290ec812db34244d1
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-449942,,False,>=2.0.3 <2.0.24 ,https://github.com/swagger-api/swagger-ui/pull/541/commits/5da60bfa626ef6acc929f4460afd7258f9e968b8
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-449941,,True,>=3.0.0 <3.0.13 ,n/a
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-449940,CVE-2016-5682,False,<2.2.1 ,n/a
SQL Injection,resquel,https://security.snyk.io/vuln/SNYK-JS-RESQUEL-449938,,False,* ,n/a
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-449921,,False,<3.20.9 ,https://github.com/swagger-api/swagger-ui/commit/1e184e8e218676278c83e60a45846c199ce3d15e
Denial of Service (DoS),keycloak-connect,https://security.snyk.io/vuln/SNYK-JS-KEYCLOAKCONNECT-461168,CVE-2019-10157,False,<4.4.0 ,https://github.com/keycloak/keycloak-nodejs-connect/commit/55e54b55d05ba636bc125a8f3d39f0052d13f8f6
Reverse Tabnabbing,swagger-ui,https://security.snyk.io/vuln/SNYK-JS-SWAGGERUI-449808,,False,<3.18.0 ,https://github.com/swagger-api/swagger-ui/pull/4789/commits/3f4cae3334fdd492a373f4453bd03a9ebd87becf
User Impersonation,converse.js,https://security.snyk.io/vuln/SNYK-JS-CONVERSEJS-449664,CVE-2017-5858,False,<1.0.7 >=2.0.0 <2.0.5 ,https://github.com/conversejs/converse.js/commit/42f249cabbbf5c026398e6d3b350f6f9536ea572
Cross-site Request Forgery (CSRF),keystone,https://security.snyk.io/vuln/SNYK-JS-KEYSTONE-449663,CVE-2017-16570,False,<4.0.0-beta.7 ,https://github.com/keystonejs/keystone/commit/358857e5a9bec81de6dc7d0200ac7b81e793f342
Cross-site Scripting (XSS),ids-enterprise,https://security.snyk.io/vuln/SNYK-JS-IDSENTERPRISE-449634,,False,<4.18.2 ,https://github.com/infor-design/enterprise/pull/2294/commits/6bd74d8f38c268b22f31e8169316e065e0093362
Cross-site Scripting (XSS),ids-enterprise,https://security.snyk.io/vuln/SNYK-JS-IDSENTERPRISE-449633,,False,<4.18.2 ,n/a
Malicious Package,colro-name,https://security.snyk.io/vuln/SNYK-JS-COLRONAME-449541,,False,* ,n/a
Malicious Package,radic-util,https://security.snyk.io/vuln/SNYK-JS-RADICUTIL-449525,,False,>1.0.1 <1.0.3 ,n/a
Malicious Package,vue-backbone,https://security.snyk.io/vuln/SNYK-JS-VUEBACKBONE-449522,,False,>0.1.1 <0.1.3 ,n/a
Malicious Package,angular-location-update,https://security.snyk.io/vuln/SNYK-JS-ANGULARLOCATIONUPDATE-449537,,False,>0.0.2 <0.0.4 ,n/a
Malicious Package,react-datepicker-plus,https://security.snyk.io/vuln/SNYK-JS-REACTDATEPICKERPLUS-449521,,False,>2.4.1 <2.4.4 ,n/a
Malicious Package,ngx-pica,https://security.snyk.io/vuln/SNYK-JS-NGXPICA-449519,,False,>1.1.4 <1.1.6 ,n/a
Malicious Package,jekyll-for-github-projects,https://security.snyk.io/vuln/SNYK-JS-JEKYLLFORGITHUBPROJECTS-449531,,False,>0.2.11 <0.2.13 ,n/a
Malicious Package,github-jquery-widgets,https://security.snyk.io/vuln/SNYK-JS-GITHUBJQUERYWIDGETS-449534,,False,>0.1.1 <0.1.3 ,n/a
Malicious Package,mx-nested-menu,https://security.snyk.io/vuln/SNYK-JS-MXNESTEDMENU-449520,,False,>0.1.29 <0.1.31 ,n/a
Malicious Package,ember-power-timepicker,https://security.snyk.io/vuln/SNYK-JS-EMBERPOWERTIMEPICKER-449536,,False,>1.0.7 <1.0.9 ,n/a
Malicious Package,grunt-radic,https://security.snyk.io/vuln/SNYK-JS-GRUNTRADIC-449533,,False,>0.1.0 <0.1.2 ,n/a
Malicious Package,scroool,https://security.snyk.io/vuln/SNYK-JS-SCROOOL-449523,,False,>0.1.6 <0.1.8 ,n/a
Malicious Package,radicjs,https://security.snyk.io/vuln/SNYK-JS-RADICJS-449524,,False,>0.2.0 <0.2.2 ,n/a
Malicious Package,libubx,https://security.snyk.io/vuln/SNYK-JS-LIBUBX-449529,,False,>1.0.2 <1.0.4 ,n/a
Malicious Package,grunt-radical,https://security.snyk.io/vuln/SNYK-JS-GRUNTRADICAL-449532,,False,>0.0.13 <0.0.15 ,n/a
Malicious Package,precode.js,https://security.snyk.io/vuln/SNYK-JS-PRECODEJS-449526,,False,>1.1.0 <1.1.2 ,n/a
Malicious Package,motiv.scss,https://security.snyk.io/vuln/SNYK-JS-MOTIVSCSS-449528,,False,>0.4.19 <0.4.21 ,n/a
Malicious Package,pm-controls,https://security.snyk.io/vuln/SNYK-JS-PMCONTROLS-449518,,False,>1.1.7 <1.1.9 ,n/a
Malicious Package,geoheat,https://security.snyk.io/vuln/SNYK-JS-GEOHEAT-449535,,False,>1.3.1 <1.3.3 ,n/a
Malicious Package,ng-ui-library,https://security.snyk.io/vuln/SNYK-JS-NGUILIBRARY-449527,,False,>1.0.986 <1.0.988 ,n/a
Malicious Package,leaflet-gpx,https://security.snyk.io/vuln/SNYK-JS-LEAFLETGPX-449530,,False,>1.0.0 <1.0.2 ,n/a
Information Exposure,cordova-android,https://security.snyk.io/vuln/SNYK-JS-CORDOVAANDROID-174935,CVE-2016-6799,False,<6.0.0 ,https://github.com/apache/cordova-android/commit/4a0a7bc424fae14c9689f4a8a2dc250ae3a47f82
Cross-site Scripting (XSS),dojo,https://security.snyk.io/vuln/SNYK-JS-DOJO-174934,CVE-2010-2273,False,>=1.0.0 <1.0.3 >=1.1.0 <1.1.2 >=1.2.0 <1.2.4 >=1.3.0 <1.3.3 >=1.4.0 <1.4.2 ,n/a
Cross-site Scripting (XSS),dojo,https://security.snyk.io/vuln/SNYK-JS-DOJO-174933,CVE-2015-5654,False,<1.2.0 ,n/a
Malicious Package,electron-native-notify,https://security.snyk.io/vuln/SNYK-JS-ELECTRONNATIVENOTIFY-174928,,True,>0.0.1-security ,n/a
Arbitrary Code Injection,wiki-plugin-datalog,https://security.snyk.io/vuln/SNYK-JS-WIKIPLUGINDATALOG-449540,,False,<0.1.6 ,https://github.com/WardCunningham/wiki-plugin-datalog/commit/020aa6201319e5b76301a61b65268c94dc242fa7
SQL Injection,sails-mysql,https://security.snyk.io/vuln/SNYK-JS-SAILSMYSQL-174916,,False,<0.10.8 ,n/a
Prototype Pollution,@apollo/gateway,https://security.snyk.io/vuln/SNYK-JS-APOLLOGATEWAY-174915,,False,<0.6.2 ,n/a
Cross-site Scripting (XSS),ag-grid-community,https://security.snyk.io/vuln/SNYK-JS-AGGRIDCOMMUNITY-174884,,False,<14.0.0 ,n/a
Malicious Package,angluar-cli,https://security.snyk.io/vuln/SNYK-JS-ANGLUARCLI-174911,,False,=0.0.1 =0.0.2 =0.0.3 ,n/a
Malicious Package,epress,https://security.snyk.io/vuln/SNYK-JS-EPRESS-174910,,False,=4.13.2 ,n/a
Malicious Package,font-scrubber,https://security.snyk.io/vuln/SNYK-JS-FONTSCRUBBER-174909,,False,=1.0.0 =1.1.0 =1.1.1 =1.1.2 =1.1.3 =1.1.4 =1.2.0 =1.2.1 =1.2.2 ,n/a
Malicious Package,commqnder,https://security.snyk.io/vuln/SNYK-JS-COMMQNDER-174908,,False,=1.0.0 =2.11.1 =2.11.2 ,n/a
Malicious Package,blubird,https://security.snyk.io/vuln/SNYK-JS-BLUBIRD-174905,,False,=3.5.0 ,n/a
Malicious Package,commmander,https://security.snyk.io/vuln/SNYK-JS-COMMMANDER-449539,,False,>0.0.1-security ,n/a
Cross-site Scripting (XSS),ids-enterprise,https://security.snyk.io/vuln/SNYK-JS-IDSENTERPRISE-174903,,False,<4.18.2 ,https://github.com/infor-design/enterprise/pull/2294/commits/6bd74d8f38c268b22f31e8169316e065e0093362
Malicious Package,hulp,https://security.snyk.io/vuln/SNYK-JS-HULP-174889,,False,* ,n/a
Malicious Package,tensorplow,https://security.snyk.io/vuln/SNYK-JS-TENSORPLOW-174892,,False,* ,n/a
Malicious Package,kraken-api,https://security.snyk.io/vuln/SNYK-JS-KRAKENAPI-174898,,False,>=0.1.8 <1.0.0 ,n/a
Malicious Package,rimrafall,https://security.snyk.io/vuln/SNYK-JS-RIMRAFALL-174894,,False,=0.0.1 =1.0.0 =2.0.0 ,n/a
Malicious Package,bowe,https://security.snyk.io/vuln/SNYK-JS-BOWE-174868,,False,* ,n/a
Malicious Package,whiteproject,https://security.snyk.io/vuln/SNYK-JS-WHITEPROJECT-174865,,False,* ,n/a
Malicious Package,require-ports,https://security.snyk.io/vuln/SNYK-JS-REQUIREPORTS-174893,,False,=10.4.0 =1.0.0 ,n/a
Malicious Package,yeoman-genrator,https://security.snyk.io/vuln/SNYK-JS-YEOMANGENRATOR-174895,,False,=1.0.0 =3.1.1 ,n/a
Malicious Package,colour-string,https://security.snyk.io/vuln/SNYK-JS-COLOURSTRING-174850,,False,=1.5.3 =1.0.0 ,n/a
Malicious Package,logsymbles,https://security.snyk.io/vuln/SNYK-JS-LOGSYMBLES-174886,,False,=2.2.0 ,n/a
Malicious Package,jquerz,https://security.snyk.io/vuln/SNYK-JS-JQUERZ-174887,,False,=1.0.1 =1.0.0 ,n/a
Malicious Package,jqeury,https://security.snyk.io/vuln/SNYK-JS-JQEURY-174888,,False,=3.3.1 =1.0.0 ,n/a
Malicious Package,froever,https://security.snyk.io/vuln/SNYK-JS-FROEVER-174890,,False,=1.0.0 =2.3.1 ,n/a
Malicious Package,foever,https://security.snyk.io/vuln/SNYK-JS-FOEVER-174891,,False,=1.0.0 =0.15.3 ,n/a
Malicious Package,uglyfi-js,https://security.snyk.io/vuln/SNYK-JS-UGLYFIJS-174897,,False,=1.0.0 =3.4.6 ,n/a
Denial of Service (DoS),ipfs-bitswap,https://security.snyk.io/vuln/SNYK-JS-IPFSBITSWAP-174847,,False,>=0.10.0 <0.24.1 ,n/a
Malicious Package,bowee,https://security.snyk.io/vuln/SNYK-JS-BOWEE-174833,,False,* ,n/a
SQL Injection,loopback,https://security.snyk.io/vuln/SNYK-JS-LOOPBACK-174846,,False,>=3.0.0 <3.26.0 <2.42.0 ,https://github.com/strongloop/loopback/commit/58a0e6c8e95c346442a055510bc14e36207e7d85
Filter Bypass,express-validator,https://security.snyk.io/vuln/SNYK-JS-EXPRESSVALIDATOR-174763,,True,>=4.2.1 <6.0.0 ,https://github.com/express-validator/express-validator/commit/3425295ac42e717ec09095e3c2c657a214679c4b
Cross-site Scripting (XSS),verdaccio,https://security.snyk.io/vuln/SNYK-JS-VERDACCIO-174795,,False,<3.12.0 ,n/a
Cross-site Scripting (XSS),verdaccio,https://security.snyk.io/vuln/SNYK-JS-VERDACCIO-174794,CVE-2019-14772,False,<3.12.0 ,n/a
Prototype Pollution,lutils-merge,https://security.snyk.io/vuln/SNYK-JS-LUTILSMERGE-174783,,False,* ,n/a
Malicious Package,destroyer-of-worlds,https://security.snyk.io/vuln/SNYK-JS-DESTROYEROFWORLDS-174777,,False,>=1.0.0 <=1.0.1 ,n/a
Malicious Package,donotinstallthis,https://security.snyk.io/vuln/SNYK-JS-DONOTINSTALLTHIS-174740,,False,* ,n/a
Directory Traversal,algo-httpserv,https://security.snyk.io/vuln/SNYK-JS-ALGOHTTPSERV-174741,,False,<1.1.2 ,https://github.com/AlgoRythm-Dylan/httpserv/commit/bcfe9d4316c2b59aab3a64a38905376026888735
Prototype Pollution,smart-extend,https://security.snyk.io/vuln/SNYK-JS-SMARTEXTEND-174739,,False,* ,n/a
Directory Traversal,serve,https://security.snyk.io/vuln/SNYK-JS-SERVE-174738,,False,<11.0.0 ,https://github.com/zeit/serve/commit/639588686a87024533c18f367cf12ae8854a3d0c
Regular Expression Denial of Service (ReDoS),useragent,https://security.snyk.io/vuln/SNYK-JS-USERAGENT-174737,,False,* ,https://github.com/3rd-Eden/useragent/commit/187c17255028bd30d82e3af108846ce73a8197fb
Arbitrary File Overwrite,fstream,https://security.snyk.io/vuln/SNYK-JS-FSTREAM-174725,CVE-2019-13173,False,<1.0.12 ,https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22
Cross-site Scripting (XSS),bootbox,https://security.snyk.io/vuln/SNYK-JS-BOOTBOX-174704,,False,* ,n/a
Cross-site Scripting (XSS),fomantic-ui,https://security.snyk.io/vuln/SNYK-JS-FOMANTICUI-174700,,False,<2.7.0 ,n/a
Cross-site Scripting (XSS),semantic-ui-search,https://security.snyk.io/vuln/SNYK-JS-SEMANTICUISEARCH-174701,,False,* ,n/a
Cross-site Scripting (XSS),semantic-ui,https://security.snyk.io/vuln/SNYK-JS-SEMANTICUI-174699,,False,* ,n/a
Malicious Package,discord_debug_log,https://security.snyk.io/vuln/SNYK-JS-DISCORDDEBUGLOG-174693,,False,* ,n/a
Malicious Package,carloprojectlesang,https://security.snyk.io/vuln/SNYK-JS-CARLOPROJECTLESANG-174645,,False,* ,n/a
Malicious Package,carloprojectdiscord,https://security.snyk.io/vuln/SNYK-JS-CARLOPROJECTDISCORD-174694,,False,* ,n/a
Remote Code Execution (RCE),pi_video_recording,https://security.snyk.io/vuln/SNYK-JS-PIVIDEORECORDING-174696,,False,* ,n/a
Cross-site Scripting (XSS),mermaid,https://security.snyk.io/vuln/SNYK-JS-MERMAID-174698,,False,<8.2.3 ,https://github.com/knsv/mermaid/commit/c33533082c598a0dcd4874e4a7a3365a855950ea
Malicious Package,calk,https://security.snyk.io/vuln/SNYK-JS-CALK-174674,,False,* ,n/a
Malicious Package,saync,https://security.snyk.io/vuln/SNYK-JS-SAYNC-174832,,False,* ,n/a
Malicious Package,aasync,https://security.snyk.io/vuln/SNYK-JS-AASYNC-174686,,False,* ,n/a
Malicious Package,aysnc,https://security.snyk.io/vuln/SNYK-JS-AYSNC-174682,,False,* ,n/a
Malicious Package,requets,https://security.snyk.io/vuln/SNYK-JS-REQUETS-174668,,False,* ,n/a
Malicious Package,wepack-cli,https://security.snyk.io/vuln/SNYK-JS-WEPACKCLI-174691,,False,* ,n/a
Malicious Package,requestt,https://security.snyk.io/vuln/SNYK-JS-REQUESTT-174673,,False,* ,n/a
Malicious Package,requesst,https://security.snyk.io/vuln/SNYK-JS-REQUESST-174672,,False,* ,n/a
Malicious Package,eact,https://security.snyk.io/vuln/SNYK-JS-EACT-174677,,False,* ,n/a
Malicious Package,requeest,https://security.snyk.io/vuln/SNYK-JS-REQUEEST-174671,,False,* ,n/a
Malicious Package,commnader,https://security.snyk.io/vuln/SNYK-JS-COMMNADER-174680,,False,* ,n/a
Malicious Package,reques,https://security.snyk.io/vuln/SNYK-JS-REQUES-174665,,False,* ,n/a
Malicious Package,chak,https://security.snyk.io/vuln/SNYK-JS-CHAK-174676,,False,* ,n/a
Malicious Package,jajajejejiji,https://security.snyk.io/vuln/SNYK-JS-JAJAJEJEJIJI-174692,,False,* ,n/a
Malicious Package,requset,https://security.snyk.io/vuln/SNYK-JS-REQUSET-174669,,False,* ,n/a
Malicious Package,momen,https://security.snyk.io/vuln/SNYK-JS-MOMEN-174681,,False,* ,n/a
Malicious Package,4equest,https://security.snyk.io/vuln/SNYK-JS-4EQUEST-174675,,False,* ,n/a
Malicious Package,requst,https://security.snyk.io/vuln/SNYK-JS-REQUST-174664,,False,* ,n/a
Malicious Package,exprss,https://security.snyk.io/vuln/SNYK-JS-EXPRSS-174679,,False,* ,n/a
Malicious Package,requuest,https://security.snyk.io/vuln/SNYK-JS-REQUUEST-174660,,False,* ,n/a
Malicious Package,reqquest,https://security.snyk.io/vuln/SNYK-JS-REQQUEST-174661,,False,* ,n/a
Malicious Package,reequest,https://security.snyk.io/vuln/SNYK-JS-REEQUEST-174659,,False,* ,n/a
Malicious Package,reuest,https://security.snyk.io/vuln/SNYK-JS-REUEST-174666,,False,* ,n/a
Malicious Package,asinc,https://security.snyk.io/vuln/SNYK-JS-ASINC-174690,,False,* ,n/a
Malicious Package,asnc,https://security.snyk.io/vuln/SNYK-JS-ASNC-174685,,False,* ,n/a
Malicious Package,rrequest,https://security.snyk.io/vuln/SNYK-JS-RREQUEST-174662,,False,* ,n/a
Malicious Package,reqest,https://security.snyk.io/vuln/SNYK-JS-REQEST-174831,,False,* ,n/a
Malicious Package,rqeuest,https://security.snyk.io/vuln/SNYK-JS-RQEUEST-174670,,False,* ,n/a
Malicious Package,asnyc,https://security.snyk.io/vuln/SNYK-JS-ASNYC-174683,,False,* ,n/a
Malicious Package,experss,https://security.snyk.io/vuln/SNYK-JS-EXPERSS-174678,,False,* ,n/a
Malicious Package,asycn,https://security.snyk.io/vuln/SNYK-JS-ASYCN-174684,,False,* ,n/a
Malicious Package,asymc,https://security.snyk.io/vuln/SNYK-JS-ASYMC-174689,,False,* ,n/a
Malicious Package,asynnc,https://security.snyk.io/vuln/SNYK-JS-ASYNNC-174688,,False,* ,n/a
Malicious Package,asyync,https://security.snyk.io/vuln/SNYK-JS-ASYYNC-174687,,False,* ,n/a
Malicious Package,erquest,https://security.snyk.io/vuln/SNYK-JS-ERQUEST-174646,,False,* ,n/a
Malicious Package,equest,https://security.snyk.io/vuln/SNYK-JS-EQUEST-174667,,False,* ,n/a
Malicious Package,requet,https://security.snyk.io/vuln/SNYK-JS-REQUET-174663,,False,* ,n/a
Cross-site Scripting (XSS),angular-froala,https://security.snyk.io/vuln/SNYK-JS-ANGULARFROALA-174640,,False,* ,n/a
Cross-site Scripting (XSS),simditor,https://security.snyk.io/vuln/SNYK-JS-SIMDITOR-174638,CVE-2018-19048,False,<2.3.22 ,https://github.com/mycolorway/simditor/commit/ef01a643cbb7f8163535d6bfb71135f80ec6a6fd
Cross-site Scripting (XSS),remarkable,https://security.snyk.io/vuln/SNYK-JS-REMARKABLE-174641,CVE-2019-12043,False,>=1.6.0 <1.7.2 ,n/a
Regular Expression Denial of Service (ReDoS),remarkable,https://security.snyk.io/vuln/SNYK-JS-REMARKABLE-174639,CVE-2019-12041,False,>=1.0.0 <1.7.3 ,https://github.com/jonschlinkert/remarkable/pull/335/commits/b8bb2c0987f06d2b34e882159249f1538c6dc380
Cross-site Scripting (XSS),x-editable,https://security.snyk.io/vuln/SNYK-JS-XEDITABLE-174636,,False,* ,n/a
Cross-site Scripting (XSS),markdown-to-jsx,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-174624,,False,<6.10.0 ,https://github.com/probablyup/markdown-to-jsx/commit/dab7b5d7bc82c829920cc74a9f959c7750725b00
Insecure Default Configuration,@graphql-codegen/cli,https://security.snyk.io/vuln/SNYK-JS-GRAPHQLCODEGENCLI-174615,,False,<1.2.0 ,https://github.com/dotansimha/graphql-code-generator/commit/8b0bc1ea8408badb845696e35df85c6a84a4563a
Insecure Default Configuration,graphql-code-generator,https://security.snyk.io/vuln/SNYK-JS-GRAPHQLCODEGENERATOR-174594,,False,<1.1.0 ,https://github.com/dotansimha/graphql-code-generator/commit/8b0bc1ea8408badb845696e35df85c6a84a4563a
Cross-site Scripting (XSS),jquery-mobile,https://security.snyk.io/vuln/SNYK-JS-JQUERYMOBILE-174599,,False,<=1.5.0-alpha.1 ,https://github.com/jquery/jquery-mobile/commit/b0d9cc758a48f13321750d7409fb7655dcdf2b50
Cross-site Scripting (XSS),pupa,https://security.snyk.io/vuln/SNYK-JS-PUPA-174563,,False,<2.0.0 ,https://github.com/sindresorhus/pupa/commit/5c8c3bcd743e6b61adeab61caac94cbd0f74a1e2
Arbitrary File Overwrite,tar-fs,https://security.snyk.io/vuln/SNYK-JS-TARFS-174556,CVE-2018-20835,False,<1.16.2 ,https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2
Open Redirect,ecstatic,https://security.snyk.io/vuln/SNYK-JS-ECSTATIC-174543,,False,<2.2.2 >=3.0.0 <3.3.2 >=4.0.0 <4.1.2 ,https://github.com/jfhbrook/node-ecstatic/commit/be6fc25a826f190b67f4d16158f9d67899e38ee4
Cross-site Scripting (XSS),wangeditor,https://security.snyk.io/vuln/SNYK-JS-WANGEDITOR-174536,,False,>=3.0.0 <4.0.6 ,n/a
Insecure Credential Storage,web3,https://security.snyk.io/vuln/SNYK-JS-WEB3-174533,,False,* ,n/a
Buffer Over-read,mqtt-packet,https://security.snyk.io/vuln/SNYK-JS-MQTTPACKET-174531,CVE-2019-5432,False,<3.5.1 >=4.0.0 <4.1.3 >=5.0.0 <5.6.1 >=6.0.0 <6.1.2 ,n/a
Signature Verification Bypass,jwt-simple,https://security.snyk.io/vuln/SNYK-JS-JWTSIMPLE-174523,,False,<0.5.3 ,https://github.com/hokaccha/node-jwt-simple/commit/ead36e1d687645da9c3be8befdaaef622ea33106
Cross-site Scripting (XSS),google-closure-library,https://security.snyk.io/vuln/SNYK-JS-GOOGLECLOSURELIBRARY-174519,,False,>=20190121.0.0 <20190301.0.0 ,https://github.com/google/closure-library/commit/16201e8c00b98aa4d46a2c6830006ed4608532f4#diff-1c4efe3483d9d435a96462ea24811bb7
Denial of Service (DoS),axios,https://security.snyk.io/vuln/SNYK-JS-AXIOS-174505,CVE-2019-10742,True,<0.18.1 ,n/a
HTML Injection,awesomplete,https://security.snyk.io/vuln/SNYK-JS-AWESOMPLETE-174474,,True,* ,n/a
Deserialization of Untrusted Data,preact,https://security.snyk.io/vuln/SNYK-JS-PREACT-174475,,False,>=10.0.0-alpha.0 <10.0.0-beta.1 ,n/a
Cross-site Scripting (XSS),md-data-table,https://security.snyk.io/vuln/SNYK-JS-MDDATATABLE-174460,,False,* ,n/a
Rate Limiting Bypass,express-brute,https://security.snyk.io/vuln/SNYK-JS-EXPRESSBRUTE-174457,,False,* ,n/a
Cross-site Scripting (XSS),@ionic/core,https://security.snyk.io/vuln/SNYK-JS-IONICCORE-575446,,False,<4.0.3 >=4.1.0 <4.1.3 >=4.2.0 <4.2.1 >=4.3.0 <4.3.1 ,https://github.com/ionic-team/ionic/commit/d12757f9759f3250fc4e98986ada7948459d21b9
Unauthorized File Access,harp,https://security.snyk.io/vuln/SNYK-JS-HARP-174346,CVE-2019-5438,False,<0.40.3 ,https://github.com/sintaxi/harp/commit/51cfb247e25fae4abc845429f5c40d2f6a6e3dd4
Insufficient Validation,redbird,https://security.snyk.io/vuln/SNYK-JS-REDBIRD-174455,,False,<0.9.1 ,https://github.com/OptimalBits/redbird/commit/39c7a2da84a2ddddfe046ea80e98800518920516
Timing Attack,express-basic-auth,https://security.snyk.io/vuln/SNYK-JS-EXPRESSBASICAUTH-174345,,False,<1.1.7 ,https://github.com/LionC/express-basic-auth/commit/00bb29fdd638f5cda8025d4398be97d528ce3f6f
Cross-site Scripting (XSS),shave,https://security.snyk.io/vuln/SNYK-JS-SHAVE-174318,CVE-2019-12313,True,<2.5.3 ,https://github.com/dollarshaveclub/shave/commit/1876911e423c00fdda643ef724d956b3d324d5c2
Cross-site Scripting (XSS),ngx-bootstrap,https://security.snyk.io/vuln/SNYK-JS-NGXBOOTSTRAP-174319,,False,* ,n/a
Sensitive Data Exposure,sequelize-cli,https://security.snyk.io/vuln/SNYK-JS-SEQUELIZECLI-174320,,False,<5.5.0 ,https://github.com/sequelize/cli/commit/cd57b402ff998764948f571901896b6285e375ea
Cross-site Scripting (XSS),webpack-bundle-analyzer,https://security.snyk.io/vuln/SNYK-JS-WEBPACKBUNDLEANALYZER-174190,,False,<3.3.2 ,https://github.com/webpack-contrib/webpack-bundle-analyzer/commit/3ce1b8c3533fb479155a9cdd6a3338b834fde7d6
CSV Injection,mui-datatables,https://security.snyk.io/vuln/SNYK-JS-MUIDATATABLES-174185,,True,<2.14.0 ,n/a
Prototype Pollution,handlebars,https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-174183,,False,>=3.0.0 <3.0.7 >=4.1.0 <4.1.2 >=4.0.0 <4.0.14 ,https://github.com/wycats/handlebars.js/commit/cd38583216dce3252831916323202749431c773e
Cross-site Scripting (XSS),@nuxt/devalue,https://security.snyk.io/vuln/SNYK-JS-NUXTDEVALUE-174322,CVE-2019-13506,True,<1.2.3 ,https://github.com/Rich-Harris/devalue/commits?author=pi0
Cross-site Scripting (XSS),devalue,https://security.snyk.io/vuln/SNYK-JS-DEVALUE-174176,CVE-2019-13506,True,<1.1.1 ,https://github.com/Rich-Harris/devalue/commits?author=pi0
Cross-site Scripting (XSS),@nuxtjs/devalue,https://security.snyk.io/vuln/SNYK-JS-NUXTJSDEVALUE-174325,CVE-2019-13506,True,<1.2.3 ,https://github.com/Rich-Harris/devalue/commits?author=pi0
SQL Injection,sequelize,https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-174167,CVE-2019-11069,False,>=5.0.0 <5.3.0 ,n/a
Information Exposure,harp,https://security.snyk.io/vuln/SNYK-JS-HARP-174149,CVE-2019-5437,False,<0.40.2 ,https://github.com/sintaxi/harp/commit/1ec790baeeb2bfdb4584f1998af3d10a8fa31210
Cross-site Scripting (XSS),materialize-css,https://security.snyk.io/vuln/SNYK-JS-MATERIALIZECSS-174148,CVE-2019-11002,True,* ,n/a
Cross-site Scripting (XSS),materialize-css,https://security.snyk.io/vuln/SNYK-JS-MATERIALIZECSS-174144,CVE-2019-11003,True,* ,n/a
Arbitrary Code Execution,typed-function,https://security.snyk.io/vuln/SNYK-JS-TYPEDFUNCTION-174139,CVE-2017-1001004,False,<0.10.6 ,https://github.com/josdejong/typed-function/commit/6478ef4f2c3f3c2d9f2c820e2db4b4ba3425e6fe
Arbitrary Code Execution,js-yaml,https://security.snyk.io/vuln/SNYK-JS-JSYAML-174129,,False,<3.13.1 ,https://github.com/nodeca/js-yaml/pull/480/commits/e18afbf1edcafb7add2c4c7b22abc8d6ebc2fa61
Cross-site Scripting (XSS),express-cart,https://security.snyk.io/vuln/SNYK-JS-EXPRESSCART-174131,CVE-2021-32573,False,* ,n/a
Information Exposure,serve-handler,https://security.snyk.io/vuln/SNYK-JS-SERVEHANDLER-450208,,False,<5.0.8 ,n/a
Prototype Pollution,upmerge,https://security.snyk.io/vuln/SNYK-JS-UPMERGE-174133,,False,<0.1.8 ,n/a
Cross-site Scripting (XSS),buttle,https://security.snyk.io/vuln/SNYK-JS-BUTTLE-174128,,False,* ,n/a
Information Exposure,glance,https://security.snyk.io/vuln/SNYK-JS-GLANCE-174130,,False,<3.0.7 ,n/a
Regular Expression Denial of Service (ReDoS),marked,https://security.snyk.io/vuln/SNYK-JS-MARKED-174116,,False,>=0.1.3 <0.6.2 ,https://github.com/markedjs/marked/commit/00f1f7a23916ef27186d0904635aa3509af63d47
Directory Traversal,statics-server,https://security.snyk.io/vuln/SNYK-JS-STATICSSERVER-174119,,False,* ,n/a
Denial of Service (DoS),canvas,https://security.snyk.io/vuln/SNYK-JS-CANVAS-174120,CVE-2020-8215,False,<1.6.10 ,https://github.com/Automattic/node-canvas/commit/c3e4ccb1c404da01e83fe5eb3626bf55f7f55957
Arbitrary File Overwrite,tar,https://security.snyk.io/vuln/SNYK-JS-TAR-174125,CVE-2018-20834,False,<2.2.2 >=3.0.0 <4.4.2 ,https://github.com/npm/node-tar/commit/b0c58433c22f5e7fe8b1c76373f27e3f81dcd4c8
Directory Traversal,servey,https://security.snyk.io/vuln/SNYK-JS-SERVEY-174122,CVE-2020-8214,False,<3.0.0 ,n/a
SQL Injection,typeorm,https://security.snyk.io/vuln/SNYK-JS-TYPEORM-174123,,False,<0.1.15 ,https://github.com/typeorm/typeorm/commit/d46c8b0e6c0db56bb5976a4917e9f67a43715111
Prototype Pollution,dot,https://security.snyk.io/vuln/SNYK-JS-DOT-174124,CVE-2020-8141,False,<1.1.3 ,https://github.com/olado/doT/commit/2cf222683a151027c030b07cb7a57bc1dbcd7482
Hash Injection,sequelize,https://security.snyk.io/vuln/SNYK-JS-SEQUELIZE-174147,,False,<4.12.0 ,https://github.com/sequelize/sequelize/commit/ccb99daedb69e8750a241436415ccac8abef358d
Denial of Service (DoS),js-yaml,https://security.snyk.io/vuln/SNYK-JS-JSYAML-174117,,False,<1.5.0 ,https://github.com/eemeli/yaml/commit/d42b492c4eb4d976881230444d0eb039bf81cee0
Regular Expression Denial of Service (ReDoS),lodash,https://security.snyk.io/vuln/SNYK-JS-LODASH-73639,CVE-2019-1010266,False,<4.17.11 ,https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347
Insecure Default Configuration,tesseract.js,https://security.snyk.io/vuln/SNYK-JS-TESSERACTJS-174085,,False,<1.0.19 ,https://github.com/naptha/tesseract.js/commit/679eba055f2a4271558e86beec3d1b70cae3fb28
Use After Free,electron,https://security.snyk.io/vuln/SNYK-JS-ELECTRON-174045,CVE-2019-5786,False,<2.0.18 >=3.0.0 <3.0.16 >=3.0.0 <3.1.6 >=4.0.0 <4.0.8 ,https://github.com/electron/electron/commit/34c1a534415d0d5e099dc4a42af4d1bfd660d03a
Use After Free,puppeteer,https://security.snyk.io/vuln/SNYK-JS-PUPPETEER-174321,CVE-2019-5786,False,<1.13.0 ,https://github.com/electron/electron/commit/34c1a534415d0d5e099dc4a42af4d1bfd660d03a
Arbitrary Code Injection,open,https://security.snyk.io/vuln/SNYK-JS-OPEN-174041,,False,<6.0.0 ,n/a
Prototype Pollution,jquery,https://security.snyk.io/vuln/SNYK-JS-JQUERY-174006,CVE-2019-5428,False,<3.4.0 ,https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
Arbitrary Command Injection,opencv,https://security.snyk.io/vuln/SNYK-JS-OPENCV-174005,CVE-2019-10061,False,<6.1.0 ,https://github.com/peterbraden/node-opencv/commit/81a4b8620188e89f7e4fc985f3c89b58d4bcc86b
Denial of Service (DoS),js-yaml,https://security.snyk.io/vuln/SNYK-JS-JSYAML-173999,,False,>=3.0.0 <3.13.0 ,https://github.com/nodeca/js-yaml/commit/a567ef3c6e61eb319f0bfc2671d91061afb01235
Directory Traversal,localhost-now,https://security.snyk.io/vuln/SNYK-JS-LOCALHOSTNOW-451471,CVE-2019-5416,False,* ,n/a
Arbitrary Command Injection,kill-port,https://security.snyk.io/vuln/SNYK-JS-KILLPORT-173974,CVE-2019-5414,False,<1.3.2 ,n/a
Cross-site Scripting (XSS),simple-markdown,https://security.snyk.io/vuln/SNYK-JS-SIMPLEMARKDOWN-173788,CVE-2019-9844,False,<0.4.4 ,https://github.com/Khan/simple-markdown/pull/63/commits/a15cddf65215a39f2a31606873b89563db94de1d
Cross-site Scripting (XSS),editor.md,https://security.snyk.io/vuln/SNYK-JS-EDITORMD-173782,CVE-2019-9737,False,* ,n/a
Arbitrary File Write via Archive Extraction (Zip Slip),react-native-code-push,https://security.snyk.io/vuln/SNYK-JS-REACTNATIVECODEPUSH-173775,,False,>=1.7.0 <6.3.0 ,n/a
Arbitrary Code Execution,safer-eval,https://security.snyk.io/vuln/SNYK-JS-SAFEREVAL-173772,CVE-2019-10759,False,<1.3.4 ,n/a
Arbitrary Code Execution,safer-eval,https://security.snyk.io/vuln/SNYK-JS-SAFEREVAL-473029,CVE-2019-10760,False,<1.3.2 ,https://github.com/commenthol/safer-eval/commit/1c29f6a6e304fb650c05056e217e457a0d2cc3c5
Cross-site Scripting (XSS),react-json-pretty,https://security.snyk.io/vuln/SNYK-JS-REACTJSONPRETTY-173779,,False,<2.0.1 ,https://github.com/chenckang/react-json-pretty/commit/66526b92568d5468994a58bbfdc0822e33b7ade5
Cross-site Scripting (XSS),embark,https://security.snyk.io/vuln/SNYK-JS-EMBARK-173742,,False,<4.0.0 ,n/a
Cross-site Scripting (XSS),eslint-plugin-no-unsanitized,https://security.snyk.io/vuln/SNYK-JS-ESLINTPLUGINNOUNSANITIZED-173734,,False,>=3.0.1 <3.0.2 ,https://github.com/mozilla/eslint-plugin-no-unsanitized/commit/d370ace841787e888db385cdbb2217391971b8b9
Timing Attack,safe-compare,https://security.snyk.io/vuln/SNYK-JS-SAFECOMPARE-173780,,False,>=1.0.4 <1.1.4 ,https://github.com/Bruce17/safe-compare/commit/b5be414ba4137a041cf90cceb5c3b40868ac13e4
Cross-site Scripting (XSS),bootstrap-select,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-173741,,True,<1.13.6 ,https://github.com/snapappointments/bootstrap-select/commit/39c0078775a344078e308813ec838b23394a6764
Cross-site Scripting (XSS),summernote,https://security.snyk.io/vuln/SNYK-JS-SUMMERNOTE-173735,,False,<0.8.12 ,https://github.com/summernote/summernote/commit/7a4b5ece2d41302c18aeebefbc00d4079f59a2ab
Content Injection,embark,https://security.snyk.io/vuln/SNYK-JS-EMBARK-173781,,False,<4.0.0 ,https://github.com/embark-framework/embark/commit/5301c9b0327e90e83198487a5cfa0a01d1c88720
Insufficient Entropy,cryptr,https://security.snyk.io/vuln/SNYK-JS-CRYPTR-173731,,True,<6.0.0 ,https://github.com/MauriceButler/cryptr/commit/ce2d1fa7b9e965c5f6fa6f5b7b667ccc1df894ec
Insecure Randomness,reveal.js,https://security.snyk.io/vuln/SNYK-JS-REVEALJS-173730,,False,<4.0.0 ,https://github.com/hakimel/reveal.js/commit/27b70ed0bab93aa05dfb62717042ce22c9a027be
Directory Traversal,total.js,https://security.snyk.io/vuln/SNYK-JS-TOTALJS-173710,CVE-2019-8903,False,>=2.1.0 <2.1.1 >=2.2.0 <2.2.1 >=2.3.0 <2.3.1 >=2.4.0 <2.4.1 >=2.5.0 <2.5.1 >=2.6.0 <2.6.3 >=2.7.0 <2.7.1 >=2.8.0 <2.8.1 >=2.9.0 <2.9.5 >=3.0.0 <3.0.1 >=3.1.0 <3.1.1 >=3.2.0 <3.2.4 ,https://github.com/totaljs/framework/commit/4d7abbcdc34d6d1287338936f418c1eb1bc41201
Improper Access Control,thrift,https://security.snyk.io/vuln/SNYK-JS-THRIFT-173705,CVE-2018-11798,False,>=0.9.2 <0.11.0 ,https://github.com/apache/thrift/commit/2a2b72f6c8aef200ecee4984f011e06052288ff2
Cross-site Scripting (XSS),bootstrap,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAP-173700,CVE-2019-8331,False,<3.4.1 >=4.0.0 <4.3.1 ,https://github.com/twbs/bootstrap/pull/28236/commits/5efa9b531d25927b907e3fa24b818608bc38a2f0
Remote Code Execution (RCE),office-converter,https://security.snyk.io/vuln/SNYK-JS-OFFICECONVERTER-173697,,False,* ,n/a
Arbitrary Code Execution,static-eval,https://security.snyk.io/vuln/SNYK-JS-STATICEVAL-173693,,False,<2.0.2 ,https://github.com/browserify/static-eval/commit/32f8efd072625e267aa7237d2daff35738c50d2a
Prototype Pollution,handlebars,https://security.snyk.io/vuln/SNYK-JS-HANDLEBARS-173692,,False,<4.0.14 >=4.1.0 <4.1.2 ,https://github.com/wycats/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86
Remote Code Execution (RCE),node-os-utils,https://security.snyk.io/vuln/SNYK-JS-NODEOSUTILS-173696,,False,<1.1.0 ,https://github.com/SunilWang/node-os-utils/commit/e0b609072791e135db226f904c73929238341600
Denial of Service (DoS),url-relative,https://security.snyk.io/vuln/SNYK-JS-URLRELATIVE-173691,,False,* ,https://github.com/junosuarez/url-relative/commit/5d622c3292bb626272551a110751b2a93a0e0abe
Denial of Service (DoS),ircdkit,https://security.snyk.io/vuln/SNYK-JS-IRCDKIT-173688,,False,<1.0.4 ,n/a
Information Exposure,pem,https://security.snyk.io/vuln/SNYK-JS-PEM-173687,,False,<1.13.2 ,https://github.com/Dexus/pem/commit/bed1190e4a08692ac903ae6043489f1f76bc67eb
Access Restriction Bypass,browserify-hmr,https://security.snyk.io/vuln/SNYK-JS-BROWSERIFYHMR-173684,CVE-2018-14730,False,<0.4.0 ,https://github.com/Macil/browserify-hmr/commit/cb51c170c5c655ae8ca38bfcfbc421a758f240da
Malicious Package,boogeyman,https://security.snyk.io/vuln/SNYK-JS-BOOGEYMAN-173686,,False,* ,n/a
Improper Key Verification,ipns,https://security.snyk.io/vuln/SNYK-JS-IPNS-173683,,False,>=0.1.1 <0.1.3 ,https://github.com/ipfs/js-ipns/commit/33684e356f1f2fdcd99b2fb85fcc5d52223769a0
Cross-site Scripting (XSS),mobius1-selectr,https://security.snyk.io/vuln/SNYK-JS-MOBIUS1SELECTR-173698,,False,>=2.0.0 <2.4.11 ,https://github.com/Mobius1/Selectr/commit/06ec255da91aeaaf91650298f1111136a1f84b20
Cross-site Scripting (XSS),node-red-dashboard,https://security.snyk.io/vuln/SNYK-JS-NODEREDDASHBOARD-173680,,False,<2.14.0 ,https://github.com/node-red/node-red-dashboard/commit/df710521261751ca7db32eaf46982e5678f5c7fd
Malicious Package,stream-combine,https://security.snyk.io/vuln/SNYK-JS-STREAMCOMBINE-173670,,False,=2.0.2 ,n/a
Cross-site Scripting (XSS),html-pages,https://security.snyk.io/vuln/SNYK-JS-HTMLPAGES-73640,CVE-2018-16481,False,* ,n/a
Prototype Pollution,lodash._basemerge,https://security.snyk.io/vuln/SNYK-JS-LODASHBASEMERGE-450200,CVE-2018-16487,False,* ,https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad
Prototype Pollution,@sailshq/lodash,https://security.snyk.io/vuln/SNYK-JS-SAILSHQLODASH-460131,CVE-2018-16487,False,<3.10.4 ,https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad
Directory Traversal,static-resource-server,https://security.snyk.io/vuln/SNYK-JS-STATICRESOURCESERVER-73643,CVE-2018-16493,False,* ,n/a
Prototype Pollution,node.extend,https://security.snyk.io/vuln/SNYK-JS-NODEEXTEND-73641,CVE-2018-16491,False,<1.1.7 >=2.0.0 <2.0.1 ,n/a
Prototype Pollution,lodash.mergewith,https://security.snyk.io/vuln/SNYK-JS-LODASHMERGEWITH-174136,CVE-2018-16487,False,<4.6.2 ,https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad
Prototype Pollution,lodash,https://security.snyk.io/vuln/SNYK-JS-LODASH-73638,CVE-2018-16487,False,<4.17.11 ,https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad
Prototype Pollution,lodash.merge,https://security.snyk.io/vuln/SNYK-JS-LODASHMERGE-173732,CVE-2018-16487,False,<4.6.2 ,https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad
Prototype Pollution,lodash.defaultsdeep,https://security.snyk.io/vuln/SNYK-JS-LODASHDEFAULTSDEEP-450199,CVE-2018-16487,False,<4.6.1 ,https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad
Prototype Poisoning,@hapi/statehood,https://security.snyk.io/vuln/SNYK-JS-HAPISTATEHOOD-541184,,False,>=6.0.0 <6.0.9 <5.0.4 ,https://github.com/hapijs/statehood/commit/582000f83cf0f4d71b6dff72c689fb4629e5e945
Prototype Poisoning,@hapi/subtext,https://security.snyk.io/vuln/SNYK-JS-HAPISUBTEXT-541186,,False,>=6.0.0 <6.0.12 <5.0.1 ,https://github.com/hapijs/statehood/commit/582000f83cf0f4d71b6dff72c689fb4629e5e945
Prototype Poisoning,@hapi/wreck,https://security.snyk.io/vuln/SNYK-JS-HAPIWRECK-541185,,False,<14.1.4 ,https://github.com/hapijs/statehood/commit/582000f83cf0f4d71b6dff72c689fb4629e5e945
Regular Expression Denial of Service (ReDoS),marked,https://security.snyk.io/vuln/SNYK-JS-MARKED-73637,,False,>=0.5.0 <0.6.1 ,https://github.com/markedjs/marked/pull/1305/commits/9c976cda1ce80e45901290c51c57e40a7ea31266
Regular Expression Denial of Service (ReDoS),remove-markdown,https://security.snyk.io/vuln/SNYK-JS-REMOVEMARKDOWN-73635,,False,* ,n/a
Cross-site Scripting (XSS),angucomplete-alt,https://security.snyk.io/vuln/SNYK-JS-ANGUCOMPLETEALT-73622,,False,* ,https://github.com/ghiden/angucomplete-alt/pull/525/commits/f814c417a31cfc44605c57e28fa88ebcd6317938
Arbitrary File Write via Archive Extraction (Zip Slip),bower,https://security.snyk.io/vuln/SNYK-JS-BOWER-73627,CVE-2019-5484,False,<1.8.8 ,https://github.com/bower/bower/commit/45c6bfa86f6e57731b153baca9e0b41a1cc699e3
Arbitrary File Write via Archive Extraction (Zip Slip),decompress-zip,https://security.snyk.io/vuln/SNYK-JS-DECOMPRESSZIP-73598,,False,<0.2.2 >=0.3.0 <0.3.2 ,https://github.com/bower/decompress-zip/pull/63/commits/9a908bd30ec9d9b2009110691cfcbe2b96f07c95
Cross-site Scripting (XSS),jquery.terminal,https://security.snyk.io/vuln/SNYK-JS-JQUERYTERMINAL-73557,,False,<1.21.0 ,https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211
Server-Side Request Forgery (SSRF),terriajs-server,https://security.snyk.io/vuln/SNYK-JS-TERRIAJSSERVER-73556,,False,<2.7.4 ,https://github.com/TerriaJS/terriajs-server/commit/3cbc48475f50a53962f605491d0e60648a29bdf0
Cross-site Scripting (XSS),bootstrap-vue,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPVUE-73558,,False,<2.0.0-rc.12 ,https://github.com/bootstrap-vue/bootstrap-vue/commit/3c6ba3e44de425120990f671436a7b163742b5cb
SQL Injection,loopback-connector-mongodb,https://security.snyk.io/vuln/SNYK-JS-LOOPBACKCONNECTORMONGODB-73555,,False,<3.6.0 ,https://github.com/strongloop/loopback-connector-mongodb/pull/452/commits/ee24cd08b8ccc32711264831c71b1da628df357b
Improper Authorization,loopback,https://security.snyk.io/vuln/SNYK-JS-LOOPBACK-73559,,False,>=2.0.0 <2.40.0 >=3.0.0 <3.22.0 ,https://github.com/strongloop/loopback/commit/aaa1381964b15f5716f8a7d911a144303e274cc4
Directory Traversal,http-live-simulator,https://security.snyk.io/vuln/SNYK-JS-HTTPLIVESIMULATOR-73554,CVE-2018-16479,False,<1.0.7 ,n/a
Malicious Package,portionfatty12,https://security.snyk.io/vuln/SNYK-JS-PORTIONFATTY12-73508,,False,* ,n/a
Malicious Package,rrgod,https://security.snyk.io/vuln/SNYK-JS-RRGOD-73507,,False,* ,n/a
Remote Code Execution,xterm,https://security.snyk.io/vuln/SNYK-JS-XTERM-73496,CVE-2019-0542,False,>=3.8.0 <3.8.1 >=3.9.0 <3.9.2 >=3.10.0 <3.10.1 ,https://github.com/xtermjs/xterm.js/commit/f3bfcc368c287a04c660f58aac6eca8d966fb60c
Denial of Service (DoS),autolinker,https://security.snyk.io/vuln/SNYK-JS-AUTOLINKER-73494,,False,<3.0.0 ,n/a
Denial of Service (DoS),markdown-it-toc-and-anchor,https://security.snyk.io/vuln/SNYK-JS-MARKDOWNITTOCANDANCHOR-73500,,False,<4.2.0 ,https://github.com/medfreeman/markdown-it-toc-and-anchor/commit/1e55cc1f2985edb464a3377340e99f0cfeca776b
Directory Traversal,cordova-plugin-ionic-webview,https://security.snyk.io/vuln/SNYK-JS-CORDOVAPLUGINIONICWEBVIEW-72900,CVE-2018-16202,False,<2.2.0 ,n/a
Information Exposure,rails-session-decoder,https://security.snyk.io/vuln/SNYK-JS-RAILSSESSIONDECODER-73497,,False,<1.1.0 ,https://github.com/smirzaei/rails-session-decoder/commit/be3f70bfa8e88740f548cd96b8627ad886e61667
Malicious Package,text-qrcode,https://security.snyk.io/vuln/SNYK-JS-TEXTQRCODE-73501,,False,* ,n/a
Cross-site Scripting (XSS),jingo,https://security.snyk.io/vuln/SNYK-JS-JINGO-73499,,False,<1.9.2 ,n/a
Cryptographic Backdoor,generate-password,https://security.snyk.io/vuln/SNYK-JS-GENERATEPASSWORD-73498,,False,<1.4.1 ,https://github.com/brendanashworth/generate-password/pull/26/commits/5fc716a6a3ed67019e9e923eb22081c3775407fb
Cross-site Scripting (XSS),bootstrap,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889,CVE-2018-20676,False,<3.4.0 ,n/a
Cross-site Scripting (XSS),bootstrap-sass,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPSASS-598782,CVE-2018-20676,False,<3.4.0 ,n/a
Cross-site Scripting (XSS),bootstrap-sass,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPSASS-598777,CVE-2018-20677,False,<3.4.0 ,https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
Cross-site Scripting (XSS),bootstrap,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890,CVE-2018-20677,False,<3.4.0 ,https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
Malicious Package,commander-js,https://security.snyk.io/vuln/SNYK-JS-COMMANDERJS-73506,,False,* ,n/a
Cross-site Scripting (XSS),qunit,https://security.snyk.io/vuln/SNYK-JS-QUNIT-72879,,False,<2.9.0 ,https://github.com/qunitjs/qunit/commit/b54e73272e741bbc33e19a153c50cf9b739012b7
Regular Expression Denial of Service (ReDoS),esm,https://security.snyk.io/vuln/SNYK-JS-ESM-72880,,False,<3.1.0 ,https://github.com/standard-things/esm/commit/c41e001d81a5a52b0d2d1722b1c2af04d997c05b
Cross-site Scripting (XSS),ids-enterprise,https://security.snyk.io/vuln/SNYK-JS-IDSENTERPRISE-73628,,False,<4.15.0 ,https://github.com/infor-design/enterprise/pull/1557/commits/0348119e8a5f1a3f340c9f72456802d6ddad3e91
Arbitrary Code Execution,nuclide,https://security.snyk.io/vuln/SNYK-JS-NUCLIDE-72876,CVE-2018-6333,False,<0.290.0 ,https://github.com/facebook/nuclide/commit/65f6bbd683404be1bb569b8d1be84b5d4c74a324
Arbitrary Code Execution,react-dev-utils,https://security.snyk.io/vuln/SNYK-JS-REACTDEVUTILS-72875,CVE-2018-6342,False,>=1.0.0 <1.0.4 >=2.0.0 <2.0.2 >=3.0.0 <3.1.2 >=4.0.0 <4.2.2 >=5.0.0 <5.0.2 ,https://github.com/facebook/create-react-app/pull/4866/commits/4165185c3ad44ea80c6e35a8e4e4857a31327bdd
Cross-site Scripting (XSS),buefy,https://security.snyk.io/vuln/SNYK-JS-BUEFY-72871,,False,<0.7.2 ,https://github.com/buefy/buefy/commit/1b1516bda783ef929485fb2b0d5c67f47c97105c
Regular Expression Denial of Service (ReDoS),uap-core,https://security.snyk.io/vuln/SNYK-JS-UAPCORE-72743,CVE-2018-20164,False,<0.6.0 ,https://github.com/ua-parser/uap-core/commit/156f7e12b215bddbaf3df4514c399d683e6cdadc
Remote Code Execution (RCE),pomelo-monitor,https://security.snyk.io/vuln/SNYK-JS-POMELOMONITOR-173695,CVE-2020-7620,True,* ,https://github.com/halfblood369/monitor/pull/2/commits/ea34c7333acb622ab760eafeab81863c2bad94a3
Cross-site Scripting (XSS),rendertron-middleware,https://security.snyk.io/vuln/SNYK-JS-RENDERTRONMIDDLEWARE-72698,CVE-2017-18352,False,<0.1.3 ,https://github.com/GoogleChrome/rendertron/commit/324ac99732c943d7b16aead2fceaa8b31a458eaa
Denial of Service (DoS),rendertron-middleware,https://security.snyk.io/vuln/SNYK-JS-RENDERTRONMIDDLEWARE-72699,CVE-2017-18353,False,<0.1.3 ,https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e
Information Exposure,rendertron-middleware,https://security.snyk.io/vuln/SNYK-JS-RENDERTRONMIDDLEWARE-72700,CVE-2017-18355,False,<0.1.3 ,https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e
Arbitrary File Read,rendertron-middleware,https://security.snyk.io/vuln/SNYK-JS-RENDERTRONMIDDLEWARE-72701,CVE-2017-18354,False,<0.1.3 ,https://github.com/GoogleChrome/rendertron/commit/8d70628c96ae72eff6eebb451d26fc9ed6b58b0e
Denial of Service (DoS),just-extend,https://security.snyk.io/vuln/SNYK-JS-JUSTEXTEND-72674,CVE-2018-16489,False,<4.0.0 ,n/a
Prototype Pollution,mpath,https://security.snyk.io/vuln/SNYK-JS-MPATH-72672,CVE-2018-16490,False,>=0.3.0 <0.5.1 ,https://github.com/aheckmann/mpath/commit/fe732eb05adebe29d1d741bdf3981afbae8ea94d
Prototype Pollution,mergify,https://security.snyk.io/vuln/SNYK-JS-MERGIFY-72673,,False,* ,n/a
Directory Traversal,simplehttpserver,https://security.snyk.io/vuln/SNYK-JS-SIMPLEHTTPSERVER-72649,CVE-2018-16478,False,* ,n/a
Malicious Package,event-stream,https://security.snyk.io/vuln/SNYK-JS-EVENTSTREAM-72638,,False,=3.3.6 ,n/a
Malicious Package,flatmap-stream,https://security.snyk.io/vuln/SNYK-JS-FLATMAPSTREAM-72637,,False,* ,n/a
Privilege Escalation,auth0-js,https://security.snyk.io/vuln/SNYK-JS-AUTH0JS-72626,CVE-2018-6873,False,<8.0.0 ,https://github.com/auth0/auth0.js/commit/c9c5bd414324fbab071aaa29dcc11af4ca73181b
Arbitrary Command Execution,kibana,https://security.snyk.io/vuln/SNYK-JS-KIBANA-72628,CVE-2018-17246,False,<5.3.13 >=6.4.0 <6.4.3 ,https://github.com/elastic/kibana/commit/51aff7d3c49724fcbaba4353dff0cd7c3be799b0
Arbitrary Code Execution,jquery-file-upload,https://security.snyk.io/vuln/SNYK-JS-JQUERYFILEUPLOAD-72622,CVE-2018-9207,False,* ,n/a
HTML Injection,valine,https://security.snyk.io/vuln/SNYK-JS-VALINE-72627,CVE-2018-19289,False,<1.3.4 ,https://github.com/xCss/Valine/commit/32d4d5e68df804f0eabb1a2bebbbf9459e31c2b7
Cross-site Scripting (XSS),inline-source,https://security.snyk.io/vuln/SNYK-JS-INLINESOURCE-72623,,False,<6.1.7 ,https://github.com/popeindustries/inline-source/commit/39e0fbaf6e2d2bd08c1835ecb452b02611a10aa7
Cross-site Scripting (XSS),ckeditor,https://security.snyk.io/vuln/SNYK-JS-CKEDITOR-72618,CVE-2018-17960,False,>=4.0.0 <4.11.0 ,n/a
Cross-site Scripting (XSS),serve-handler,https://security.snyk.io/vuln/SNYK-JS-SERVEHANDLER-72615,,False,<5.0.3 ,https://github.com/zeit/serve-handler/commit/65b4d4183a31a8076c78c40118acb0ca1b64f620
Improper Verification of Signature,samlify,https://security.snyk.io/vuln/SNYK-JS-SAMLIFY-72614,,False,<2.4.0 ,https://github.com/tngan/samlify/pull/211/commits/31a19a73c031d35ebcc7c8e4186711fb7df8ffed
Arbitrary Code Injection,morgan,https://security.snyk.io/vuln/SNYK-JS-MORGAN-72579,CVE-2019-5413,False,<1.9.1 ,https://github.com/expressjs/morgan/commit/e329663836809de4be557b200a5b983ab8b4e6c2
Cross-site Scripting (XSS),simplemde,https://security.snyk.io/vuln/SNYK-JS-SIMPLEMDE-72570,CVE-2018-19057,False,* ,n/a
Cross-site Scripting (XSS),editor.md,https://security.snyk.io/vuln/SNYK-JS-EDITORMD-72571,CVE-2018-19056,False,* ,n/a
Prototype Pollution,cached-path-relative,https://security.snyk.io/vuln/SNYK-JS-CACHEDPATHRELATIVE-72573,CVE-2018-16472,False,<1.0.2 ,https://github.com/ashaffer/cached-path-relative/commit/a43cffec84ed0e9eceecb43b534b6937a8028fc0
Directory Traversal,takeapeek,https://security.snyk.io/vuln/SNYK-JS-TAKEAPEEK-72572,CVE-2018-16473,False,* ,n/a
Cross-site Scripting (XSS),tianma-static,https://security.snyk.io/vuln/SNYK-JS-TIANMASTATIC-72574,CVE-2018-16474,False,* ,n/a
Directory Traversal,knightjs,https://security.snyk.io/vuln/SNYK-JS-KNIGHTJS-72575,CVE-2018-16475,False,* ,n/a
Directory Traversal,kindeditor,https://security.snyk.io/vuln/SNYK-JS-KINDEDITOR-72563,CVE-2018-18950,False,* ,n/a
Prototype  Pollution,merge,https://security.snyk.io/vuln/SNYK-JS-MERGE-72553,CVE-2018-16469,False,<1.2.1 ,https://github.com/yeikos/js.merge/commit/6ad6035b901b3d680beac82de39ca83a93885246
Arbitrary Command Injection,libnmap,https://security.snyk.io/vuln/SNYK-JS-LIBNMAP-72551,CVE-2018-16461,False,<0.4.16 ,https://github.com/jas-/node-libnmap/commit/c235b24b0342e12a5dbf502f89daabe95883b6c8
Arbitrary Command Injection,apex-publish-static-files,https://security.snyk.io/vuln/SNYK-JS-APEXPUBLISHSTATICFILES-72552,CVE-2018-16462,False,<2.0.1 ,https://github.com/vincentmorneau/apex-publish-static-files/commit/2209af8f2b65c24aa55ab757e0e05b958c16f063
Denial of Service (DoS),apollo-upload-server,https://security.snyk.io/vuln/SNYK-JS-APOLLOUPLOADSERVER-72544,,False,<7.0.0 ,https://github.com/jaydenseric/graphql-upload/commit/c7567eaead04f14a100db772ba8c384f5eab4a89
Denial of Service (DoS),graphql-upload,https://security.snyk.io/vuln/SNYK-JS-GRAPHQLUPLOAD-72543,,False,<7.0.0 ,https://github.com/jaydenseric/graphql-upload/commit/c7567eaead04f14a100db772ba8c384f5eab4a89
Denial of Service (DoS),apollo-upload-server,https://security.snyk.io/vuln/SNYK-JS-APOLLOUPLOADSERVER-72542,,False,<7.0.0 ,https://github.com/jaydenseric/graphql-upload/commit/d933887a5439c19509fb6b224d46d831b3b6cbd9
Denial of Service (DoS),graphql-upload,https://security.snyk.io/vuln/SNYK-JS-GRAPHQLUPLOAD-72541,,False,<7.0.0 ,https://github.com/jaydenseric/graphql-upload/commit/d933887a5439c19509fb6b224d46d831b3b6cbd9
Arbitrary Code Injection,jstree,https://security.snyk.io/vuln/SNYK-JS-JSTREE-72490,,False,<3.3.7 ,https://github.com/vakata/jstree/commit/2a08acf1f95e1a156ebb7a5408f1b9470940fe3a
Cross-site Scripting (XSS),next,https://security.snyk.io/vuln/SNYK-JS-NEXT-72454,CVE-2018-18282,False,>=7.0.0 <7.0.2 ,n/a
Directory Traversal,http-live-simulator,https://security.snyk.io/vuln/SNYK-JS-HTTPLIVESIMULATOR-72456,CVE-2019-5423,False,<1.0.6 ,https://github.com/prahladyeri/http-live-simulator/commit/8e85a1be562248d0d616c0e5092a3d71bbf5fe5f
Arbitrary Code Execution,blueimp-file-upload,https://security.snyk.io/vuln/SNYK-JS-BLUEIMPFILEUPLOAD-72453,CVE-2018-9206,False,<9.22.1 ,https://github.com/blueimp/jQuery-File-Upload/commit/aeb47e51c67df8a504b7726595576c1c66b5dc2f
Denial of Service (DoS),rrule,https://security.snyk.io/vuln/SNYK-JS-RRULE-72455,,False,<2.6.0 ,https://github.com/jakubroztocil/rrule/commit/a906fdd973f09c078bae2da8b9b38d3de4230cca
Denial of Service (DoS),rrule,https://security.snyk.io/vuln/SNYK-JS-RRULE-72421,,False,<2.5.6 ,https://github.com/jakubroztocil/rrule/commit/eab930c35b74f79ad0dd6e7474a847d5179ff169
Authentication Bypass,passport-saml,https://security.snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411,,False,<1.0.0 ,https://github.com/bergie/passport-saml/commit/f7aab5c0e071827956484b094e59b72b22dd8309
Prototype Pollution,defaults-deep,https://security.snyk.io/vuln/SNYK-JS-DEFAULTSDEEP-173661,CVE-2018-16486,True,* ,n/a
Information Exposure,webpack-dev-server,https://security.snyk.io/vuln/SNYK-JS-WEBPACKDEVSERVER-72405,CVE-2018-14732,False,<3.1.11 ,https://github.com/webpack/webpack-dev-server/commit/f18e5adf123221a1015be63e1ca2491ca45b8d10
Information Exposure,parcel-bundler,https://security.snyk.io/vuln/SNYK-JS-PARCELBUNDLER-461001,CVE-2018-14731,False,<1.10.0 ,https://github.com/parcel-bundler/parcel/commit/92b5c0830662f8baebc6fd4eadfd5ddd3de963a3
SQL Injection,express-cart,https://security.snyk.io/vuln/SNYK-JS-EXPRESSCART-72404,,False,<1.1.8 ,https://github.com/mrvautin/expressCart/commit/b2234ef4f28225bb42f74bf6cf33759048aba518
Cross-site Scripting (XSS),react-tooltip,https://security.snyk.io/vuln/SNYK-JS-REACTTOOLTIP-72363,,False,<3.8.1 ,https://github.com/wwayne/react-tooltip/commit/cb16d97d107454a304f1bf09102907374a5baffb
Arbitrary Command Injection,ps,https://security.snyk.io/vuln/SNYK-JS-PS-72307,CVE-2018-16460,False,<1.0.0 ,n/a
Arbitrary Command Injection,ascii-art,https://security.snyk.io/vuln/SNYK-JS-ASCIIART-72306,,False,<1.4.4 ,n/a
Cross-site Scripting (XSS),dojo,https://security.snyk.io/vuln/SNYK-JS-DOJO-72305,CVE-2018-1000665,False,>=1.14.0-pre <1.14.0 >=1.13.0 <1.13.1 >=1.12.1 <1.12.4 >=1.11.0-rc1 <1.11.6 <1.10.10 ,https://github.com/dojo/dojo/commit/9117ffd5a3863e44c92fcd58564c0da22be858f4
Arbitrary Command Injection,samsung-remote,https://security.snyk.io/vuln/SNYK-JS-SAMSUNGREMOTE-72278,,False,<1.3.5 ,n/a
Cross-site Scripting (XSS),editor.md,https://security.snyk.io/vuln/SNYK-JS-EDITORMD-72282,CVE-2018-16330,False,* ,n/a
Directory Traversal,simplehttpserver,https://security.snyk.io/vuln/SNYK-JS-SIMPLEHTTPSERVER-72286,CVE-2018-3787,False,<0.2.1 ,n/a
Regular Expression Denial of Service (ReDoS),mosca,https://security.snyk.io/vuln/npm:mosca:20180613,CVE-2018-11615,False,<2.8.2 ,n/a
Denial of Service (DoS),mem,https://security.snyk.io/vuln/npm:mem:20180117,,False,<4.0.0 ,https://github.com/sindresorhus/mem/commit/da4e4398cb27b602de3bd55f746efa9b4a31702b
Cross-site Scripting (XSS),mergely,https://security.snyk.io/vuln/npm:mergely:20180623,,False,<4.0.5 ,https://github.com/wickedest/Mergely/commit/217674cd078ea6d7d3cb6694e4f272d76daf3a75
Arbitrary Code Execution,electron,https://security.snyk.io/vuln/npm:electron:20180822,CVE-2018-15685,False,>=1.7.0 <1.7.16 >=1.8.0 <1.8.8 >=2.0.0 <2.0.8 >=3.0.0-beta6 <3.0.0-beta.7 ,n/a
Arbitrary Command Injection,egg-scripts,https://security.snyk.io/vuln/npm:egg-scripts:20180824,CVE-2018-3786,False,<2.8.1 ,"https:\u002F\u002Fgithub.com\u002Feggjs\u002Fegg-scripts\u002Fcommit\u002Fb98fd03d1e3aaed68004b881f0b3d42fe47341dd)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-08-27T11:46:36Z"",disclosureTime:""2018-08-24T12:22:55Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-EGGSCRIPTS-12215""],CVE:[""CVE-2018-3786""],CWE:[""CWE-284""],GHSA:[""GHSA-c9j3-wqph-5xx9""],NSP:[694]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:L\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:H\u002FI:H\u002FA:H"",cvssScore:8.6,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fegg-scripts\""\u003Eegg-scripts\u003C\u002Fa\u003E is a deploy tool for egg project.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),node-red,https://security.snyk.io/vuln/npm:node-red:20180511,,False,<0.18.6 ,n/a
Directory Traversal,serve,https://security.snyk.io/vuln/npm:serve:20180529,CVE-2019-5417,False,<7.1.3 ,n/a
Arbitrary Command Injection,entitlements,https://security.snyk.io/vuln/npm:entitlements:20180718,,False,<1.3.0 ,n/a
Directory Traversal,ponse,https://security.snyk.io/vuln/npm:ponse:20180718,,False,<2.0.3 ,https:\u002F\u002Fgithub.com\u002Fcoderaiser\u002Fponse\u002Fcommit\u002F9b3d6ca9cea1236fe8742e0f962037c4bcb291e9)\
Privilege Escalation,express-cart,https://security.snyk.io/vuln/npm:express-cart:20180712,CVE-2018-16483,False,<1.1.6 ,n/a
Cross-site Scripting (XSS),m-server,https://security.snyk.io/vuln/npm:m-server:20180712,CVE-2018-16484,False,<1.4.2 ,n/a
Cross-site Scripting (XSS),buttle,https://security.snyk.io/vuln/npm:buttle:20180704,CVE-2019-5422,False,* ,n/a
Cross-site Scripting (XSS),jplayer,https://security.snyk.io/vuln/npm:jplayer:20180814,CVE-2013-2022,False,<2.3.0 ,n/a
Cross-site Scripting (XSS),jplayer,https://security.snyk.io/vuln/npm:jplayer:20180813,CVE-2013-2023,False,<2.3.2 ,https://github.com/jplayer/jPlayer/commit/8ccc429598d62eebe9f65a0a4e6fd406a123c8b4
Cross-site Scripting (XSS),jplayer,https://security.snyk.io/vuln/npm:jplayer:20130511,CVE-2013-1942,False,<2.2.20 ,n/a
Arbitrary String Injection,dojox,https://security.snyk.io/vuln/npm:dojox:20180818,CVE-2018-15494,False,<1.10.10 >=1.11.0 <1.11.6 >=1.12.0 <1.12.4 >=1.13.0 <1.13.1 ,n/a
Cross-site Scripting (XSS),dojo,https://security.snyk.io/vuln/npm:dojo:20180818,CVE-2018-5673,False,<1.10.10 >=1.11.0 <1.11.6 >=1.12.0 <1.12.4 >=1.13.0 <1.13.1 ,https://github.com/dojo/dojo/commit/33eb767c477c6953446d9af8f5229d44d3dd8500
Privilege Escalation,flintcms,https://security.snyk.io/vuln/npm:flintcms:20180817,CVE-2018-3783,False,<1.1.10 ,n/a
Access Restriction Bypass,angular-jwt,https://security.snyk.io/vuln/npm:angular-jwt:20180605,CVE-2018-11537,False,<0.1.10 ,n/a
Improper Authorization,aedes,https://security.snyk.io/vuln/npm:aedes:20180807,CVE-2018-3778,False,<0.35.1 ,https://github.com/nodejs/security-wg/commit/0c683cacced8b152589f86870ea658df08740bab)
Cross-site Scripting (XSS),exceljs,https://security.snyk.io/vuln/npm:exceljs:20180805,CVE-2018-16459,False,<1.6.0 ,https://github.com/guyonroche/exceljs/commit/9066cd89a9fad055166b53ce9e75a42e7636bac1
Regular Expression Denial of Service (ReDoS),slugify,https://security.snyk.io/vuln/npm:slugify:20180805,,False,<1.3.1 ,"https:\u002F\u002Fgithub.com\u002Fsimov\u002Fslugify\u002Fcommit\u002Fe8f8a694c0839c77e53e336616b1e6e3b1c7feab)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:g,disclosureTime:g,credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-SLUGIFY-11130""],CVE:[],CWE:[""CWE-400""]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L"",cvssScore:5.3,language:""js"",socialTrendAlert:c,proprietary:c,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fslugify\""\u003E\u003Ccode\u003Eslugify\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a package that slugifies every string.\u003C\u002Fp\u003"
Time of Check Time of Use (TOCTOU),chownr,https://security.snyk.io/vuln/npm:chownr:20180731,CVE-2017-18869,False,<1.1.0 ,n/a
Information Exposure,superagent,https://security.snyk.io/vuln/npm:superagent:20181108,,False,<3.8.1 ,https://github.com/visionmedia/superagent/commit/087edaf15cac51f69ae6346c431f40627aff0ff4
Open Redirect,url-parse,https://security.snyk.io/vuln/npm:url-parse:20180731,CVE-2018-3774,False,<1.4.3 ,https://github.com/unshiftio/url-parse/commit/d7b582ec1243e8024e60ac0b62d2569c939ef5de
Uninitialized Memory Exposure,utile,https://security.snyk.io/vuln/npm:utile:20180614,,False,* ,n/a
Directory Traversal,file-static-server,https://security.snyk.io/vuln/npm:file-static-server:20180614,,False,* ,n/a
Uninitialized Memory Exposure,put,https://security.snyk.io/vuln/npm:put:20180614,,False,* ,n/a
Directory Traversal,markdown-pdf,https://security.snyk.io/vuln/npm:markdown-pdf:20180716,CVE-2018-3770,False,<9.0.0 ,"https:\u002F\u002Fgithub.com\u002Falanshaw\u002Fmarkdown-pdf\u002Fcommit\u002F5a3d30d1b1ea26702be671e6cbce2dc093e8604f)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2018-07-23T13:46:08Z"",disclosureTime:""2018-07-16T22:23:35Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-MARKDOWNPDF-12178""],CVE:[""CVE-2018-3770""],CWE:[""CWE-22""],GHSA:[""GHSA-p7c9-jqhq-vr3v""],NSP:[991]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N"",cvssScore:5.3,language:""js"",socialTrendAlert:c,proprietary:c,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fmarkdown-pdf\""\u003Emarkdown-pdf\u003C\u002Fa\u003E is a Node module that converts Markdown files to PDFs.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),statics-server,https://security.snyk.io/vuln/npm:statics-server:20180714,CVE-2018-3771,True,* ,n/a
Prototype Pollution,extend,https://security.snyk.io/vuln/npm:extend:20180424,CVE-2018-16492,False,<2.0.2 >=3.0.0 <3.0.2 ,https://github.com/justmoon/node-extend/commit/0e68e71d93507fcc391e398bc84abd0666b28190
Insecure Randomness,cryptiles,https://security.snyk.io/vuln/npm:cryptiles:20180710,CVE-2018-1000620,False,>=3.1.0 <3.1.3 >=4.0.0 <4.1.2 ,https://github.com/hapijs/cryptiles/commit/9332d4263a32b84e76bf538d7470d01ea63fa047
Cross-site Scripting (XSS),angular-redactor,https://security.snyk.io/vuln/npm:angular-redactor:20180705,CVE-2018-13339,False,* ,n/a
Malicious Package,eslint-config-eslint,https://security.snyk.io/vuln/SNYK-JS-ESLINTCONFIGESLINT-72491,,False,=5.0.2 ,n/a
Malicious Package,eslint-config-airbnb-standard,https://security.snyk.io/vuln/npm:eslint-config-airbnb-standard:20180712,,False,>=2.0.0 <2.1.2 ,n/a
Malicious Package,eslint-scope,https://security.snyk.io/vuln/SNYK-JS-ESLINTSCOPE-11120,,False,=3.7.2 ,n/a
Denial of Service (DoS),memjs,https://security.snyk.io/vuln/npm:memjs:20180627,CVE-2018-3767,False,<1.2.2 ,n/a
Directory Traversal,buttle,https://security.snyk.io/vuln/npm:buttle:20180627,CVE-2018-3766,False,* ,n/a
Cross-site Scripting (XSS),medis,https://security.snyk.io/vuln/npm:medis:20171201,CVE-2018-1000536,True,* ,n/a
Denial of Service (DoS),mailparser-mit,https://security.snyk.io/vuln/npm:mailparser-mit:20180625,,False,* ,n/a
Denial of Service (DoS),emailjs-mime-parser,https://security.snyk.io/vuln/npm:emailjs-mime-parser:20180625,,False,<2.0.74 ,https://github.com/emailjs/emailjs-mime-parser/commit/4915907c53fa8c14e45efca25412abf301785d14
Denial of Service (DoS),mailsplit,https://security.snyk.io/vuln/npm:mailsplit:20180625,,False,<4.2.1 ,n/a
Denial of Service (DoS),mailparser,https://security.snyk.io/vuln/npm:mailparser:20180625,,False,<2.3.0 ,n/a
Denial of Service (DoS),haraka,https://security.snyk.io/vuln/npm:haraka:20180625,,False,<2.8.19 ,"https:\u002F\u002Fgithub.com\u002Fharaka\u002FHaraka\u002Fcommit\u002Fff7646d879b1c21d0cfcd5f1d62eaf607cc452a8)"",severity:""high"",packageName:e,packageManager:f,publicationTime:g,disclosureTime:g,credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-HARAKA-11112""],CVE:[],CWE:[""CWE-400""]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:H"",cvssScore:7.5,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fharaka\""\u003E\u003Ccode\u003Eharaka\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a scalable node.js email server with a modular plugin architecture\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),platform.js,https://security.snyk.io/vuln/npm:platform.js:20170907,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),node-htmlparser-classic,https://security.snyk.io/vuln/npm:node-htmlparser-classic:20170906,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),underscore.string,https://security.snyk.io/vuln/npm:underscore.string:20170908,,False,>2.4.0 <3.3.6 ,n/a
Cross-site Scripting (XSS),hexo-editor,https://security.snyk.io/vuln/npm:hexo-editor:20180103,,True,* ,n/a
Cross-site Scripting (XSS),electron-markdownify,https://security.snyk.io/vuln/npm:electron-markdownify:20171205,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),ismobilejs,https://security.snyk.io/vuln/SNYK-JS-ISMOBILEJS-72624,,False,<0.5.0 ,https://github.com/kaimallea/isMobile/commit/8a075cf2a58b7e25bbb15827612d49b79f8cd9bc
Arbitrary Code Execution,cryo,https://security.snyk.io/vuln/npm:cryo:20180619,CVE-2018-3784,True,* ,n/a
Uninititialized Memory Exposure,njwt,https://security.snyk.io/vuln/npm:njwt:20180614,,False,<1.0.0 ,n/a
Arbitrary Command Injection,git-dummy-commit,https://security.snyk.io/vuln/npm:git-dummy-commit:20180619,CVE-2018-3785,False,* ,n/a
Cross-site Scripting (XSS),oauth2orize-fprm,https://security.snyk.io/vuln/npm:oauth2orize-fprm:20180501,CVE-2018-11647,False,<0.2.1 ,https://github.com/jaredhanson/oauth2orize-fprm/commit/2bf9faee787eb004abbdfb6f4cc2fb06653defd5)
Insecure Randomness,generate-pincode,https://security.snyk.io/vuln/npm:generate-pincode:20180612,,False,<5.0.2 ,https://github.com/zrrrzzt/generate-pincode/commit/79186f4e964cd408766235de051654afab6a81c8
Cross-site Scripting (XSS),bootstrap,https://security.snyk.io/vuln/npm:bootstrap:20180529,CVE-2018-14042,False,<3.4.0 >=4.0.0 <4.1.2 ,https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0
Cross-site Scripting (XSS),bootstrap,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAP-73560,CVE-2018-14041,False,>=4.0.0 <4.1.2 ,https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0
Cross-site Scripting (XSS),bootstrap-sass,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPSASS-598772,CVE-2018-14042,False,<3.4.0 ,https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0
Arbitrary Code Execution,express-cart,https://security.snyk.io/vuln/npm:express-cart:20180606,CVE-2018-3758,False,<1.1.7 ,"https:\u002F\u002Fgithub.com\u002Fmrvautin\u002FexpressCart\u002Fcommit\u002F65b18cfe426fa217aa6ada1d4162891883137893)"",severity:""critical"",packageName:e,packageManager:f,publicationTime:""2018-06-06T15:07:50Z"",disclosureTime:""2018-06-06T20:23:41Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-EXPRESSCART-12161""],CVE:[""CVE-2018-3758""],CWE:[""CWE-94""],GHSA:[""GHSA-8h8v-6qqm-fwpq""],NSP:[676]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:H\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:9.1,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fexpress-cart\""\u003Eexpress-cart\u003C\u002Fa\u003E is a fully functional shopping cart built in Node.js (Express, MongoDB) with Stripe, PayPal and Authorize.net payments.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),sexstatic,https://security.snyk.io/vuln/npm:sexstatic:20180529,CVE-2018-3755,False,* ,n/a
Cross-site Scripting (XSS),ag-grid,https://security.snyk.io/vuln/npm:ag-grid:20171016,,False,>=13.0.0 <14.0.0 ,"https:\u002F\u002Fgithub.com\u002Fdominikg\u002Fag-grid\u002Fcommit\u002F28625a36bf5a3d98081f44ef73d548e0191dfc2a)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2018-06-03T13:45:51Z"",disclosureTime:""2017-10-16T22:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-AGGRID-11107""],CVE:[],CWE:[""CWE-79""]},semver:{vulnerable:[""\u003E=13.0.0 \u003C14.0.0""]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N"",cvssScore:6.1,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fag-grid\""\u003E\u003Ccode\u003Eag-grid\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is an advanced Data Grid \u002F Data Table supporting Javascript \u002F React \u002F AngularJS \u002F Web Components.\u003C\u002Fp\u003"
Information Exposure,serve,https://security.snyk.io/vuln/npm:serve:20180531,CVE-2019-5415,False,<7.0.0 ,n/a
Arbitrary File Write via Archive Extraction (Zip Slip),unzipper,https://security.snyk.io/vuln/npm:unzipper:20180415,CVE-2018-1002203,False,<0.8.13 ,https://github.com/ZJONSSON/node-unzipper/pull/59/commits/5f68901c2e2e062a5e0083a81d257eccea0eb760
Arbitrary File Write via Archive Extraction (Zip Slip),adm-zip,https://security.snyk.io/vuln/npm:adm-zip:20180415,CVE-2018-1002204,False,<0.4.11 ,https://github.com/cthackers/adm-zip/commit/d01fa8c80c3a5fcf5ce1eda82d96600c62910d3f
Arbitrary Command Injection,pdf-image,https://security.snyk.io/vuln/npm:pdf-image:20180529,CVE-2018-3757,True,<2.0.1 ,https://github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83
Cross-site Scripting (XSS),videojs-swf,https://security.snyk.io/vuln/SNYK-JS-VIDEOJSSWF-575391,,False,<4.5.4 ,https://github.com/videojs/video-js-swf/commit/98cc1a6f1319494b8d32ba4df413bdd9a817e3c1
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/npm:tinymce:20180522,,False,<4.5.12 >=4.6.0 <4.7.12 ,"https:\u002F\u002Fgithub.com\u002Ftinymce\u002Ftinymce\u002Fcommit\u002F15ff5b81c2a1e44efbc7fdba92b65d2bdcbc4c38)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2018-05-24T13:55:33Z"",disclosureTime:""2018-05-22T21:09:49Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-TINYMCE-12156""],CVE:[],CWE:[""CWE-79""]},semver:{vulnerable:[""\u003C4.5.12"",""\u003E=4.6.0 \u003C4.7.12""]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:N\u002FA:N"",cvssScore:6.5,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Ftinymce\""\u003E\u003Ccode\u003Etinymce\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a web based JavaScript HTML WYSIWYG editor control.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/npm:tinymce:20170613,,False,<4.6.4 ,n/a
Open Redirect,hekto,https://security.snyk.io/vuln/npm:hekto:20180412,CVE-2018-3743,False,<0.2.4 ,https:\u002F\u002Fgithub.com\u002Fherber\u002Fhekto\u002Fpull\u002F3\u002Fcommits\u002F408dd526e706246e2c2f378580c66036b768520e)\
Cross-site Scripting (XSS),react-marked-markdown,https://security.snyk.io/vuln/npm:react-marked-markdown:20180517,,False,* ,n/a
Malicious Package,nothing-js,https://security.snyk.io/vuln/npm:nothing-js:20180516,,False,* ,n/a
Malicious Package,ladder-text-js,https://security.snyk.io/vuln/npm:ladder-text-js:20180516,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),citation-js,https://security.snyk.io/vuln/npm:citation-js:20180508,,False,<0.4.0-7 ,https://github.com/larsgw/citation.js/commit/fa7cb324270f81ed626d45f2aca8a215dfa5104e
Directory Traversal,koa-body,https://security.snyk.io/vuln/npm:koa-body:20180127,,False,<3.0.0 ,n/a
SQL Injection,query-mysql,https://security.snyk.io/vuln/npm:query-mysql:20180512,CVE-2018-3754,False,* ,n/a
SQL Injection,sql,https://security.snyk.io/vuln/npm:sql:20180512,,False,* ,n/a
Directory Traversal,localhost-now,https://security.snyk.io/vuln/npm:localhost-now:20180512,,False,* ,n/a
Arbitrary Command Injection,macaddress,https://security.snyk.io/vuln/npm:macaddress:20180511,CVE-2018-13797,False,<0.2.9 ,"https:\u002F\u002Fgithub.com\u002Fscravy\u002Fnode-macaddress\u002Fcommit\u002F358fd594adb196a86b94ac9c691f69fe5dad2332)"",severity:""critical"",packageName:e,packageManager:f,publicationTime:""2018-05-13T14:26:27Z"",disclosureTime:""2018-05-11T08:54:39Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-MACADDRESS-12141""],CVE:[""CVE-2018-13797""],CWE:[""CWE-264""],GHSA:[""GHSA-pp57-mqmh-44h7"",""GHSA-q9r2-f3vc-rjg8""],NSP:[654]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H"",cvssScore:9.8,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fmacaddress\""\u003Emacaddress\u003C\u002Fa\u003E Retrieve MAC addresses in Linux, OS X, and Windows.\u003C\u002Fp\u003"
Arbitrary Command Injection,open,https://security.snyk.io/vuln/npm:open:20180512,,False,<6.0.0 ,n/a
Uninitialized Memory Exposure,stringstream,https://security.snyk.io/vuln/npm:stringstream:20180511,CVE-2018-21270,False,<0.0.6 ,https://github.com/mhart/StringStream/commit/afbc7442220358419e330618e47f3a65fc265b1b
Uninitialized Memory Exposure,npmconf,https://security.snyk.io/vuln/npm:npmconf:20180512,,False,<2.1.3 ,n/a
Directory Traversal,html-pages,https://security.snyk.io/vuln/npm:html-pages:20180509,CVE-2018-3744,False,<2.1.0 ,n/a
Arbitrary Command Injection,buttle,https://security.snyk.io/vuln/npm:buttle:20180512,,False,* ,n/a
Directory Traversal,angular-http-server,https://security.snyk.io/vuln/npm:angular-http-server:20180426,,False,<1.4.4 ,"https:\u002F\u002Fgithub.com\u002Fsimonh1000\u002Fangular-http-server\u002Fcommit\u002F8bafc9577161469f5dea01e0b98ea9c525d063e9)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-05-13T14:26:26Z"",disclosureTime:""2018-04-26T08:54:39Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-ANGULARHTTPSERVER-12152""],CVE:[],CWE:[""CWE-22""],GHSA:[""GHSA-vmhw-fhj6-m3g5""],NSP:[656]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:H\u002FI:N\u002FA:N\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:8.6,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fangular-http-server\""\u003Eangular-http-server\u003C\u002Fa\u003E is  an application server designed for Single Page App (SPA) developers.\u003C\u002Fp\u003"
Uninitialized Memory Exposure,base64-url,https://security.snyk.io/vuln/npm:base64-url:20180512,,False,<2.0.0 ,n/a
Uninitialized Memory Exposure,byte,https://security.snyk.io/vuln/npm:byte:20180512,,False,<1.4.1 ,"https:\u002F\u002Fgithub.com\u002Fnode-modules\u002Fbyte\u002Fcommit\u002Fccc6f4b206d01761c38ca2717014b646ce8f4c93)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2018-05-13T14:26:26Z"",disclosureTime:""2018-05-12T08:54:39Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-BYTE-12142""],CVE:[],CWE:[""CWE-201""],GHSA:[""GHSA-xm7f-x4wx-wmgv""],NSP:[657]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:P\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:H\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:5.2,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fbyte\""\u003Ebyte\u003C\u002Fa\u003E Input Buffer and Output Buffer, just like Java ByteBuffer.\u003C\u002Fp\u003"
Uninitialized Memory Exposure,base64url,https://security.snyk.io/vuln/npm:base64url:20180511,,False,<3.0.0 ,"https:\u002F\u002Fgithub.com\u002Fbrianloveswords\u002Fbase64url\u002Fcommit\u002F4355cb294123e86171daa9389f7afe6d2b2b9dae)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-05-13T14:26:26Z"",disclosureTime:""2018-05-11T08:54:39Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-BASE64URL-12139""],CVE:[],CWE:[""CWE-201""],GHSA:[""GHSA-rvg8-pwq2-xj7q""],NSP:[658]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:H\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:7.1,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fbase64url\""\u003Ebase64url\u003C\u002Fa\u003E Converting to, and from, base64url.\u003C\u002Fp\u003"
Arbitrary Command Injection,command-exists,https://security.snyk.io/vuln/npm:command-exists:20180512,,False,<1.2.4 ,n/a
Arbitrary Command Injection,fs-path,https://security.snyk.io/vuln/npm:fs-path:20180512,CVE-2020-8298,False,<0.0.25 ,n/a
Directory Traversal,superstatic,https://security.snyk.io/vuln/npm:superstatic:20180429,,False,<5.0.2 ,https://github.com/firebase/superstatic/commit/e396ff62f588732989137d6c40d46b310e51ef2b
Sandbox Bypass,constantinople,https://security.snyk.io/vuln/npm:constantinople:20180421,,False,<3.1.1 ,https://github.com/pugjs/constantinople/commit/01d409c0d081dfd65223e6b7767c244156d35f7f
SQL Injection,squel,https://security.snyk.io/vuln/npm:squel:20180322,,False,* ,n/a
Malicious Package,http-fetch-cookies,https://security.snyk.io/vuln/npm:http-fetch-cookies:20180502,,False,* ,n/a
Malicious Package,getcookies,https://security.snyk.io/vuln/npm:getcookies:20180502,,False,* ,n/a
Malicious Package,express-cookies,https://security.snyk.io/vuln/npm:express-cookies:20180502,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),ua-parser-js,https://security.snyk.io/vuln/npm:ua-parser-js:20180227,,False,<0.7.18 ,"https:\u002F\u002Fgithub.com\u002Ffaisalman\u002Fua-parser-js\u002Fcommit\u002F2e57a9778f0735a1e5e73e723155e155848a88af)"",severity:""medium"",packageName:d,packageManager:e,publicationTime:""2018-05-02T14:33:27Z"",disclosureTime:""2018-02-26T22:00:00Z"",credit:[""Zach Bjornson"",""Jamie Davis""],identifiers:{ALTERNATIVE:[""SNYK-JS-UAPARSERJS-11094""],CVE:[],CWE:[""CWE-400""]},semver:{vulnerable:[f]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:5.3,language:""js"",socialTrendAlert:g,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fua-parser-js\""\u003E\u003Ccode\u003Eua-parser-js\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is Lightweight JavaScript-based user-agent string parser.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),react-svg,https://security.snyk.io/vuln/npm:react-svg:20180427,,False,<2.2.18 ,n/a
Cross-site Scripting (XSS),ckeditor-dev,https://security.snyk.io/vuln/npm:ckeditor-dev:20180430,CVE-2018-9861,False,>=4.5.11 <4.9.2 ,n/a
Uninitialized Memory Exposure,concat-with-sourcemaps,https://security.snyk.io/vuln/npm:concat-with-sourcemaps:20180429,,False,<1.0.6 ,n/a
Regular Expression Denial of Service (ReDoS),foreman,https://security.snyk.io/vuln/npm:foreman:20180429,,False,<3.0.1 ,"https:\u002F\u002Fgithub.com\u002Fstrongloop\u002Fnode-foreman\u002Fcommit\u002F680ad4067eb2e72d201f1580793d143b850f1b0a)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-04-30T13:07:31Z"",disclosureTime:""2018-04-29T16:43:31Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-FOREMAN-12128""],CVE:[],CWE:[""CWE-400""],GHSA:[""GHSA-xm28-fw2x-fqv2""],NSP:[645]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:H\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:7.5,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fforeman\""\u003Eforeman\u003C\u002Fa\u003E is a Node.js version of the popular Foreman tool, with a few Node specific changes.\u003C\u002Fp\u003"
Uninitialized Memory Exposure,atob,https://security.snyk.io/vuln/npm:atob:20180429,CVE-2018-3745,False,<2.1.0 ,n/a
Regular Expression Denial of Service (ReDoS),rgb2hex,https://security.snyk.io/vuln/npm:rgb2hex:20180429,,False,<0.1.6 ,n/a
Cross-site Scripting (XSS),cloudcmd,https://security.snyk.io/vuln/npm:cloudcmd:20180426,,False,<9.1.6 ,"https:\u002F\u002Fgithub.com\u002Fcoderaiser\u002Fcloudcmd\u002Fcommit\u002F23f4d4702cd3d473977285f26ea2ae7206b45f38)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-04-26T13:29:19Z"",disclosureTime:""2018-04-26T06:10:55Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-CLOUDCMD-12127""],CVE:[],CWE:[""CWE-79""],GHSA:[""GHSA-m8fw-534v-xm85""],NSP:[642]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:L\u002FA:N\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:8.5,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fcloudcmd\""\u003Ecloudcmd\u003C\u002Fa\u003E is an orthodox web file manager with console and editor.\u003C\u002Fp\u003"
Directory Traversal,mcstatic,https://security.snyk.io/vuln/npm:mcstatic:20180425,CVE-2018-3730,False,* ,n/a
Prototype Override,querystringify,https://security.snyk.io/vuln/npm:querystringify:20180419,,False,<2.0.0 ,https://github.com/unshiftio/querystringify/commit/422eb4f6c7c28ee5f100dcc64177d3b68bb2b080
Arbitrary Command Injection,pdfinfojs,https://security.snyk.io/vuln/npm:pdfinfojs:20180409,CVE-2018-3746,False,<0.4.1 ,n/a
Prototype Pollution,deep-extend,https://security.snyk.io/vuln/npm:deep-extend:20180409,CVE-2018-3750,True,<0.5.1 ,https://github.com/unclechu/node-deep-extend/commit/433ee51ed606f4e1867ece57b6ff5a47bebb492f
Insecure Credential Comparison,safe-compare,https://security.snyk.io/vuln/npm:safe-compare:20180417,,False,>=1.1.0 <1.1.2 ,https://github.com/Bruce17/safe-compare/commit/9f51dd99ee1151aed8d68d91cea92ab89a1390c8
Prototype Pollution,merge-options,https://security.snyk.io/vuln/npm:merge-options:20180415,CVE-2018-3752,True,<1.0.1 ,https://github.com/schnittstabil/merge-options/commit/d4a93bc2890455e0931ac0779667023e6cb101d4
Cross-site Scripting (XSS),public,https://security.snyk.io/vuln/npm:public:20180415,CVE-2018-3747,False,<0.1.4 ,n/a
Prototype Pollution,merge-recursive,https://security.snyk.io/vuln/npm:merge-recursive:20180415,CVE-2018-3751,True,* ,n/a
Prototype Pollution,merge-objects,https://security.snyk.io/vuln/npm:merge-objects:20180415,CVE-2018-3753,True,* ,n/a
Cross-site Scripting (XSS),glance,https://security.snyk.io/vuln/npm:glance:20180415,CVE-2018-3748,False,* ,n/a
Prototype Pollution,deap,https://security.snyk.io/vuln/npm:deap:20180415,CVE-2018-3749,True,<1.0.1 ,n/a
Regular Expression Denial of Service (ReDoS),plist,https://security.snyk.io/vuln/npm:plist:20180219,,False,>=1.2.0 <3.0.1 ,https://github.com/TooTallNate/plist.js/commit/a85b9d3559859d58e44d099a6a40bf8c13ab7e66
Regular Expression Denial of Service (ReDoS),ducktype,https://security.snyk.io/vuln/npm:ducktype:20180219,,False,<1.2.1 ,"https:\u002F\u002Fgithub.com\u002Fjosdejong\u002Fducktype\u002Fcommit\u002Fd8b4c902598c9104d5c56225c3fffcbe1368eff6)"",severity:""high"",packageName:e,packageManager:f,publicationTime:g,disclosureTime:g,credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-DUCKTYPE-11085""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:7.1,language:""js"",socialTrendAlert:b,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fducktype\""\u003E\u003Ccode\u003Educktype\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a Flexible data validation using a duck type interface\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),is-url,https://security.snyk.io/vuln/npm:is-url:20180319,,False,<1.2.4 ,n/a
Regular Expression Denial of Service (ReDoS),simpl-schema,https://security.snyk.io/vuln/npm:simpl-schema:20180219,,False,<1.5.0 ,"https:\u002F\u002Fgithub.com\u002Faldeed\u002Fsimple-schema-js\u002Fcommit\u002F30c43688a38e49e17959d16e7b07131b502a7d1f)"",severity:""high"",packageName:e,packageManager:f,publicationTime:g,disclosureTime:g,credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-SIMPLSCHEMA-11084""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:7.1,language:""js"",socialTrendAlert:b,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fsimpl-schema\""\u003E\u003Ccode\u003Esimpl-schema\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a A schema validation package that supports direct validation of MongoDB update modifier objects.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),bracket-template,https://security.snyk.io/vuln/npm:bracket-template:20180409,CVE-2018-3735,False,* ,n/a
Cross-site Request Forgery (CSRF),auth0-lock,https://security.snyk.io/vuln/npm:auth0-lock:20180409,CVE-2018-6874,False,<11.0.0 ,n/a
Cross-site Request Forgery (CSRF),auth0-js,https://security.snyk.io/vuln/npm:auth0-js:20180409,CVE-2018-6874,False,<9.0.0 ,n/a
Regular Expression Denial of Service (ReDoS),sshpk,https://security.snyk.io/vuln/npm:sshpk:20180409,CVE-2018-3737,False,<1.14.1 ,n/a
Uninitialized Memory Exposure,http-proxy-agent,https://security.snyk.io/vuln/npm:http-proxy-agent:20180406,CVE-2019-10196,True,<2.1.0 ,n/a
Arbitrary Code Injection,mol-proto,https://security.snyk.io/vuln/npm:mol-proto:20160407,,False,<1.0.6 ,https://github.com/milojs/proto/pull/2/commits/10adbec293e7dfdb2e9e565bfd77187cf0373cbe
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/npm:kibana:20180116,CVE-2018-3818,False,>=5.1.1 <5.6.6 >=6.0.0 <6.1.2 ,n/a
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/npm:kibana:20170526,CVE-2017-8439,False,<5.4.1 ,n/a
Uninitialized Memory Exposure,https-proxy-agent,https://security.snyk.io/vuln/npm:https-proxy-agent:20180402,CVE-2018-3739,True,<2.2.0 ,n/a
Cross-site Scripting (XSS),metascraper,https://security.snyk.io/vuln/npm:metascraper:20180328,CVE-2018-3773,False,<5.3.0 ,n/a
Arbitrary Command Injection,whereis,https://security.snyk.io/vuln/npm:whereis:20180401,CVE-2018-3772,True,<0.4.1 ,"https:\u002F\u002Fgithub.com\u002Fvvo\u002Fnode-whereis\u002Fcommit\u002F0f64e3780235004fb6e43bfd153ea3e0e210ee2b)"",severity:""critical"",packageName:e,packageManager:f,publicationTime:""2018-04-02T06:53:40Z"",disclosureTime:""2018-04-01T19:43:25Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-WHEREIS-12108""],CVE:[""CVE-2018-3772""],CWE:[""CWE-78""],GHSA:[""GHSA-wjr4-2jgw-hmv8""],NSP:[604]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:H\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:9.9,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fwhereis\""\u003E\u003Ccode\u003Ewhereis\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a tool to get the first path to a bin on any system.\u003C\u002Fp\u003"
Arbitrary Code Execution,electron,https://security.snyk.io/vuln/npm:electron:20180323,CVE-2018-1000136,False,>=1.7.0 <1.7.13 >=1.8.1 <1.8.4 >=2.0.0-beta.1 <2.0.0-beta.4 ,n/a
Improper Input Validation,insight-api,https://security.snyk.io/vuln/npm:insight-api:20180209,CVE-2018-1000023,False,* ,n/a
Regular Expression Denial of Service (ReDoS),eslint,https://security.snyk.io/vuln/npm:eslint:20180222,,False,>=1.4.0 <4.18.2 ,https://github.com/eslint/eslint/commit/f6901d0bcf6c918ac4e5c6c7c4bddeb2cb715c09
Cross-site Scripting (XSS),bui,https://security.snyk.io/vuln/npm:bui:20180314,CVE-2018-8108,True,* ,n/a
Information Exposure,cordova-plugin-ios-keychain,https://security.snyk.io/vuln/npm:cordova-plugin-ios-keychain:20180306,CVE-2018-1000123,False,* ,https://github.com/ionic-team/cordova-plugin-ios-keychain/pull/29/commits/980230645c8ea3b531b85401de5e4bca0f860e42%23diff-936020291e4c2115faff0171f20672a4
XML External Entity (XXE) Injection,mxgraph,https://security.snyk.io/vuln/npm:mxgraph:20171122,CVE-2017-18197,False,<3.7.6 ,n/a
Access Restriction Bypass,npm,https://security.snyk.io/vuln/npm:npm:20180222,CVE-2018-7408,False,<5.7.1 ,https://github.com/npm/npm/commit/74e149da6efe6ed89477faa81fef08eee7999ad0
Cross-site Scripting (XSS),simple-server,https://security.snyk.io/vuln/npm:simple-server:20180126,CVE-2018-3717,False,<1.1.0 ,n/a
Directory Traversal,general-file-server,https://security.snyk.io/vuln/npm:general-file-server:20180131,CVE-2018-3724,False,<=1.1.8 ,n/a
Information Exposure,serve,https://security.snyk.io/vuln/npm:serve:20180318,CVE-2018-3718,False,<6.5.2 ,n/a
Directory Traversal,zs123,https://security.snyk.io/vuln/npm:zs123:20180315,,True,* ,n/a
Directory Traversal,zhaolei1111,https://security.snyk.io/vuln/npm:zhaolei1111:20180315,,True,* ,n/a
Directory Traversal,webrepl,https://security.snyk.io/vuln/npm:webrepl:20180315,,True,* ,n/a
Directory Traversal,tmadserver,https://security.snyk.io/vuln/npm:tmadserver:20180315,,True,* ,n/a
Directory Traversal,stevenc4.server,https://security.snyk.io/vuln/npm:stevenc4.server:20180315,,False,* ,n/a
Directory Traversal,starfruit,https://security.snyk.io/vuln/npm:starfruit:20180315,,True,* ,n/a
Directory Traversal,serverzyqzyq,https://security.snyk.io/vuln/npm:serverzyqzyq:20180315,,True,* ,n/a
Directory Traversal,serversyysyy,https://security.snyk.io/vuln/npm:serversyysyy:20180315,,True,* ,n/a
Directory Traversal,serverlyj333,https://security.snyk.io/vuln/npm:serverlyj333:20180315,,True,* ,n/a
Directory Traversal,rjpserver,https://security.snyk.io/vuln/npm:rjpserver:20180315,,True,* ,n/a
Directory Traversal,paopao613,https://security.snyk.io/vuln/npm:paopao613:20180315,,True,* ,n/a
Directory Traversal,nodejsccc,https://security.snyk.io/vuln/npm:nodejsccc:20180315,,True,* ,n/a
Directory Traversal,nodejs_liamgb,https://security.snyk.io/vuln/npm:nodejs_liamgb:20180315,,True,* ,n/a
Directory Traversal,meryl,https://security.snyk.io/vuln/npm:meryl:20180315,,True,* ,n/a
Directory Traversal,lab6_agolotin,https://security.snyk.io/vuln/npm:lab6_agolotin:20180315,,True,* ,n/a
Arbitrary File Write,terminal-share,https://security.snyk.io/vuln/npm:terminal-share:20170510,,True,* ,n/a
Directory Traversal,jiazhipeng,https://security.snyk.io/vuln/npm:jiazhipeng:20180315,,True,* ,n/a
Directory Traversal,jacobj66-weather,https://security.snyk.io/vuln/npm:jacobj66-weather:20180315,,True,* ,n/a
Directory Traversal,hdsdhhksjd,https://security.snyk.io/vuln/npm:hdsdhhksjd:20180315,,True,* ,n/a
Directory Traversal,gyfserver,https://security.snyk.io/vuln/npm:gyfserver:20180315,,True,* ,n/a
Cross-site Scripting (XSS),zeroclipboard,https://security.snyk.io/vuln/npm:zeroclipboard:20130104,CVE-2013-1808,False,<1.0.8 ,"https:\u002F\u002Fgithub.com\u002Fzeroclipboard\u002Fzeroclipboard\u002Fcommit\u002Fa0e02933f5f7ce5f364fbad36a005f0a349f0696)"",severity:""low"",packageName:e,packageManager:f,publicationTime:""2018-03-15T13:14:47Z"",disclosureTime:""2013-01-04T09:04:07Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-ZEROCLIPBOARD-12091""],CVE:[""CVE-2013-1808""],CWE:[""CWE-79""]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N"",cvssScore:3.7,language:""js"",socialTrendAlert:c,proprietary:c,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fzeroclipboard\""\u003Ezeroclipboard\u003C\u002Fa\u003E provides an easy way to copy text to the clipboard using an invisible Adobe Flash movie and a JavaScript interface.\u003C\u002Fp\u003"
Man-in-the-Middle (MitM),tiny-json-http,https://security.snyk.io/vuln/npm:tiny-json-http:20180214,CVE-2018-1000096,False,<7.0.0 ,"https:\u002F\u002Fgithub.com\u002Fbrianleroux\u002Ftiny-json-http\u002Fpull\u002F15\u002Fcommits\u002F1460a815c9a657daaf29ebdf085b935221fcf676)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2018-03-15T13:14:46Z"",disclosureTime:""2018-02-14T01:44:28Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-TINYJSONHTTP-12093""],CVE:[""CVE-2018-1000096""],CWE:[""CWE-300""]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N"",cvssScore:5.3,language:""js"",socialTrendAlert:c,proprietary:c,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Ftiny-json-http\""\u003Etiny-json-http\u003C\u002Fa\u003E is a minimalist HTTP client for GET and POSTing JSON payloads.\u003C\u002Fp\u003"
Arbitrary Code Execution,electron,https://security.snyk.io/vuln/npm:electron:20180307,CVE-2018-1000118,False,<1.8.2-beta.5 ,https://github.com/electron/electron/commit/ce361a12e355f9e1e99c989f1ea056c9e502dbe7
Directory Traversal,node-srv,https://security.snyk.io/vuln/npm:node-srv:20180125,CVE-2018-3714,False,<2.1.1 ,"https:\u002F\u002Fgithub.com\u002Fnim579\u002Fnode-srv\u002Fcommit\u002F15be996c0520ac6e4dee0cf0808fc7e72effd2a2)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-03-08T15:41:11.637000Z"",disclosureTime:""2018-01-25T11:58:19.292000Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-NODESRV-12089""],CVE:[""CVE-2018-3714""],CWE:[""CWE-22""],GHSA:[""GHSA-52r9-g5g6-2hjp""],NSP:[588]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:N\u002FA:N\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:7.7,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fnode-srv\""\u003Enode-srv\u003C\u002Fa\u003E is a simple static node.js server. Supports Heroku and Grunt.js.\u003C\u002Fp\u003"
Directory Traversal,glance,https://security.snyk.io/vuln/npm:glance:20180129,CVE-2018-3715,False,<3.0.4 ,https://github.com/jarofghosts/glance/commit/8cfd88e44ebd3f07e3a2eaf376a3e758b6c4ca19
Regular Expression Denial of Service (ReDoS),path-complete-extname,https://security.snyk.io/vuln/npm:path-complete-extname:20180307,,False,<1.0.0 ,n/a
Directory Traversal,stattic,https://security.snyk.io/vuln/npm:stattic:20180307,CVE-2018-3734,False,<0.3.0 ,n/a
Cross-site Request Forgery (CSRF),auth0-js,https://security.snyk.io/vuln/npm:auth0-js:20180226,CVE-2018-7307,False,<9.3 ,n/a
Directory Traversal,angular-http-server,https://security.snyk.io/vuln/npm:angular-http-server:20180302,CVE-2018-3713,False,<1.4.3 ,n/a
Regular Expression Denial of Service (ReDoS),clean-css,https://security.snyk.io/vuln/npm:clean-css:20180306,,False,<4.1.11 ,https://github.com/jakubpawlowicz/clean-css/commit/2929bafbf8cdf7dccb24e0949c70833764fa87e3
Regular Expression Denial of Service (ReDoS),diff,https://security.snyk.io/vuln/npm:diff:20180305,,False,>=3.0.0 <3.5.0 ,https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0
Cross-site Scripting (XSS),simplehttpserver,https://security.snyk.io/vuln/npm:simplehttpserver:20180226,CVE-2018-3716,False,* ,n/a
Cross-site Scripting (XSS),anywhere,https://security.snyk.io/vuln/npm:anywhere:20180226,CVE-2018-3717,False,<1.5.0 ,n/a
Cross-site Scripting (XSS),mrk.js,https://security.snyk.io/vuln/npm:mrk.js:20180303,,False,<2.0.1 ,n/a
Regular Expression Denial of Service (ReDoS),useragent,https://security.snyk.io/vuln/npm:useragent:20170308,,False,<2.1.13 ,"https:\u002F\u002Fgithub.com\u002F3rd-Eden\u002Fuseragent\u002Fcommit\u002Fb18cf7c2a13c994ea8d6d0d132feef4eb8193c36)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2018-03-06T11:16:29.988000Z"",disclosureTime:""2017-03-07T22:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-USERAGENT-11000""],CVE:[],CWE:[""CWE-400""]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L"",cvssScore:5.3,language:""js"",socialTrendAlert:c,proprietary:c,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fuseragent\""\u003E\u003Ccode\u003Euseragent\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is an user agent string parser, uses Browserscope&#39;s research for parsing.\u003C\u002Fp\u003"
Directory Traversal,hekto,https://security.snyk.io/vuln/npm:hekto:20180215,CVE-2018-3725,False,<0.2.3 ,https://github.com/herber/hekto/commit/a3d942d8398a0907d0bbf2682f2fbd54ce73764e
Regular Expression Denial of Service (ReDoS),aws-lambda-multipart-parser,https://security.snyk.io/vuln/npm:aws-lambda-multipart-parser:20180303,CVE-2018-7560,False,<0.1.2 ,"https:\u002F\u002Fgithub.com\u002Fmyshenin\u002Faws-lambda-multipart-parser\u002Fcommit\u002F56ccb03af4dddebc2b2defb348b6558783d5757e)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2018-03-06T11:16:29.598000Z"",disclosureTime:""2018-03-02T22:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-AWSLAMBDAMULTIPARTPARSER-11021""],CVE:[""CVE-2018-7560""],CWE:[""CWE-400""]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L"",cvssScore:5.3,language:""js"",socialTrendAlert:c,proprietary:c,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Faws-lambda-multipart-parser\""\u003E\u003Ccode\u003Eaws-lambda-multipart-parser\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a parser of multipart\u002Fform-data requests for AWS Lambda.\u003C\u002Fp\u003"
Directory Traversal,626,https://security.snyk.io/vuln/npm:626:20180226,CVE-2018-3727,False,* ,n/a
Authentication Bypass,loopback,https://security.snyk.io/vuln/npm:loopback:20171027,,False,<3.16.2 ,https:\u002F\u002Fgithub.com\u002Fstrongloop\u002Floopback\u002Fcommit\u002F3996f56ab9d57d98bb6ff8fdf95831a69727c0c2)\
Regular Expression Denial of Service (ReDoS),ua-parser-js,https://security.snyk.io/vuln/npm:ua-parser-js:20171012,,False,<0.7.16 ,https:\u002F\u002Fgithub.com\u002Ffaisalman\u002Fua-parser-js\u002Fcommit\u002F25e143ee7caba78c6405a57d1d06b19c1e8e2f79)\
Directory Traversal,zxyserver,https://security.snyk.io/vuln/npm:zxyserver:20180306,,True,* ,n/a
Directory Traversal,yypsulie11,https://security.snyk.io/vuln/npm:yypsulie11:20180306,,True,* ,n/a
Directory Traversal,yxxserver,https://security.snyk.io/vuln/npm:yxxserver:20180306,,True,* ,n/a
Directory Traversal,wuzhuangserver,https://security.snyk.io/vuln/npm:wuzhuangserver:20180306,,True,* ,n/a
Directory Traversal,wrlc,https://security.snyk.io/vuln/npm:wrlc:20180306,,True,* ,n/a
Directory Traversal,wenluhong111,https://security.snyk.io/vuln/npm:wenluhong111:20180306,,True,* ,n/a
Directory Traversal,web-server-mock,https://security.snyk.io/vuln/npm:web-server-mock:20180306,,True,* ,n/a
Directory Traversal,weathertest.bryceperkins,https://security.snyk.io/vuln/npm:weathertest.bryceperkins:20180306,,False,* ,n/a
Directory Traversal,songcaihong,https://security.snyk.io/vuln/npm:songcaihong:20180306,,True,* ,n/a
Directory Traversal,shenliru3,https://security.snyk.io/vuln/npm:shenliru3:20180306,,True,* ,n/a
Directory Traversal,servewuqianqianqian,https://security.snyk.io/vuln/npm:servewuqianqianqian:20180306,,True,* ,n/a
Directory Traversal,serveryyl,https://security.snyk.io/vuln/npm:serveryyl:20180306,,True,* ,n/a
Directory Traversal,serverfff,https://security.snyk.io/vuln/npm:serverfff:20180306,,True,* ,n/a
Directory Traversal,rapid-httpserver,https://security.snyk.io/vuln/npm:rapid-httpserver:20180306,,True,* ,n/a
Directory Traversal,proxey,https://security.snyk.io/vuln/npm:proxey:20180306,,True,* ,n/a
Directory Traversal,web-node-server,https://security.snyk.io/vuln/npm:web-node-server:20180306,,True,<0.0.11 ,n/a
Directory Traversal,nodeload,https://security.snyk.io/vuln/npm:nodeload:20180306,,True,* ,n/a
Directory Traversal,myserve111,https://security.snyk.io/vuln/npm:myserve111:20180306,,True,* ,n/a
Directory Traversal,iceman178.weather.cs360,https://security.snyk.io/vuln/npm:iceman178.weather.cs360:20180306,,False,* ,n/a
Directory Traversal,cs360getcity,https://security.snyk.io/vuln/npm:cs360getcity:20180306,,True,* ,n/a
Regular Expression Denial of Service (ReDoS),phpjs,https://security.snyk.io/vuln/npm:phpjs:20180305,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),content,https://security.snyk.io/vuln/npm:content:20180305,,False,<3.0.7 >=4.0.0 <4.0.4 ,"https:\u002F\u002Fgithub.com\u002Fhapijs\u002Fcontent\u002Fcommit\u002F96beb34f7c38a08d024dbf9cd63865c56e2955d9)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-03-05T17:32:59.439000Z"",disclosureTime:""2018-03-05T16:44:46.717000Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-CONTENT-11014""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[""\u003C3.0.7"",""\u003E=4.0.0 \u003C4.0.4""]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:H\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:7.5,language:""js"",socialTrendAlert:c,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fcontent\""\u003E\u003Ccode\u003Econtent\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a HTTP Content-* headers parsing\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),nwmatcher,https://security.snyk.io/vuln/npm:nwmatcher:20180305,,False,<1.4.4 ,https://github.com/dperini/nwmatcher/commit/9dcc2b039beeabd18327a5ebaa537625872e16f0
Directory Traversal,localhost-now,https://security.snyk.io/vuln/npm:localhost-now:20180206,CVE-2018-3729,False,<1.0.2 ,n/a
Regular Expression Denial of Service (ReDoS),uas-parser,https://security.snyk.io/vuln/npm:uas-parser:20180305,,False,<0.2.3 ,"https:\u002F\u002Fgithub.com\u002FGUI\u002Fuas-parser\u002Fcommit\u002Fc33b1247d02244484c78d1cb06a7103156f17109)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-03-05T17:02:59.765000Z"",disclosureTime:""2018-03-05T16:44:48.266000Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-UASPARSER-11025""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:7.1,language:""js"",socialTrendAlert:b,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fuas-parser\""\u003E\u003Ccode\u003Euas-parser\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a User agent string parser (using data from user-agent-string.info)\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),protobufjs,https://security.snyk.io/vuln/npm:protobufjs:20180305,CVE-2018-3738,False,<5.0.3 >=6.0.0 <6.8.6 ,https:\u002F\u002Fgithub.com\u002FdcodeIO\u002Fprotobuf.js\u002Fcommit\u002F2ee1028d631a328e152d7e09f2a0e0c5c83dc2aa)\
Regular Expression Denial of Service (ReDoS),emailjs-mime-codec,https://security.snyk.io/vuln/npm:emailjs-mime-codec:20180225,,False,<2.0.5 ,"https:\u002F\u002Fgithub.com\u002Femailjs\u002Femailjs-mime-codec\u002Fpull\u002F22\u002Fcommits\u002F895f624ff7d480d762d662ba1c3bb91831dc4646)"",severity:""high"",packageName:e,packageManager:f,publicationTime:g,disclosureTime:g,credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-EMAILJSMIMECODEC-11013""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:7.1,language:""js"",socialTrendAlert:b,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Femailjs-mime-codec\""\u003E\u003Ccode\u003Eemailjs-mime-codec\u003C\u002Fcode\u003E\u003C\u002Fa\u003E allows you to encode and decode between different MIME related encodings.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),highcharts,https://security.snyk.io/vuln/npm:highcharts:20180225,CVE-2018-20801,False,<6.1.0 ,https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/npm:kibana:20180130,CVE-2018-3820,False,>=6.1.0 <6.1.3 ,n/a
Open Redirect,kibana,https://security.snyk.io/vuln/npm:kibana:20180130-2,CVE-2018-3819,False,>=5.1.1 <5.6.7 >=6.0.0 <6.1.3 ,n/a
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/npm:kibana:20180130-1,CVE-2018-3821,False,>=5.1.1 <5.6.7 >=6.0.0 <6.1.3 ,n/a
Resources Downloaded over Insecure Protocol,gatsby-cli,https://security.snyk.io/vuln/npm:gatsby-cli:20170202,,False,<1.0.9 ,n/a
Cross-site Scripting (XSS),simditor,https://security.snyk.io/vuln/npm:simditor:20180131,CVE-2018-6464,False,<2.3.22 ,https://github.com/mycolorway/simditor/commit/ef01a643cbb7f8163535d6bfb71135f80ec6a6fd
Cross-site Scripting (XSS),knockout,https://security.snyk.io/vuln/npm:knockout:20180213,CVE-2019-14862,False,<3.5.0-beta ,https://github.com/knockout/knockout/commit/7e280b2b8a04cc19176b5171263a5c68bda98efb
Directory Traversal,xingbaohai,https://security.snyk.io/vuln/npm:xingbaohai:20180226,,True,* ,n/a
Directory Traversal,willvdb_test_server,https://security.snyk.io/vuln/npm:willvdb_test_server:20180226,,True,* ,n/a
Directory Traversal,websvr,https://security.snyk.io/vuln/npm:websvr:20180226,,True,* ,n/a
Directory Traversal,simple-mock-server,https://security.snyk.io/vuln/npm:simple-mock-server:20180226,,True,* ,n/a
Directory Traversal,mime_web_server,https://security.snyk.io/vuln/npm:mime_web_server:20180226,,True,* ,n/a
Directory Traversal,express-blinker,https://security.snyk.io/vuln/npm:express-blinker:20180226,,True,* ,n/a
Directory Traversal,easy-router,https://security.snyk.io/vuln/npm:easy-router:20180226,,True,* ,n/a
Directory Traversal,caolilinode1,https://security.snyk.io/vuln/npm:caolilinode1:20180226,,True,* ,n/a
Directory Traversal,caihong,https://security.snyk.io/vuln/npm:caihong:20180226,,True,* ,n/a
Directory Traversal,binocular-lamp,https://security.snyk.io/vuln/npm:binocular-lamp:20180226,,True,* ,n/a
Authentication Bypass,saml2-js,https://security.snyk.io/vuln/npm:saml2-js:20180227,CVE-2017-11429,False,<1.12.4 >=2.0.0 <2.0.2 ,n/a
Regular Expression Denial of Service (ReDoS),wicket,https://security.snyk.io/vuln/npm:wicket:20180225,,False,<1.3.2 ,"https:\u002F\u002Fgithub.com\u002Farthur-e\u002FWicket\u002Fcommit\u002Faa4a3bc1ec50c55c06ea4faf11dd36d2623ac4a2)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-27T16:32:25.060000Z"",disclosureTime:""2018-02-27T13:46:54.168000Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-WICKET-10989""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fwicket\""\u003E\u003Ccode\u003Ewicket\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a modest library for moving between Well-Known Text (WKT) and various framework geometries\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),bson,https://security.snyk.io/vuln/npm:bson:20180225,CVE-2018-13863,False,>=0.5.0 <1.0.5 ,https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a
Regular Expression Denial of Service (ReDoS),marked,https://security.snyk.io/vuln/npm:marked:20180225,,False,<0.3.18 ,https://github.com/markedjs/marked/pull/1083/commits/b15e42b67cec9ded8505e9d68bb8741ad7a9590d
Directory Traversal,cuiaiguang,https://security.snyk.io/vuln/npm:cuiaiguang:20180226,,True,* ,n/a
Directory Traversal,wuzhuang,https://security.snyk.io/vuln/npm:wuzhuang:20180226,,True,* ,n/a
Directory Traversal,asset-cache,https://security.snyk.io/vuln/npm:asset-cache:20180226,,True,* ,n/a
Directory Traversal,ptest,https://security.snyk.io/vuln/npm:ptest:20180226,,True,* ,n/a
Directory Traversal,micra,https://security.snyk.io/vuln/npm:micra:20180226,,True,* ,n/a
Directory Traversal,m-server,https://security.snyk.io/vuln/npm:m-server:20180226,CVE-2018-16485,True,<1.4.2 ,"https:\u002F\u002Fgithub.com\u002Fnunnly\u002Fm-server\u002Fcommit\u002F01f13f040d1961ca3146dce7e2db990156e65e9a)"",severity:""high"",packageName:e,packageManager:f,publicationTime:g,disclosureTime:g,credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-MSERVER-10978""],CVE:[""CVE-2018-16485""],CWE:[""CWE-22""],GHSA:[""GHSA-vc6r-4x6g-mmqc""],NSP:[731]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N\u002FE:F\u002FRL:U\u002FRC:C"",cvssScore:7.5,language:""js"",socialTrendAlert:c,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fm-server\""\u003E\u003Ccode\u003Em-server\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a M-Server is a mini http static server that without any dependencies;.\u003C\u002Fp\u003"
Directory Traversal,static-cling,https://security.snyk.io/vuln/npm:static-cling:20180226,,True,* ,n/a
Directory Traversal,html-pages,https://security.snyk.io/vuln/npm:html-pages:20180226,,True,* ,n/a
Directory Traversal,api-proxy,https://security.snyk.io/vuln/npm:api-proxy:20180226,,True,* ,n/a
Directory Traversal,basic-static,https://security.snyk.io/vuln/npm:basic-static:20180226,,True,* ,n/a
Directory Traversal,hserver-static,https://security.snyk.io/vuln/npm:hserver-static:20180226,,True,* ,n/a
Directory Traversal,sabu,https://security.snyk.io/vuln/npm:sabu:20180226,,True,* ,n/a
Directory Traversal,awning,https://security.snyk.io/vuln/npm:awning:20180226,,True,* ,n/a
Directory Traversal,atropa-server,https://security.snyk.io/vuln/npm:atropa-server:20180226,,True,* ,n/a
Directory Traversal,atropa-ide,https://security.snyk.io/vuln/npm:atropa-ide:20180226,,True,* ,n/a
Directory Traversal,aso-server,https://security.snyk.io/vuln/npm:aso-server:20180226,,True,* ,n/a
Directory Traversal,stattic,https://security.snyk.io/vuln/npm:stattic:20180226,,True,* ,n/a
Directory Traversal,pico-static-server,https://security.snyk.io/vuln/npm:pico-static-server:20180226,,True,<3.0.2 ,n/a
Directory Traversal,bae-nodejs,https://security.snyk.io/vuln/npm:bae-nodejs:20180226,,True,* ,n/a
Directory Traversal,crud-file-server,https://security.snyk.io/vuln/npm:crud-file-server:20180226,CVE-2018-3733,True,<0.9.0 ,"https:\u002F\u002Fgithub.com\u002Fomphalos\u002Fcrud-file-server\u002Fcommit\u002F4fc3b404f718abb789f4ce4272c39c7a138c7a82)"",severity:""high"",packageName:e,packageManager:f,publicationTime:g,disclosureTime:g,credit:[""Rafal Janicki (bl4de)"",""Liang Gong""],identifiers:{ALTERNATIVE:[""SNYK-JS-CRUDFILESERVER-10964""],CVE:[""CVE-2018-3733""],CWE:[""CWE-22""],GHSA:[""GHSA-vfp9-gwrh-wq9g""],NSP:[1003]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:7.5,language:""js"",socialTrendAlert:c,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fcrud-file-server\""\u003E\u003Ccode\u003Ecrud-file-server\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a file server supporting basic create, read, update, &amp; delete for any kind of file.\u003C\u002Fp\u003"
Directory Traversal,node-staticserver,https://security.snyk.io/vuln/npm:node-staticserver:20180226,,True,* ,n/a
Directory Traversal,server-static,https://security.snyk.io/vuln/npm:server-static:20180226,,True,* ,n/a
Directory Traversal,butler-server,https://security.snyk.io/vuln/npm:butler-server:20180226,,True,* ,n/a
Directory Traversal,bruteser,https://security.snyk.io/vuln/npm:bruteser:20180226,,True,* ,n/a
Directory Traversal,canvas-designer,https://security.snyk.io/vuln/npm:canvas-designer:20180226,,True,* ,n/a
Directory Traversal,glurp,https://security.snyk.io/vuln/npm:glurp:20180226,,True,* ,n/a
Directory Traversal,der-server,https://security.snyk.io/vuln/npm:der-server:20180226,,True,* ,n/a
Directory Traversal,ex-http-frame,https://security.snyk.io/vuln/npm:ex-http-frame:20180226,,True,* ,n/a
Directory Traversal,btnode,https://security.snyk.io/vuln/npm:btnode:20180226,,True,* ,n/a
Directory Traversal,gfm-srv,https://security.snyk.io/vuln/npm:gfm-srv:20180226,,True,* ,n/a
Directory Traversal,getstats,https://security.snyk.io/vuln/npm:getstats:20180226,,True,* ,n/a
Directory Traversal,gamebutler,https://security.snyk.io/vuln/npm:gamebutler:20180226,,True,* ,n/a
Directory Traversal,fast-http,https://security.snyk.io/vuln/npm:fast-http:20180226,,True,* ,n/a
Directory Traversal,easy-node-server,https://security.snyk.io/vuln/npm:easy-node-server:20180226,,True,* ,n/a
Directory Traversal,dilu,https://security.snyk.io/vuln/npm:dilu:20180226,,True,* ,n/a
Directory Traversal,isv-http,https://security.snyk.io/vuln/npm:isv-http:20180226,,True,* ,n/a
Directory Traversal,httpea,https://security.snyk.io/vuln/npm:httpea:20180226,,True,* ,n/a
Directory Traversal,markdown-server,https://security.snyk.io/vuln/npm:markdown-server:20180226,,True,* ,n/a
Directory Traversal,serverxh,https://security.snyk.io/vuln/npm:serverxh:20180226,,True,* ,n/a
Directory Traversal,lab6.1,https://security.snyk.io/vuln/npm:lab6.1:20180226,,False,* ,n/a
Directory Traversal,less-livereload,https://security.snyk.io/vuln/npm:less-livereload:20180226,,True,* ,n/a
Directory Traversal,lander,https://security.snyk.io/vuln/npm:lander:20180226,,True,* ,n/a
Directory Traversal,litedoc,https://security.snyk.io/vuln/npm:litedoc:20180226,,True,* ,n/a
Directory Traversal,censorify.matt.shurtz,https://security.snyk.io/vuln/npm:censorify.matt.shurtz:20180226,,False,* ,n/a
Directory Traversal,zhanglina,https://security.snyk.io/vuln/npm:zhanglina:20180226,,True,* ,n/a
Directory Traversal,node-http-server,https://security.snyk.io/vuln/npm:node-http-server:20180226,,True,* ,n/a
Directory Traversal,node-static-webserver,https://security.snyk.io/vuln/npm:node-static-webserver:20180226,,True,* ,n/a
Directory Traversal,server12311,https://security.snyk.io/vuln/npm:server12311:20180226,,True,* ,n/a
Directory Traversal,fakelearnnodejs,https://security.snyk.io/vuln/npm:fakelearnnodejs:20180226,,True,* ,n/a
Directory Traversal,servershuai,https://security.snyk.io/vuln/npm:servershuai:20180226,,True,* ,n/a
Directory Traversal,lab6-wclaibor,https://security.snyk.io/vuln/npm:lab6-wclaibor:20180226,,True,* ,n/a
Directory Traversal,ussasasa,https://security.snyk.io/vuln/npm:ussasasa:20180226,,True,* ,n/a
Directory Traversal,grunt-serve,https://security.snyk.io/vuln/npm:grunt-serve:20180226,,True,* ,n/a
Directory Traversal,grunt-fileserver,https://security.snyk.io/vuln/npm:grunt-fileserver:20180226,,True,* ,n/a
Directory Traversal,nitro-server,https://security.snyk.io/vuln/npm:nitro-server:20180226,,True,* ,n/a
Directory Traversal,wenluhong11,https://security.snyk.io/vuln/npm:wenluhong11:20180226,,True,* ,n/a
Directory Traversal,my-sn,https://security.snyk.io/vuln/npm:my-sn:20180226,,True,* ,n/a
Directory Traversal,zhangranbigman,https://security.snyk.io/vuln/npm:zhangranbigman:20180226,,True,* ,n/a
Directory Traversal,secure-servedir,https://security.snyk.io/vuln/npm:secure-servedir:20180226,,True,* ,n/a
Directory Traversal,servedir,https://security.snyk.io/vuln/npm:servedir:20180226,,True,<1.0.1 ,n/a
Regular Expression Denial of Service (ReDoS),checkit,https://security.snyk.io/vuln/npm:checkit:20180226,,False,* ,"https:\u002F\u002Fgithub.com\u002Ftgriesser\u002Fcheckit\u002Fpull\u002F94)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-26T14:05:11.654000Z"",disclosureTime:""2018-02-26T20:39:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-CHECKIT-10983""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:U\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fcheckit\""\u003E\u003Ccode\u003Echeckit\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a DOM-independent validation library for Node.js, io.js and the browser.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),node-forge,https://security.snyk.io/vuln/npm:node-forge:20180226,,False,<0.7.4 ,"https:\u002F\u002Fgithub.com\u002Fdigitalbazaar\u002Fforge\u002Fcommit\u002F8a2fd33f0cc3a57b15885fb9f976fc677896dd7a)"",severity:""medium"",packageName:d,packageManager:e,publicationTime:""2018-02-26T14:05:11.654000Z"",disclosureTime:""2018-02-26T20:39:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-NODEFORGE-10981""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:5.3,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fnode-forge\""\u003E\u003Ccode\u003Enode-forge\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a native implementation of TLS (and various other cryptographic tools) in JavaScript.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),github-url-to-object,https://security.snyk.io/vuln/npm:github-url-to-object:20180226,,False,<4.0.4 ,n/a
Regular Expression Denial of Service (ReDoS),compromise,https://security.snyk.io/vuln/npm:compromise:20180226,,False,<11.5.1 ,"https:\u002F\u002Fgithub.com\u002Fspencermountain\u002Fcompromise\u002Fcommit\u002F836f659d1cfe799fa10df7f7ea7450f935ec1a46)"",severity:""medium"",packageName:d,packageManager:e,publicationTime:""2018-02-26T14:05:11.654000Z"",disclosureTime:""2018-02-26T20:39:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-COMPROMISE-10985""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:5.3,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fcompromise\""\u003E\u003Ccode\u003Ecompromise\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a ural-language processing package in javascript.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),node-json-db,https://security.snyk.io/vuln/npm:node-json-db:20180226,,False,<0.7.4 ,n/a
Regular Expression Denial of Service (ReDoS),mongoose-beautiful-unique-validation,https://security.snyk.io/vuln/npm:mongoose-beautiful-unique-validation:20180226,,False,<7.1.1 ,"https:\u002F\u002Fgithub.com\u002Fmatteodelabre\u002Fmongoose-beautiful-unique-validation\u002Fcommit\u002F3f2714b35a05977190468bf417a3fdbaaee344cc)"",severity:""medium"",packageName:d,packageManager:e,publicationTime:""2018-02-26T14:05:11Z"",disclosureTime:""2018-02-26T20:39:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-MONGOOSEBEAUTIFULUNIQUEVALIDATION-10982""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:5.3,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fmongoose-beautiful-unique-validation\""\u003E\u003Ccode\u003Emongoose-beautiful-unique-validation\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a plugin for Mongoose that turns duplicate errors into regular Mongoose validation errors.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),git-username,https://security.snyk.io/vuln/npm:git-username:20180226,,False,<0.5.1 ,"https:\u002F\u002Fgithub.com\u002Fjonschlinkert\u002Fgit-username\u002Fcommit\u002Fb4313b31a0d2b51105f96307d6306e150f3df80d)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-26T14:05:11Z"",disclosureTime:""2018-02-26T20:39:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-GITUSERNAME-10984""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fgit-username\""\u003E\u003Ccode\u003Egit-username\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a package that gets the username from a git remote origin URL.\u003C\u002Fp\u003"
Directory Traversal,node-cxc,https://security.snyk.io/vuln/npm:node-cxc:20180226,,True,* ,n/a
Regular Expression Denial of Service (ReDoS),truncate,https://security.snyk.io/vuln/npm:truncate:20180225,,False,<2.0.1 ,"https:\u002F\u002Fgithub.com\u002FFGRibreau\u002Fnode-truncate\u002Fcommit\u002Fa3cea056427b2dfbbffebf24a95419b09db23b22)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-02-25T14:35:13.194000Z"",disclosureTime:""2018-02-25T13:55:43.248000Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-TRUNCATE-10920""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:7.1,language:""js"",socialTrendAlert:b,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Ftruncate\""\u003E\u003Ccode\u003Etruncate\u003C\u002Fcode\u003E\u003C\u002Fa\u003E  is a package to helps truncate text and keeps urls safe.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),skeemas,https://security.snyk.io/vuln/npm:skeemas:20180225,,False,<1.2.5 ,"https:\u002F\u002Fgithub.com\u002FPrestaul\u002Fskeemas\u002Fcommit\u002F65e94eda62dc8dc148ab3e59aa2ccc086ac448fd)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-25T14:35:13.113000Z"",disclosureTime:""2018-02-25T13:55:41.932000Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-SKEEMAS-10917""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fskeemas\""\u003E\u003Ccode\u003Eskeemas\u003C\u002Fcode\u003E\u003C\u002Fa\u003E  is a comprehensive JSON Schema (drafts 3 and 4) validation\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),sanitize,https://security.snyk.io/vuln/npm:sanitize:20180225,,False,< 2.1.0 ,"https:\u002F\u002Fgithub.com\u002Fpocketly\u002Fnode-sanitize\u002Fcommit\u002F4fd57530367ea9f2570b1e57d1a1a32e7f5d644f#diff-bd042f5439b55acdcce363c79e2f55d6R148)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-02-25T14:35:13.032000Z"",disclosureTime:""2018-02-25T13:55:41.435000Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-SANITIZE-10916""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[""\u003C 2.1.0""]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:H\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:7.5,language:""js"",socialTrendAlert:c,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fsanitize\""\u003E\u003Ccode\u003Esanitize\u003C\u002Fcode\u003E\u003C\u002Fa\u003E  is an input sanitizing library for node.js\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),email-existence,https://security.snyk.io/vuln/npm:email-existence:20180225,,False,<0.1.6 ,"https:\u002F\u002Fgithub.com\u002Fnmanousos\u002Femail-existence\u002Fcommit\u002F0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-25T14:35:12.955000Z"",disclosureTime:""2018-02-25T13:55:42.264000Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-EMAILEXISTENCE-10918""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Femail-existence\""\u003E\u003Ccode\u003Eemail-existence\u003C\u002Fcode\u003E\u003C\u002Fa\u003E checks existence of email addresses.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),datatype-expansion,https://security.snyk.io/vuln/npm:datatype-expansion:20180225,,False,<0.3.1 ,"https:\u002F\u002Fgithub.com\u002Framl-org\u002Fdatatype-expansion\u002Fcommit\u002F7e7a52b13888bfcabc953bbe0c53b1f30e15dea6)"",severity:""medium"",packageName:d,packageManager:e,publicationTime:""2018-02-25T14:35:12.871000Z"",disclosureTime:""2018-02-25T13:55:43.722000Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-DATATYPEEXPANSION-10921""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:5.3,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fdatatype-expansion\""\u003E\u003Ccode\u003Edatatype-expansion\u003C\u002Fcode\u003E\u003C\u002Fa\u003E  is a utility tool to expand a given type and create a canonical form.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),astronomia,https://security.snyk.io/vuln/npm:astronomia:20180225,,False,<1.3.9 ,"https:\u002F\u002Fgithub.com\u002Fcommenthol\u002Fastronomia\u002Fcommit\u002F223275f8531ba22d68421465737ce02e1952df89)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-25T14:35:12.793000Z"",disclosureTime:""2018-02-25T13:55:42.774000Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-ASTRONOMIA-10919""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fastronomia\""\u003E\u003Ccode\u003Eastronomia\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a translation of meeus from Go to Javascript and contains selected algorithms from the book &quot;Astronomical Algorithms&quot; by Jean Meeus, following the second edition\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),address-rfc2822,https://security.snyk.io/vuln/npm:address-rfc2822:20180225,,False,<2.0.2 ,"https:\u002F\u002Fgithub.com\u002Fharaka\u002Fnode-address-rfc2822\u002Fcommit\u002Fdeeabeb61ddf97d0da48717a668e09f81031ba07)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-02-25T14:35:12Z"",disclosureTime:""2018-02-25T13:55:44Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-ADDRESSRFC2822-10922""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:H\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:7.5,language:""js"",socialTrendAlert:c,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Faddress-rfc2822\""\u003E\u003Ccode\u003Eaddress-rfc2822\u003C\u002Fcode\u003E\u003C\u002Fa\u003E  is a parser for RFC2822 (Header) format email addresses.\u003C\u002Fp\u003"
Directory Traversal,resolve-path,https://security.snyk.io/vuln/npm:resolve-path:20180222,CVE-2018-3732,False,<1.4.0 ,"https:\u002F\u002Fgithub.com\u002Fpillarjs\u002Fresolve-path\u002Fcommit\u002Ffe5b8052cafd35fcdafe9210e100e9050b37d2a0)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-02-25T14:31:05Z"",disclosureTime:""2018-02-23T07:48:44Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-RESOLVEPATH-12076""],CVE:[""CVE-2018-3732""],CWE:[""CWE-22""],GHSA:[""GHSA-62g9-6hw5-rwfp""],NSP:[573]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:C\u002FC:H\u002FI:N\u002FA:N\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:8.6,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fgithub.com\u002Fpillarjs\u002Fresolve-path\""\u003Eresolve-path\u003C\u002Fa\u003E resolves a relative path against a root path with validation.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),valid-email,https://security.snyk.io/vuln/npm:valid-email:20180222,,False,<1.0.0 ,"https:\u002F\u002Fgithub.com\u002Fjohnhenry\u002Fvalid-email\u002Fcommit\u002F624ffa60b42bed8c577a679d682dda286b4603e6)"",severity:""medium"",packageName:d,packageManager:e,publicationTime:""2018-02-22T15:42:02.088000Z"",disclosureTime:""2018-02-21T16:19:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-VALIDEMAIL-10913""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:5.3,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fvalid-email\""\u003E\u003Ccode\u003Evalid-email\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is an email validation package.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),vue,https://security.snyk.io/vuln/npm:vue:20180222,,False,<2.5.14 ,"https:\u002F\u002Fgithub.com\u002Fvuejs\u002Fvue\u002Fcommit\u002Fcd334070f3b82d3f5892c4999cc290ccd4f56fd8)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-22T15:42:02Z"",disclosureTime:""2018-02-21T16:19:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-VUE-10910""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fvue\""\u003E\u003Ccode\u003Evue\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a React UI component library that uses inline styles to avoid CSS dependencies and prevent leaky global styles from affecting an application.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),xlsx,https://security.snyk.io/vuln/npm:xlsx:20180222,,False,<0.12.2 ,"https:\u002F\u002Fgithub.com\u002FSheetJS\u002Fjs-xlsx\u002Fcommit\u002F88e9e31ebf067c40b58c84dc1a7a842750c379ba)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-22T15:42:02Z"",disclosureTime:""2018-02-21T16:19:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-XLSX-10909""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fxlsx\""\u003E\u003Ccode\u003Exlsx\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a parser and writer for various spreadsheet formats.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),shaka-player,https://security.snyk.io/vuln/npm:shaka-player:20180222,,False,<2.3.3 ,"https:\u002F\u002Fgithub.com\u002Fgoogle\u002Fshaka-player\u002Fcommit\u002F0a2190246ced4935fc47cb624b88e1d030741a61)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-22T15:42:02Z"",disclosureTime:""2018-02-21T16:19:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-SHAKAPLAYER-10914""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fshaka-player\""\u003E\u003Ccode\u003Eshaka-player\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a parser and writer for various spreadsheet formats.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),moddle-xml,https://security.snyk.io/vuln/npm:moddle-xml:20180222,,False,<4.1.3 ,https://github.com/bpmn-io/moddle-xml/commit/e2b5ba0a79b16af48a4ec9fa8b605ea4e0111c17
Regular Expression Denial of Service (ReDoS),harb,https://security.snyk.io/vuln/npm:harb:20180222,,False,* ,https://github.com/SheetJS/js-xlsx/commit/88e9e31ebf067c40b58c84dc1a7a842750c379ba
Regular Expression Denial of Service (ReDoS),markdown-js,https://security.snyk.io/vuln/npm:markdown-js:20180221,,False,<0.0.4 ,https://github.com/Gozala/markdown-js/commit/5c5de1f60d72fdb5fc4551a9cf3438944ec45de3
Information Exposure,converse.js,https://security.snyk.io/vuln/npm:converse.js:20180208,,False,<3.3.3 ,n/a
Cross-site Request Forgery (CSRF),pym.js,https://security.snyk.io/vuln/npm:pym.js:20180215,,False,<1.3.2 ,n/a
Directory Traversal,public,https://security.snyk.io/vuln/npm:public:20180217,CVE-2018-3731,False,<0.1.3 ,https://github.com/tnantoka/public/commit/eae8ad8017b260f8667ded5e12801bd72b877af2
Arbitrary Code Execution,gifsicle,https://security.snyk.io/vuln/npm:gifsicle:20170810,CVE-2017-1000421,False,<1.90 ,https://github.com/kohler/gifsicle/commit/81fd7823f6d9c85ab598bc850e40382068361185
Cross-site Scripting (XSS),crud-file-server,https://security.snyk.io/vuln/npm:crud-file-server:20180217,CVE-2018-3726,False,<0.9.0 ,"https:\u002F\u002Fgithub.com\u002Fomphalos\u002Fcrud-file-server\u002Fcommit\u002F4155bfe068bf211b49a0b3ffd06e78cbaf1b40fa)"",severity:""critical"",packageName:d,packageManager:e,publicationTime:""2018-02-21T16:09:56Z"",disclosureTime:""2018-02-19T23:30:51Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-CRUDFILESERVER-12073""],CVE:[""CVE-2018-3726""],CWE:[""CWE-79""],GHSA:[""GHSA-h24f-9mm4-w336""],NSP:[570]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:H\u002FA:N\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:9.6,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fgithub.com\u002Fomphalos\u002Fcrud-file-server\""\u003Ecrud-file-server\u003C\u002Fa\u003E exposes a directory to create, read, update, and delete operations over http.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),node-pg-migrate,https://security.snyk.io/vuln/npm:node-pg-migrate:20180220,,False,<2.23.0 ,"https:\u002F\u002Fgithub.com\u002Fsalsita\u002Fnode-pg-migrate\u002Fcommit\u002F07ba543b407d0e5e3d24f441509d13c81584b01b)"",severity:""medium"",packageName:d,packageManager:e,publicationTime:""2018-02-20T17:25:11.961000Z"",disclosureTime:""2018-02-20T20:39:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-NODEPGMIGRATE-10902""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:5.3,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fnode-pg-migrate\""\u003E\u003Ccode\u003Enode-pg-migrate\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a Node.js database migration management built exclusively for postgres.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),gettext-parser,https://security.snyk.io/vuln/npm:gettext-parser:20180220,,False,<1.3.1 ,https://github.com/smhg/gettext-parser/commit/b3aa4a753101b3b9793c5b7c28bbcecbf77548d3
Regular Expression Denial of Service (ReDoS),deckardcain,https://security.snyk.io/vuln/npm:deckardcain:20180220,,False,<0.3.4 ,"https:\u002F\u002Fgithub.com\u002Fapiaryio\u002Fdeckardcain\u002Fcommit\u002F571d6715585e56bd0ec23b1c40966a4aedb25750)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-20T17:25:11.728000Z"",disclosureTime:""2018-02-20T20:39:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-DECKARDCAIN-10903""],CVE:[],CWE:[""CWE-185"",""CWE-400""]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:P\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fdeckardcain\""\u003E\u003Ccode\u003Edeckardcain\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a package to parse and compile gettext po and mo files with node.js.\u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),abaaso,https://security.snyk.io/vuln/npm:abaaso:20180220,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),html-dom-parser,https://security.snyk.io/vuln/npm:html-dom-parser:20180220,,False,<0.1.3 ,https://github.com/remarkablemark/html-dom-parser/commit/b80d699bbbd45d254379e6916152c918998e3b10
Regular Expression Denial of Service (ReDoS),braces,https://security.snyk.io/vuln/npm:braces:20180219,CVE-2018-1109,False,<2.3.1 ,https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20180202,,False,<1.6.9 ,https://github.com/angular/angular.js/commit/b9ef6585e10477fbbf912a971fe0b390bca692a6
Buffer Overflow,validator,https://security.snyk.io/vuln/npm:validator:20160218,,False,<5.0.0 ,https://github.com/chriso/validator.js/commit/19508354cde4e08c75b377321a3d5f910dddee4e
Regular Expression Denial of Service (ReDoS),postcss-inline-base64,https://security.snyk.io/vuln/npm:postcss-inline-base64:20180216,,False,<3.0.0 ,https://github.com/lagden/postcss-inline-base64/commit/8b54659ffc6c18761d1bf84f9e9cb2cd3f58c171
Regular Expression Denial of Service (ReDoS),cejs,https://security.snyk.io/vuln/npm:cejs:20180217,,False,<2.0.20180219 ,https://github.com/kanasimi/CeJS/commit/c6a9ffec1152781f268b8d72d80ee4d8fc837986
Regular Expression Denial of Service (ReDoS),validator,https://security.snyk.io/vuln/npm:validator:20180218,,False,>=5.2.0 <9.4.1 ,https://github.com/chriso/validator.js/commit/19508354cde4e08c75b377321a3d5f910dddee4e
Regular Expression Denial of Service (ReDoS),jasmine-core,https://security.snyk.io/vuln/npm:jasmine-core:20180216,,False,<3.1.0 ,https://github.com/jasmine/jasmine/commit/3b77f3818846ea68bcdcd7b0b734b48cb1f69cc1
Prototype Pollution,merge-deep,https://security.snyk.io/vuln/npm:merge-deep:20180215,CVE-2018-3722,True,<3.0.1 ,n/a
Prototype Pollution,assign-deep,https://security.snyk.io/vuln/npm:assign-deep:20180215,CVE-2018-3720,True,<0.4.7 ,n/a
Prototype Pollution,defaults-deep,https://security.snyk.io/vuln/npm:defaults-deep:20180215,CVE-2018-3723,True,<0.2.4 ,n/a
Prototype Pollution,mixin-deep,https://security.snyk.io/vuln/npm:mixin-deep:20180215,CVE-2018-3719,True,<1.3.1 ,n/a
Regular Expression Denial of Service (ReDoS),valid-data-url,https://security.snyk.io/vuln/npm:valid-data-url:20180214,,False,<0.1.5 ,https://github.com/killmenot/valid-data-url/commit/64bad3cf1eff246103d71b51f945d7ea73bf7adf
Regular Expression Denial of Service (ReDoS),q-io,https://security.snyk.io/vuln/npm:q-io:20180212,,False,<1.13.5 ,https://github.com/kriskowal/q-io/commit/b9c54c809c48306835506a3baad5dab67bec9dab
Regular Expression Denial of Service (ReDoS),nicest,https://security.snyk.io/vuln/npm:nicest:20180213,,False,<1.1.3 ,https://github.com/ChristianMurphy/nicest/commit/118b11767e70c39f0784f7b9a7c4c477d3688c27
Regular Expression Denial of Service (ReDoS),mimer,https://security.snyk.io/vuln/npm:mimer:20180210,,False,<0.3.0 ,https://github.com/data-uri/mimer/commit/50ba6424f68543ccda61652b1e12e64fb87e33c2
Regular Expression Denial of Service (ReDoS),jquery.csssr.validation,https://security.snyk.io/vuln/npm:jquery.csssr.validation:20180215,,False,<0.0.26 ,n/a
Regular Expression Denial of Service (ReDoS),htmllint,https://security.snyk.io/vuln/npm:htmllint:20180213,,False,<0.7.2 ,https://github.com/htmllint/htmllint/commit/eec921cee4327d7fe02ba6812bc39dc29f46b12a
Regular Expression Denial of Service (ReDoS),dirty-json,https://security.snyk.io/vuln/npm:dirty-json:20180213,,False,<0.5.2 ,https://github.com/RyanMarcus/dirty-json/commit/0b9c15e26699538a11e08e0f168af558392dadbe
Regular Expression Denial of Service (ReDoS),citeproc,https://security.snyk.io/vuln/npm:citeproc:20180214,,False,<2.1.184 ,https://github.com/Juris-M/citeproc-js/commit/df060e95b1545b3767c5ae89b300e410681062f5
Regular Expression Denial of Service (ReDoS),ssri,https://security.snyk.io/vuln/npm:ssri:20180214,CVE-2018-7651,False,<5.2.2 ,"https:\u002F\u002Fgithub.com\u002Fzkat\u002Fssri\u002Fcommit\u002Fd0ebcdc22cb5c8f47f89716d08b3518b2485d65d)"",severity:""medium"",packageName:d,packageManager:e,publicationTime:""2018-02-15T19:52:28Z"",disclosureTime:""2018-02-14T20:39:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-SSRI-12064""],CVE:[""CVE-2018-7651""],CWE:[""CWE-185"",""CWE-400""],GHSA:[""GHSA-325j-24f4-qv5x""],NSP:[565]},semver:{vulnerable:[g]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L"",cvssScore:5.3,language:""js"",socialTrendAlert:h,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fssri\""\u003E\u003Ccode\u003Essri\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a Standard Subresource Integrity library --  parses, serializes, generates, and verifies integrity metadata according to the SRI spec. \u003C\u002Fp\u003"
Regular Expression Denial of Service (ReDoS),is-my-json-valid,https://security.snyk.io/vuln/npm:is-my-json-valid:20180214,CVE-2018-1107,False,<1.4.1 >=2.0.0 <2.17.2 ,"https:\u002F\u002Fgithub.com\u002Fmafintosh\u002Fis-my-json-valid\u002Fcommit\u002Fb3051b277f7caa08cd2edc6f74f50aeda65d2976)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2018-02-15T19:52:28Z"",disclosureTime:""2018-02-13T20:39:06Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-ISMYJSONVALID-10887""],CVE:[""CVE-2018-1107""],CWE:[""CWE-185"",""CWE-400""],GHSA:[""GHSA-4x7c-cx64-49w8""],NSP:[572]},semver:{vulnerable:[""\u003C1.4.1"",""\u003E=2.0.0 \u003C2.17.2""]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:3.7,language:""js"",socialTrendAlert:g,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fis-my-json-valid\""\u003E\u003Ccode\u003Eis-my-json-valid\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a universal validation plugin.\u003C\u002Fp\u003"
Variables Overwrite,sailsjs-cacheman,https://security.snyk.io/vuln/SNYK-JS-SAILSJSCACHEMAN-173694,,False,* ,https://github.com/gayanhewa/sailsjs-cacheman/commit/bd92d97bc54f81ebb092d5f00584f7c82018da28
Insecure Credential Comparison,safe-compare,https://security.snyk.io/vuln/npm:safe-compare:20180210,,False,<1.1.1 ,https://github.com/Bruce17/safe-compare/commit/ba88084d0cdc6a8834616acce086225e5a336d3f
Cross-site Scripting (XSS),html-janitor,https://security.snyk.io/vuln/npm:html-janitor:20180123-1,CVE-2017-0931,False,* ,n/a
Prototype Pollution,lodash,https://security.snyk.io/vuln/npm:lodash:20180130,CVE-2018-3721,True,<4.17.5 ,https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
Arbitrary Command Execution,pullit,https://security.snyk.io/vuln/npm:pullit:20180214,,True,<1.4.0 ,"https:\u002F\u002Fgithub.com\u002Fjkup\u002Fpullit\u002Fcommit\u002F4fec455774ee08f4dce0ef2ef934ffcc37219bfb)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2018-02-14T13:22:50Z"",disclosureTime:""2018-02-13T22:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-PULLIT-10883""],CVE:[],CWE:[""CWE-94""],NSP:[1004]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:8.8,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fpullit\""\u003E\u003Ccode\u003Epullit\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is Display and pull branches from GitHub pull requests.\u003C\u002Fp\u003"
Prototype Pollution,hoek,https://security.snyk.io/vuln/npm:hoek:20180212,CVE-2018-3728,True,<4.2.1 >=5.0.0 <5.0.3 ,https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee
Prototype Pollution,@sailshq/lodash,https://security.snyk.io/vuln/SNYK-JS-SAILSHQLODASH-460130,CVE-2018-3721,True,<3.10.4 ,https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
Cross-site Scripting (XSS),dijit,https://security.snyk.io/vuln/npm:dijit:20180205,CVE-2018-6561,False,* ,n/a
Prototype Pollution,lodash.mergewith,https://security.snyk.io/vuln/SNYK-JS-LODASHMERGEWITH-174137,CVE-2018-3721,True,<4.6.1 ,https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
Prototype Pollution,lodash.merge,https://security.snyk.io/vuln/SNYK-JS-LODASHMERGE-173733,CVE-2018-3721,True,<4.6.2 ,https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
Prototype Pollution,lodash.defaultsdeep,https://security.snyk.io/vuln/SNYK-JS-LODASHDEFAULTSDEEP-450198,CVE-2018-3721,True,<4.6.1 ,https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
Prototype Pollution,lodash._basemerge,https://security.snyk.io/vuln/SNYK-JS-LODASHBASEMERGE-450201,CVE-2018-3721,True,* ,https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
Resources Downloaded over Insecure Protocol,cordova-android,https://security.snyk.io/vuln/npm:cordova-android:20170127,CVE-2017-3160,False,<6.1.2 ,n/a
Cross-site Scripting (XSS),html-janitor,https://security.snyk.io/vuln/npm:html-janitor:20180123,CVE-2017-0928,True,<2.0.4 ,n/a
URL Spoofing,electron,https://security.snyk.io/vuln/npm:electron:20180102,CVE-2017-1000424,False,<1.7.6 ,https://github.com/electron/electron/pull/10008/commits/9a7651a93faaaef0534df1ab77268d7deb9d3165
Directory Traversal,next,https://security.snyk.io/vuln/npm:next:20180124,CVE-2018-6184,False,<4.2.3 ,n/a
Authentication Bypass,keycloak-auth-utils,https://security.snyk.io/vuln/npm:keycloak-auth-utils:20170425,CVE-2017-7474,False,>=2.5.0 <3.1.0 ,n/a
Arbitrary Code Execution,mathjs,https://security.snyk.io/vuln/npm:mathjs:20170402,,False,<3.11.5 ,https://github.com/josdejong/mathjs/compare/v3.10.3...v3.11.5
Arbitrary Code Execution,mathjs,https://security.snyk.io/vuln/npm:mathjs:20170331,,False,<3.10.3 ,https://github.com/josdejong/mathjs/compare/v3.10.1...v3.10.3
Arbitrary Code Execution,mathjs,https://security.snyk.io/vuln/npm:mathjs:20170527,,False,<3.13.3 ,https://github.com/josdejong/mathjs/commit/ed5f2cebaf873ba1e57acbce2a3668686ac69331
Denial of Service (DoS),fastify,https://security.snyk.io/vuln/npm:fastify:20180107,CVE-2018-3711,False,<0.38.0 ,https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76
Cross-site Scripting (XSS),redis-commander,https://security.snyk.io/vuln/npm:redis-commander:20180109,,False,<0.5.0 ,https://github.com/joeferner/redis-commander/commit/1a483ebb3a706cf199dd283cf0aead96606adb14
Directory Traversal,augustine,https://security.snyk.io/vuln/npm:augustine:20180123,CVE-2017-0930,False,* ,n/a
Directory Traversal,lactate,https://security.snyk.io/vuln/npm:lactate:20180123,,False,* ,n/a
Directory Traversal,electron,https://security.snyk.io/vuln/npm:electron:20180123,CVE-2018-1000006,False,<1.6.16 >=1.7 <1.7.11 >=1.8 <1.8.2-beta.4 ,n/a
Directory Traversal,serve,https://security.snyk.io/vuln/npm:serve:20180123,CVE-2018-3712,False,<6.4.9 ,"https:\u002F\u002Fgithub.com\u002Fzeit\u002Fserve\u002Fcommit\u002F6adad6881c61991da61ebc857857c53409544575)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2018-01-25T13:53:55.712000Z"",disclosureTime:""2018-01-23T22:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-SERVE-10876""],CVE:[""CVE-2018-3712""],CWE:[""CWE-22""],GHSA:[""GHSA-q2qh-cgc2-qhr3""],NSP:[561]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N"",cvssScore:5.3,language:""js"",socialTrendAlert:c,proprietary:c,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fserve\""\u003E\u003Ccode\u003Eserve\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a  package that lists and allows browsing static file serving and directories in the browser.\u003C\u002Fp\u003"
Shell Command Injection,traceroute,https://security.snyk.io/vuln/npm:traceroute:20160311,,True,<=1.0.0 ,https://github.com/jaw187/node-traceroute/commit/b99ee024a01a40d3d20a92ad3769cc78a3f6386f
XML External Entity (XXE) Injection,samlify,https://security.snyk.io/vuln/npm:samlify:20171002,CVE-2017-1000452,False,<2.3.0 ,n/a
XML External Entity (XXE) Injection,express-saml2,https://security.snyk.io/vuln/npm:express-saml2:20171002,CVE-2017-1000452,False,* ,n/a
Cross-site Scripting (XSS),shiba,https://security.snyk.io/vuln/npm:shiba:20171125,CVE-2017-1000491,False,<1.1.1 ,https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/npm:kibana:20171206,CVE-2017-11481,False,<5.6.5 >=6 <6.0.1 ,n/a
Open Redirect,kibana,https://security.snyk.io/vuln/npm:kibana:20171206-1,CVE-2017-11482,False,<5.6.5 >=6 <6.0.1 ,n/a
Open Redirect,kibana,https://security.snyk.io/vuln/npm:kibana:20170616,CVE-2017-8451,False,<5.3.1 ,n/a
Cross-site Scripting (XSS),bootstrap,https://security.snyk.io/vuln/npm:bootstrap:20160627,CVE-2016-10735,False,<3.4.0 >=4.0.0-alpha <4.0.0-beta.2 ,https://github.com/twbs/bootstrap/commit/9612830701211d757ff95ceccbb494fd2e7ee17e
Cross-site Scripting (XSS),bootstrap-sass,https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPSASS-598787,CVE-2016-10735,False,<3.4.0 ,https://github.com/twbs/bootstrap/commit/9612830701211d757ff95ceccbb494fd2e7ee17e
Directory Traversal,featurebook,https://security.snyk.io/vuln/npm:featurebook:20180115,,False,* ,n/a
Cross-site Scripting (XSS),weyland,https://security.snyk.io/vuln/npm:weyland:20130324,,False,<2.1.0 ,n/a
Cross-site Scripting (XSS),showdown-xss-filter,https://security.snyk.io/vuln/npm:showdown-xss-filter:20150602,,False,<0.1.1 ,n/a
Template Injection,jsviews,https://security.snyk.io/vuln/npm:jsviews:20160320,,False,<0.9.74 ,n/a
Cross-site Scripting (XSS),js-xss,https://security.snyk.io/vuln/npm:js-xss:20150812,,False,<0.2.7 ,n/a
Identity Spoofing,libp2p-secio,https://security.snyk.io/vuln/npm:libp2p-secio:20180115,,False,<0.9.0 ,"https:\u002F\u002Fgithub.com\u002Flibp2p\u002Fjs-libp2p-secio\u002Fpull\u002F95\u002Fcommits\u002Fdc439b5c7ef6e36d68c39e865efc0c7db61acacc)"",severity:""critical"",packageName:e,packageManager:f,publicationTime:""2018-01-19T09:35:48Z"",disclosureTime:""2018-01-15T17:07:03Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-LIBP2PSECIO-12041""],CVE:[],CWE:[""CWE-290""],GHSA:[""GHSA-rch7-f4h5-x9rj""],NSP:[558]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:N"",cvssScore:9.1,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E[\u003Ccode\u003Elibp2p-secio\u003C\u002Fcode\u003E] provides a SECIO implementation in JavaScript.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),blocks,https://security.snyk.io/vuln/npm:blocks:20160910,,False,<0.3.5 ,n/a
Directory Traversal,serve-here,https://security.snyk.io/vuln/npm:serve-here:20171225,,False,* ,https://github.com/vivaxy/here/commit/298dbab41344dfb7f95f66b1fa7b5cfb436bd4a2
Insecure Token Validation,node-jose,https://security.snyk.io/vuln/npm:node-jose:20171222,CVE-2018-0114,False,<0.11.0 ,n/a
Denial of Service (DoS),kibana,https://security.snyk.io/vuln/npm:kibana:20170214,CVE-2017-8452,False,<5.2.1 ,n/a
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/npm:kibana:20170605,CVE-2017-8440,False,>=5.3.0 <5.3.3 >=5.4.0 <5.4.1 ,n/a
Information Exposure,kibana,https://security.snyk.io/vuln/npm:kibana:20170628,CVE-2017-8443,False,<5.4.3 ,n/a
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/npm:kibana:20170928,CVE-2017-11479,False,<5.6.1 ,n/a
Denial of Service (DoS),mqtt,https://security.snyk.io/vuln/npm:mqtt:20171225,CVE-2017-10910,False,>=2.0.0 <2.15.0 ,https://github.com/mqttjs/MQTT.js/commit/403ba53b838f2d319a0c0505a045fe00239e9923
User Impersonation,passport-wsfed-saml2,https://security.snyk.io/vuln/npm:passport-wsfed-saml2:20171222,CVE-2017-16897,False,<3.0.5 ,n/a
Cross-site Scripting (XSS),marked,https://security.snyk.io/vuln/npm:marked:20170815,,False,<0.3.9 ,https://github.com/markedjs/marked/pull/976/commits/6d1901ff71abb83aa32ca9a5ce47471382ea42a9
Cross-site Scripting (XSS),marked,https://security.snyk.io/vuln/npm:marked:20170815-1,,False,<0.3.9 ,https://github.com/markedjs/marked/pull/976/commits/cb72584c5d9d32ebfdbb99e35fb9b81af2b79686
Cross-site Scripting (XSS),vue,https://security.snyk.io/vuln/npm:vue:20170829,,False,<2.4.3 ,https://github.com/vuejs/vue/commit/5091e2c9847601e329ac36d17eae90bb5cb77a91
Cross-site Scripting (XSS),vue,https://security.snyk.io/vuln/npm:vue:20170401,,False,<2.3.0-beta.1 ,https://github.com/vuejs/vue/commit/1e37633567f5d015db24ae0210b1adb4b1c3d355
Denial of Service (DoS),ractive,https://security.snyk.io/vuln/npm:ractive:20160318,,False,<0.8.0 ,https://github.com/ractivejs/ractive/commit/6ba53548d8014f0c52b9bc1bc7a1aed76b7b4a52
Cross-site Scripting (XSS),kibana,https://security.snyk.io/vuln/npm:kibana:20160628,,False,<5.0.0-alpha5 ,https://github.com/elastic/kibana/commit/271aa697075bc2c8f931a1310b20a4ced119bcd5
Cross-site Scripting (XSS),pure,https://security.snyk.io/vuln/npm:pure:20170529,,False,<2.86.0 ,https://github.com/pure/pure/commit/1c41ee35503b08a25eefb30cb3cc7ed2d5af4f3d
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/npm:swagger-ui:20171031,,False,<3.4.2 ,https://github.com/swagger-api/swagger-ui/commit/afa615e01dc7f6724d20a11abfe1fcdf8f6ecd57
Cross-site Request Forgery (CSRF),keystone,https://security.snyk.io/vuln/npm:keystone:20141129,,False,<0.2.34 ,n/a
Denial of Service (DoS),botkit,https://security.snyk.io/vuln/npm:botkit:20161220,,False,<0.4.4 ,https://github.com/howdyai/botkit/commit/ceaf8eb2e419f159e5180e6b21614c15b2c26653
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20171018,,False,<1.6.7 ,https://github.com/angular/angular.js/commit/667db466f959f8bbca1451d0f1c1a3db25d46a6c
Cross-site Scripting (XSS),jquery-colorbox,https://security.snyk.io/vuln/npm:jquery-colorbox:20171115,,False,* ,n/a
Insecure Randomness,crypto-browserify,https://security.snyk.io/vuln/npm:crypto-browserify:20140722,,False,<2.1.11 ,"https:\u002F\u002Fgithub.com\u002Fcrypto-browserify\u002Fcrypto-browserify\u002Fcommit\u002Fb8695c478baa705e18cc7130be3af6c679ae0bf7)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2017-12-25T14:45:01Z"",disclosureTime:""2014-07-21T21:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-CRYPTOBROWSERIFY-12028""],CVE:[],CWE:[""CWE-330""]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:L"",cvssScore:7.3,language:""js"",socialTrendAlert:c,proprietary:c,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fcrypto-browserify\""\u003E\u003Ccode\u003Ecrypto-browserify\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is implementation of crypto for the browser.\u003C\u002Fp\u003"
Denial of Service (DoS),ecstatic,https://security.snyk.io/vuln/npm:ecstatic:20160809,CVE-2016-10703,True,<2.0.0 ,https://github.com/jfhbrook/node-ecstatic/commit/71ce93988ead4b561a8592168c72143907189f01#diff-b2b5a88fb51675f1aa1065c093dce1ee
Regular Expression Denial of Service (ReDoS),whatwg-mimetype,https://security.snyk.io/vuln/npm:whatwg-mimetype:20170907,,False,<2.0.0 ,https://github.com/jsdom/whatwg-mimetype/commit/26c539a699778f8743b8319c298b5fb28a4328d0
Regular Expression Denial of Service (ReDoS),content-type-parser,https://security.snyk.io/vuln/npm:content-type-parser:20170905,,False,* ,https://github.com/jsdom/whatwg-mimetype/commit/26c539a699778f8743b8319c298b5fb28a4328d0
Regular Expression Denial of Service (ReDoS),mobile-detect,https://security.snyk.io/vuln/npm:mobile-detect:20170907,,False,<1.4.0 ,https://github.com/hgoebl/mobile-detect.js/commit/7222f6e75cf8cd90e1dc53e445716203eaf79d8a
Privilege Escalation,auth0-js,https://security.snyk.io/vuln/npm:auth0-js:20171204,CVE-2017-17068,False,<8.12 ,n/a
Malicious Package,npm-script-demo,https://security.snyk.io/vuln/npm:npm-script-demo:20170927,CVE-2017-16128,False,* ,n/a
Arbitrary Code Execution,mathjs,https://security.snyk.io/vuln/npm:mathjs:20171118,CVE-2017-1001002,False,<3.17.0 ,https://github.com/josdejong/mathjs/commit/8d2d48d81b3c233fb64eb2ec1d7a9e1cf6a55a90
Arbitrary Code Execution,mathjs,https://security.snyk.io/vuln/npm:mathjs:20171118-1,CVE-2017-1001003,False,<3.17.0 ,https://github.com/josdejong/mathjs/commit/a60f3c8d9dd714244aed7a5569c3dccaa3a4e761
Regular Expression Denial of Service (ReDoS),moment,https://security.snyk.io/vuln/npm:moment:20170905,CVE-2017-18214,False,<2.19.3 ,n/a
Directory Traversal,next,https://security.snyk.io/vuln/SNYK-JS-NEXT-174590,CVE-2017-16877,False,<2.4.1 ,https://github.com/zeit/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00
Denial of Service (DoS),ws,https://security.snyk.io/vuln/npm:ws:20171108,,True,<1.1.5 >=2.0.0 <3.3.1 ,https://github.com/websockets/ws/commit/c4fe46608acd61fbf7397eadc47378903f95b78a
Insecure Defaults,cordova-plugin-file-transfer,https://security.snyk.io/vuln/npm:cordova-plugin-file-transfer:20140219,CVE-2014-0072,False,<0.4.2 ,n/a
Privilege Escalation,cordova-plugin-inappbrowser,https://security.snyk.io/vuln/npm:cordova-plugin-inappbrowser:20140219,CVE-2014-0073,False,<0.3.2 ,n/a
Arbitrary Command Injection,cordova-android,https://security.snyk.io/vuln/npm:cordova-android:20150526,CVE-2015-1835,False,<3.7.2 >=4.0.0 <4.0.2 ,n/a
Arbitrary Code Execution,sandbox,https://security.snyk.io/vuln/npm:sandbox:20160821,,True,* ,n/a
Cross-site Scripting (XSS),keystone,https://security.snyk.io/vuln/npm:keystone:20170918,CVE-2017-15881,False,<4.0.0-beta.7 ,n/a
Cross-site Scripting (XSS),keystone,https://security.snyk.io/vuln/npm:keystone:20170918-1,CVE-2017-15878,False,<4.0.0-beta.7 ,n/a
CSV Injection,keystone,https://security.snyk.io/vuln/npm:keystone:20170918-2,CVE-2017-15879,False,<4.0.0-beta.7 ,n/a
Malicious Package,hooka-tools,https://security.snyk.io/vuln/npm:hooka-tools:20171025,,False,* ,n/a
Malicious Package,discordi.js,https://security.snyk.io/vuln/npm:discordi.js:20171009,,False,* ,n/a
Arbitrary Code Execution,static-eval,https://security.snyk.io/vuln/npm:static-eval:20171016,CVE-2017-16226,False,<2.0.0 ,https://github.com/substack/static-eval/pull/18/commits/c06f1b8c0a0cd1cc989c025fbb4c5776fc661c2c
Directory Traversal,severzlt,https://security.snyk.io/vuln/npm:severzlt:20171006,,True,* ,n/a
Directory Traversal,nodeserver-jta,https://security.snyk.io/vuln/npm:nodeserver-jta:20171006,,True,* ,n/a
Directory Traversal,ljjnodeserve,https://security.snyk.io/vuln/npm:ljjnodeserve:20171006,,True,* ,n/a
Credential Exposure,aegir,https://security.snyk.io/vuln/npm:aegir:20171013,CVE-2017-16225,False,>=12.0.0 <12.0.8 ,https://github.com/ipfs/aegir/commit/78b36b26f6bf383675129dfed7ec5ab9df82342b
Open Redirect,st,https://security.snyk.io/vuln/npm:st:20171013,CVE-2017-16224,False,<1.2.2 ,https://github.com/isaacs/st/commit/579960c629f12a27428e2da84c54f517e37b0a16
Directory Traversal,xbhxbh,https://security.snyk.io/vuln/npm:xbhxbh:20170910,,True,* ,n/a
Directory Traversal,wangshuai,https://security.snyk.io/vuln/npm:wangshuai:20170910,,True,* ,n/a
Directory Traversal,tinyserver,https://security.snyk.io/vuln/npm:tinyserver:20170910,,True,* ,n/a
Directory Traversal,nopach,https://security.snyk.io/vuln/npm:nopach:20170910,,True,* ,n/a
Directory Traversal,nodejs.jseidl,https://security.snyk.io/vuln/npm:nodejs.jseidl:20170910,,False,* ,n/a
Malicious Package,jquey,https://security.snyk.io/vuln/npm:jquey:20171006,CVE-2017-16204,False,* ,n/a
Denial of Service (DoS),electron,https://security.snyk.io/vuln/npm:electron:20170426,,False,<1.6.8 ,n/a
Denial of Service (DoS),electron,https://security.snyk.io/vuln/npm:electron:20170425,,False,<1.6.8 ,n/a
Cross-site Scripting (XSS),electron,https://security.snyk.io/vuln/npm:electron:20170421,,False,<1.6.8 ,n/a
Cross-site Scripting (XSS),electron,https://security.snyk.io/vuln/npm:electron:20170423,,False,<1.6.8 ,n/a
Denial of Service (DoS),electron,https://security.snyk.io/vuln/npm:electron:20170422,,False,<1.6.8 ,n/a
Arbitrary Code Injection,electron,https://security.snyk.io/vuln/npm:electron:20170105,,False,<1.4.15 ,n/a
Man-in-the-Middle (MitM),electron,https://security.snyk.io/vuln/npm:electron:20161210,,False,<1.4.12 >=1.4.0 ,n/a
Denial of Service (DoS),electron,https://security.snyk.io/vuln/npm:electron:20160926,,False,>=1.3.0 <1.3.13 >=1.4.0 <1.4.11 ,n/a
Uninitialized Memory Exposure,electron,https://security.snyk.io/vuln/npm:electron:20160903,,False,<1.6.1 ,n/a
Malicious Package,coffescript,https://security.snyk.io/vuln/npm:coffescript:20171006,CVE-2017-16205,False,* ,n/a
Malicious Package,coffe-script,https://security.snyk.io/vuln/npm:coffe-script:20171006,CVE-2017-16203,False,* ,n/a
Malicious Package,cofeescript,https://security.snyk.io/vuln/npm:cofeescript:20171006,CVE-2017-16202,False,* ,n/a
Malicious Package,cofee-script,https://security.snyk.io/vuln/npm:cofee-script:20171006,CVE-2017-16206,False,* ,n/a
Arbitrary Code Execution,electron,https://security.snyk.io/vuln/npm:electron:20170927,CVE-2017-16151,False,<1.6.14 >=1.7.0 <1.7.8 >=1.8.0 <1.8.1 ,n/a
Regular Expression Denial of Service (ReDoS),method-override,https://security.snyk.io/vuln/npm:method-override:20170927,CVE-2017-16136,False,>1.0.2 <2.3.10 ,n/a
Denial of Service (DoS),superagent,https://security.snyk.io/vuln/npm:superagent:20170807,CVE-2017-16129,False,<3.7.0 ,n/a
Regular Expression Denial of Service (ReDoS),fresh,https://security.snyk.io/vuln/npm:fresh:20170908,CVE-2017-16119,False,<0.5.2 ,https://github.com/jshttp/fresh/commit/21a0f0c2a5f447e0d40bc16be0c23fa98a7b46ec
Regular Expression Denial of Service (ReDoS),forwarded,https://security.snyk.io/vuln/npm:forwarded:20170908,CVE-2017-16118,False,<0.1.2 ,n/a
Regular Expression Denial of Service (ReDoS),mime,https://security.snyk.io/vuln/npm:mime:20170907,CVE-2017-16138,False,<1.4.1 >=2.0.0 <2.0.3 ,https://github.com/broofa/node-mime/commit/1df903fdeb9ae7eaa048795b8d580ce2c98f40b0
Regular Expression Denial of Service (ReDoS),string,https://security.snyk.io/vuln/npm:string:20170907,CVE-2017-16116,False,* ,n/a
Regular Expression Denial of Service (ReDoS),slug,https://security.snyk.io/vuln/npm:slug:20170907,CVE-2017-16117,False,<0.9.2 ,https://github.com/zhuangya/node-slug/commit/e82fccc6b3d850227560db659b17df0e242ae51b
Regular Expression Denial of Service (ReDoS),timespan,https://security.snyk.io/vuln/npm:timespan:20170907,CVE-2017-16115,False,* ,n/a
Regular Expression Denial of Service (ReDoS),debug,https://security.snyk.io/vuln/npm:debug:20170905,CVE-2017-16137,False,>=1.0.0 <2.6.9 >=3.0.0 <3.1.0 ,n/a
Regular Expression Denial of Service (ReDoS),tough-cookie,https://security.snyk.io/vuln/npm:tough-cookie:20170905,CVE-2017-15010,False,<2.3.3 ,n/a
Regular Expression Denial of Service (ReDoS),marked,https://security.snyk.io/vuln/npm:marked:20170907,CVE-2017-16114,False,<0.3.9 ,n/a
Regular Expression Denial of Service (ReDoS),parsejson,https://security.snyk.io/vuln/npm:parsejson:20170908,CVE-2017-16113,False,* ,n/a
Malicious Package,pandora-doomsday,https://security.snyk.io/vuln/npm:pandora-doomsday:20170917,CVE-2017-16127,True,* ,n/a
Malicious Package,test-module-a,https://security.snyk.io/vuln/npm:test-module-a:20170917,,True,* ,n/a
Malicious Package,shrugging-logging,https://security.snyk.io/vuln/npm:shrugging-logging:20170917,,True,* ,n/a
Malicious Package,sdfjghlkfjdshlkjdhsfg,https://security.snyk.io/vuln/npm:sdfjghlkfjdshlkjdhsfg:20170917,,True,* ,n/a
Malicious Package,mktmpio,https://security.snyk.io/vuln/npm:mktmpio:20170917,,False,* ,n/a
Malicious Package,anarchy,https://security.snyk.io/vuln/npm:anarchy:20170917,,False,* ,n/a
Malicious Package,botbait,https://security.snyk.io/vuln/npm:botbait:20170917,CVE-2017-16126,False,* ,n/a
Malicious Package,ikst,https://security.snyk.io/vuln/npm:ikst:20170917,,False,* ,n/a
Malicious Package,subtitles-lib,https://security.snyk.io/vuln/npm:subtitles-lib:20170917,,False,* ,n/a
Malicious Package,npm_scripts_test_metrics,https://security.snyk.io/vuln/npm:npm_scripts_test_metrics:20170917,,False,* ,n/a
Malicious Package,npm-exploit,https://security.snyk.io/vuln/npm:npm-exploit:20170917,,False,* ,n/a
Malicious Package,deasyncp,https://security.snyk.io/vuln/npm:deasyncp:20170917,,False,* ,n/a
Malicious Package,maybemaliciouspackage,https://security.snyk.io/vuln/npm:maybemaliciouspackage:20170917,,False,* ,n/a
Malicious Package,harmlesspackage,https://security.snyk.io/vuln/npm:harmlesspackage:20170917,,False,* ,n/a
Regular Expression Denial of Service (ReDoS),content,https://security.snyk.io/vuln/npm:content:20170908,CVE-2017-16111,False,<3.0.6 ,n/a
Regular Expression Denial of Service (ReDoS),dns-sync,https://security.snyk.io/vuln/npm:dns-sync:20170909,CVE-2017-16100,False,* ,n/a
Regular Expression Denial of Service (ReDoS),charset,https://security.snyk.io/vuln/npm:charset:20170908,CVE-2017-16098,False,<1.0.1 ,n/a
Regular Expression Denial of Service (ReDoS),no-case,https://security.snyk.io/vuln/npm:no-case:20170908,CVE-2017-16099,False,<2.3.2 ,n/a
Sandbox Escaping,safe-eval,https://security.snyk.io/vuln/npm:safe-eval:20170830,CVE-2017-16088,False,<0.4.0 ,n/a
Arbitrary Command Injection,fs-git,https://security.snyk.io/vuln/npm:fs-git:20170601,CVE-2017-16087,False,<1.0.2 ,n/a
Regular Expression Denial of Service (ReDoS),ua-parser,https://security.snyk.io/vuln/npm:ua-parser:20170829,CVE-2017-16086,False,* ,n/a
Arbitrary Code Execution,pg,https://security.snyk.io/vuln/npm:pg:20170813,CVE-2017-16082,True,<2.11.2 >=3.0.0 <3.6.4 >=4.0.0 <4.5.7 >=5.0.0 <5.2.1 >=6.0.0 <6.0.5 >=6.1.0 <6.1.6 >=6.2.0 <6.2.5 >=6.3.0 <6.3.3 >=6.4.0 <6.4.2 >=7.0.0 <7.0.2 >=7.1.0 <7.1.2 ,n/a
Uninitialized Memory Exposure,mysql,https://security.snyk.io/vuln/npm:mysql:20170317,,False,<2.14.0 ,n/a
Denial of Service (DoS),js-quantities,https://security.snyk.io/vuln/npm:js-quantities:20161202,,False,<1.6.4 ,n/a
Out of Memory Crash,js-quantities,https://security.snyk.io/vuln/npm:js-quantities:20161111,,False,<1.7.0 ,https://github.com/gentooboontoo/js-quantities/commit/6a0be76dfdcc32eda984c9af68f0e997ea29a191
Cross-site Scripting (XSS),foundation-sites,https://security.snyk.io/vuln/npm:foundation-sites:20170802,,True,<6.0.0 ,n/a
Directory Traversal,xxf11,https://security.snyk.io/vuln/npm:xxf11:20170730,,True,* ,n/a
Malicious Package,tkinter,https://security.snyk.io/vuln/npm:tkinter:20170802,CVE-2017-16061,False,* ,n/a
Directory Traversal,srverqq,https://security.snyk.io/vuln/npm:srverqq:20170730,,True,* ,n/a
Malicious Package,sqlserver,https://security.snyk.io/vuln/npm:sqlserver:20170802,CVE-2017-16055,False,<= 1.0.2 ,n/a
Malicious Package,sqliter,https://security.snyk.io/vuln/npm:sqliter:20170802,CVE-2017-16051,False,<= 1.0.2 ,n/a
Malicious Package,sqlite.js,https://security.snyk.io/vuln/npm:sqlite.js:20170802,,False,<= 1.0.2 ,n/a
Malicious Package,smb,https://security.snyk.io/vuln/npm:smb:20170802,CVE-2017-16079,False,<= 1.0.2 ,n/a
Malicious Package,shadowsock,https://security.snyk.io/vuln/npm:shadowsock:20170802,CVE-2017-16078,False,<= 1.0.2 ,n/a
Directory Traversal,servergmf,https://security.snyk.io/vuln/npm:servergmf:20170730,,True,* ,n/a
Malicious Package,proxy.js,https://security.snyk.io/vuln/npm:proxy.js:20170802,,False,<= 1.0.2 ,n/a
Malicious Package,openssl.js,https://security.snyk.io/vuln/npm:openssl.js:20170802,,False,<= 1.0.2 ,n/a
Malicious Package,opencv.js,https://security.snyk.io/vuln/npm:opencv.js:20170802,,False,<= 1.0.2 ,n/a
Malicious Package,nodesqlite,https://security.snyk.io/vuln/npm:nodesqlite:20170802,CVE-2017-16049,False,<= 1.0.2 ,n/a
Malicious Package,nodesass,https://security.snyk.io/vuln/npm:nodesass:20170802,CVE-2017-16080,False,<= 1.0.2 ,n/a
Malicious Package,noderequest,https://security.snyk.io/vuln/npm:noderequest:20170802,CVE-2017-16073,False,<= 1.0.2 ,n/a
Malicious Package,nodemssql,https://security.snyk.io/vuln/npm:nodemssql:20170802,CVE-2017-16057,False,<= 1.0.2 ,n/a
Malicious Package,nodemailer.js,https://security.snyk.io/vuln/npm:nodemailer.js:20170802,,False,<= 1.0.2 ,n/a
Malicious Package,nodemailer-js,https://security.snyk.io/vuln/npm:nodemailer-js:20170802,CVE-2017-16071,False,<= 1.0.2 ,n/a
Malicious Package,nodeffmpeg,https://security.snyk.io/vuln/npm:nodeffmpeg:20170802,CVE-2017-16069,False,<= 1.0.2 ,n/a
Malicious Package,nodefabric,https://security.snyk.io/vuln/npm:nodefabric:20170802,CVE-2017-16054,False,<= 1.0.2 ,n/a
Malicious Package,nodecaffe,https://security.snyk.io/vuln/npm:nodecaffe:20170802,CVE-2017-16070,False,<= 1.0.2 ,n/a
Malicious Package,node-tkinter,https://security.snyk.io/vuln/npm:node-tkinter:20170802,CVE-2017-16062,False,* ,n/a
Malicious Package,node-sqlite,https://security.snyk.io/vuln/npm:node-sqlite:20170802,CVE-2017-16048,False,<= 1.0.2 ,n/a
Malicious Package,node-openssl,https://security.snyk.io/vuln/npm:node-openssl:20170802,CVE-2017-16064,False,<= 1.0.2 ,n/a
Malicious Package,node-opensl,https://security.snyk.io/vuln/npm:node-opensl:20170802,CVE-2017-16063,False,<= 1.0.2 ,n/a
Malicious Package,node-opencv,https://security.snyk.io/vuln/npm:node-opencv:20170802,CVE-2017-16067,False,<= 1.0.2 ,n/a
Malicious Package,node-fabric,https://security.snyk.io/vuln/npm:node-fabric:20170802,CVE-2017-16052,False,<= 1.0.2 ,n/a
Malicious Package,mysqljs,https://security.snyk.io/vuln/npm:mysqljs:20170802,CVE-2017-16047,False,<= 1.0.2 ,n/a
Malicious Package,mssql.js,https://security.snyk.io/vuln/npm:mssql.js:20170802,,False,<= 1.0.2 ,n/a
Malicious Package,mssql-node,https://security.snyk.io/vuln/npm:mssql-node:20170802,CVE-2017-16059,False,<= 1.0.2 ,n/a
Malicious Package,mongose,https://security.snyk.io/vuln/npm:mongose:20170802,CVE-2017-16077,False,<= 1.0.2 ,n/a
Malicious Package,mariadb,https://security.snyk.io/vuln/npm:mariadb:20170802,CVE-2017-16046,False,<= 1.0.2 ,n/a
Directory Traversal,lzl123,https://security.snyk.io/vuln/npm:lzl123:20170730,,True,* ,n/a
Directory Traversal,lihuini,https://security.snyk.io/vuln/npm:lihuini:20170730,,True,* ,n/a
Malicious Package,jquery.js,https://security.snyk.io/vuln/npm:jquery.js:20170802,,False,<= 1.0.2 ,n/a
Malicious Package,http-proxy.js,https://security.snyk.io/vuln/npm:http-proxy.js:20170802,,False,<= 1.0.2 ,n/a
Directory Traversal,hechatroom,https://security.snyk.io/vuln/npm:hechatroom:20170730,,True,* ,n/a
Malicious Package,gruntcli,https://security.snyk.io/vuln/npm:gruntcli:20170802,CVE-2017-16058,False,<= 1.0.2 ,n/a
Directory Traversal,ghod5servercs360,https://security.snyk.io/vuln/npm:ghod5servercs360:20170730,,True,* ,n/a
Malicious Package,ffmepg,https://security.snyk.io/vuln/npm:ffmepg:20170802,CVE-2017-16068,False,<= 1.0.2 ,n/a
Malicious Package,fabric-js,https://security.snyk.io/vuln/npm:fabric-js:20170802,CVE-2017-16053,False,<= 1.0.2 ,n/a
Malicious Package,d3.js,https://security.snyk.io/vuln/npm:d3.js:20170802,,False,<= 1.0.2 ,n/a
Directory Traversal,cxy,https://security.snyk.io/vuln/npm:cxy:20170730,,True,* ,n/a
Malicious Package,crossenv,https://security.snyk.io/vuln/npm:crossenv:20170802,CVE-2017-16074,False,<= 1.0.1 ,n/a
Malicious Package,cross-env.js,https://security.snyk.io/vuln/npm:cross-env.js:20170802,,False,<= 1.0.2 ,n/a
Malicious Package,babelcli,https://security.snyk.io/vuln/npm:babelcli:20170802,CVE-2017-16060,False,<= 1.0.0 ,n/a
Uninitialized Memory Exposure,openwhisk,https://security.snyk.io/vuln/npm:openwhisk:20170302,,False,<3.3.1 ,"https:\u002F\u002Fgithub.com\u002Fapache\u002Fincubator-openwhisk-client-js\u002Fcommit\u002F0e40671e75d2ec7e88fa39ef787526d4304f2aaa)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:g,disclosureTime:g,credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-OPENWHISK-10694""],CVE:[],CWE:[""CWE-201""],GHSA:[""GHSA-53mj-mc38-q894""],NSP:[600]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1\u002FAV:L\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:5.1,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fgithub.com\u002Fapache\u002Fincubator-openwhisk-client-js\""\u003Eopenwhisk\u003C\u002Fa\u003E JavaScript client library for the Apache OpenWhisk platform. \u003C\u002Fp\u003"
Directory Traversal,serverxxx,https://security.snyk.io/vuln/npm:serverxxx:20170612,CVE-2017-16182,True,* ,n/a
Directory Traversal,shenliru,https://security.snyk.io/vuln/npm:shenliru:20170612,CVE-2017-16161,True,* ,n/a
Directory Traversal,lab6drewfusbyu,https://security.snyk.io/vuln/npm:lab6drewfusbyu:20170612,CVE-2017-16141,True,* ,n/a
Directory Traversal,simple-npm-registry,https://security.snyk.io/vuln/npm:simple-npm-registry:20170612,CVE-2017-16132,True,* ,n/a
Directory Traversal,dcdcdcdcdc,https://security.snyk.io/vuln/npm:dcdcdcdcdc:20170617,CVE-2017-16190,True,* ,n/a
Directory Traversal,welcomyzt,https://security.snyk.io/vuln/npm:welcomyzt:20170617,CVE-2017-16123,True,* ,n/a
Directory Traversal,commentapp.stetsonwood,https://security.snyk.io/vuln/npm:commentapp.stetsonwood:20170617,,False,* ,n/a
Directory Traversal,section2.madisonjbrooks12,https://security.snyk.io/vuln/npm:section2.madisonjbrooks12:20170617,,False,* ,n/a
Directory Traversal,360class.jansenhm,https://security.snyk.io/vuln/npm:360class.jansenhm:20170617,,False,* ,n/a
Directory Traversal,susu-sum,https://security.snyk.io/vuln/npm:susu-sum:20170617,CVE-2017-16199,True,* ,n/a
Directory Traversal,caolilinode,https://security.snyk.io/vuln/npm:caolilinode:20170617,CVE-2017-16159,True,* ,n/a
Directory Traversal,http_static_simple,https://security.snyk.io/vuln/npm:http_static_simple:20170612,CVE-2017-16134,True,* ,n/a
Directory Traversal,serve46,https://security.snyk.io/vuln/npm:serve46:20170612,CVE-2017-16148,True,* ,n/a
Directory Traversal,cypserver,https://security.snyk.io/vuln/npm:cypserver:20170617,CVE-2017-16191,True,* ,n/a
Directory Traversal,goserv,https://security.snyk.io/vuln/npm:goserv:20170612,CVE-2017-16133,True,* ,n/a
Directory Traversal,chatbyvista,https://security.snyk.io/vuln/npm:chatbyvista:20170612,CVE-2017-16177,True,* ,n/a
Directory Traversal,yjmyjmyjm,https://security.snyk.io/vuln/npm:yjmyjmyjm:20170617,,True,* ,n/a
Resources Downloaded over Insecure Protocol,gfe-sass,https://security.snyk.io/vuln/npm:gfe-sass:20170706,CVE-2017-16040,False,* ,n/a
Resources Downloaded over Insecure Protocol,ikst,https://security.snyk.io/vuln/npm:ikst:20170706,CVE-2017-16041,False,<1.1.2 ,n/a
Uninitialized Memory Exposure,tunnel-agent,https://security.snyk.io/vuln/npm:tunnel-agent:20170305,,True,<0.6.0 ,https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0
Directory Traversal,koa-static-cache,https://security.snyk.io/vuln/npm:koa-static-cache:20170613,,False,<4.1.1 >=5.0.0 <5.1.1 ,n/a
Insecure Hashing Algorithm,contwidgetor,https://security.snyk.io/vuln/npm:contwidgetor:20170303,,False,* ,n/a
Resources Downloaded over Insecure Protocol,edp-package,https://security.snyk.io/vuln/npm:edp-package:20170330,,False,* ,n/a
Directory Traversal,web-debug,https://security.snyk.io/vuln/npm:web-debug:20170112,,False,* ,n/a
Directory Traversal,f2e-server,https://security.snyk.io/vuln/npm:f2e-server:20170418,CVE-2017-16038,False,<1.12.13 ,n/a
Timing Attack,http-signature,https://security.snyk.io/vuln/npm:http-signature:20150122,,False,<1.0.0 ,n/a
Cross-site Scripting (XSS),semantic-ui,https://security.snyk.io/vuln/npm:semantic-ui:20170130,,False,<2.2.8 ,n/a
Cross-site Scripting (XSS),semantic-ui,https://security.snyk.io/vuln/npm:semantic-ui:20140824,,False,<1.0.0 ,n/a
Cross-site Scripting (XSS),jstree,https://security.snyk.io/vuln/npm:jstree:20140710,,False,<3.0.3 ,n/a
Cross-site Scripting (XSS),express-graphql,https://security.snyk.io/vuln/npm:express-graphql:20160211,,False,<0.4.11 >=0.4.0 ,n/a
Authentication Bypass,crumb,https://security.snyk.io/vuln/npm:crumb:20150213,,False,<4.0.2 ,n/a
CRLF Injection,cordova-plugin-file-transfer,https://security.snyk.io/vuln/npm:cordova-plugin-file-transfer:20150826,CVE-2015-5204,False,<1.3.0 ,n/a
Authorization Bypass,cordova-ios,https://security.snyk.io/vuln/npm:cordova-ios:20141029,CVE-2015-5207,False,>=3.5.0 <4.0.0 ,n/a
Uninitialized Memory Exposure,floody,https://security.snyk.io/vuln/npm:floody:20160115,,True,<0.1.1 ,n/a
Arbitrary execution,cordova-ios,https://security.snyk.io/vuln/npm:cordova-ios:20141024,CVE-2015-5208,False,>=3.5.0 <4.0.0 ,n/a
Arbitrary Code Execution,cordova-android,https://security.snyk.io/vuln/npm:cordova-android:20151120-1,CVE-2015-5256,False,<4.1.1 ,n/a
Cross-site Scripting (XSS),cordova-android,https://security.snyk.io/vuln/npm:cordova-android:20140804,CVE-2014-3500,False,<3.5.1 ,n/a
Information Exposure,cordova-android,https://security.snyk.io/vuln/npm:cordova-android:20140804-2,CVE-2014-3502,False,<3.5.1 ,n/a
HTTP Whitelist Bypass,cordova-android,https://security.snyk.io/vuln/npm:cordova-android:20140804-1,CVE-2014-3501,False,<3.5.1 ,n/a
Insecure Randomness,cordova-android,https://security.snyk.io/vuln/npm:cordova-android:20151120,CVE-2015-8320,False,<3.7.1 ,n/a
Cross-site Scripting (XSS),next,https://security.snyk.io/vuln/npm:next:20170607,,False,<2.4.3 ,n/a
Directory Traversal,serve,https://security.snyk.io/vuln/npm:serve:20170601,,False,<5.2.0 >=5.2.1 <5.2.2 ,https://github.com/zeit/serve/commit/cb939b5bfbc5ef40717df6a53fbcc6adf1b325ac
Directory Traversal,next,https://security.snyk.io/vuln/npm:next:20170601,,False,<2.4.1 >=3.0.0-beta1 <3.0.0-beta7 ,https://github.com/zeit/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00
Directory Traversal,elding,https://security.snyk.io/vuln/npm:elding:20170525,CVE-2017-16222,True,* ,n/a
Directory Traversal,wffserve,https://security.snyk.io/vuln/npm:wffserve:20170525,CVE-2017-16168,True,* ,n/a
Directory Traversal,node-simple-router,https://security.snyk.io/vuln/npm:node-simple-router:20170523,CVE-2017-16083,True,<0.10.1 ,https:\u002F\u002Fgithub.com\u002Fsandy98\u002Fnode-simple-router\u002Fcommit\u002Fdfdd52e2e80607af433097d940b3834fd96df488)\
Directory Traversal,scott-blanch-weather-app,https://security.snyk.io/vuln/npm:scott-blanch-weather-app:20170505,CVE-2017-16184,True,* ,n/a
Directory Traversal,jikes,https://security.snyk.io/vuln/npm:jikes:20170518,CVE-2017-16139,True,* ,n/a
Directory Traversal,byucslabsix,https://security.snyk.io/vuln/npm:byucslabsix:20170525,CVE-2017-16166,True,* ,n/a
Directory Traversal,dmmcquay.lab6,https://security.snyk.io/vuln/npm:dmmcquay.lab6:20170525,,False,* ,n/a
Directory Traversal,citypredict.whauwiller,https://security.snyk.io/vuln/npm:citypredict.whauwiller:20170516,,False,* ,n/a
Arbitrary File Write,frvr,https://security.snyk.io/vuln/npm:frvr:20170511,,True,* ,n/a
Arbitrary File Write,innomon,https://security.snyk.io/vuln/npm:innomon:20170518,,True,* ,n/a
Arbitrary File Write,connect-parse-php,https://security.snyk.io/vuln/npm:connect-parse-php:20170511,,True,* ,n/a
Directory Traversal,hftp,https://security.snyk.io/vuln/npm:hftp:20170422,CVE-2017-16039,True,* ,n/a
Arbitrary File Write,mysql2csv,https://security.snyk.io/vuln/npm:mysql2csv:20170510,,True,* ,n/a
Directory Traversal,zjjserver,https://security.snyk.io/vuln/npm:zjjserver:20170509,CVE-2017-16201,True,* ,n/a
Directory Traversal,yzt,https://security.snyk.io/vuln/npm:yzt:20170509,CVE-2017-16221,True,* ,n/a
Directory Traversal,yyooopack,https://security.snyk.io/vuln/npm:yyooopack:20170516,CVE-2017-16167,True,* ,n/a
Directory Traversal,yttivy,https://security.snyk.io/vuln/npm:yttivy:20170521,CVE-2017-16219,True,* ,n/a
Directory Traversal,mfrs,https://security.snyk.io/vuln/npm:mfrs:20170427,CVE-2017-16193,True,* ,n/a
Directory Traversal,xtalk,https://security.snyk.io/vuln/npm:xtalk:20170418,CVE-2017-16091,True,* ,n/a
Directory Traversal,ltt,https://security.snyk.io/vuln/npm:ltt:20170503,CVE-2017-16212,True,* ,n/a
Directory Traversal,xiongrui-httpserver,https://security.snyk.io/vuln/npm:xiongrui-httpserver:20170504,,True,* ,n/a
Directory Traversal,ltt.js,https://security.snyk.io/vuln/npm:ltt.js:20170503,,False,* ,n/a
Arbitrary File Write,wisper,https://security.snyk.io/vuln/npm:wisper:20170509,,True,* ,n/a
Arbitrary File Write,thrushs,https://security.snyk.io/vuln/npm:thrushs:20170509,,True,* ,n/a
Directory Traversal,wintiwebdev,https://security.snyk.io/vuln/npm:wintiwebdev:20170521,CVE-2017-16181,True,* ,n/a
Directory Traversal,thrushs,https://security.snyk.io/vuln/npm:thrushs:20170427,,True,* ,n/a
Directory Traversal,wind-mvc,https://security.snyk.io/vuln/npm:wind-mvc:20170503,CVE-2017-16220,True,* ,n/a
Directory Traversal,whispercast,https://security.snyk.io/vuln/npm:whispercast:20170511,CVE-2017-16174,True,* ,n/a
Directory Traversal,rtcmulticonnection-client,https://security.snyk.io/vuln/npm:rtcmulticonnection-client:20170425,CVE-2017-16125,True,* ,n/a
Directory Traversal,weather.swlyons,https://security.snyk.io/vuln/npm:weather.swlyons:20170427,,False,* ,n/a
Arbitrary File Write,lam,https://security.snyk.io/vuln/npm:lam:20170510,,True,* ,n/a
Resources Downloaded over Insecure Protocol,given-html-report,https://security.snyk.io/vuln/npm:given-html-report:20170514,,False,* ,n/a
Directory Traversal,wangguojing123,https://security.snyk.io/vuln/npm:wangguojing123:20170518,CVE-2017-16150,True,* ,n/a
Directory Traversal,uv-tj-demo,https://security.snyk.io/vuln/npm:uv-tj-demo:20170509,CVE-2017-16200,True,* ,n/a
Arbitrary File Write,parse-ssi,https://security.snyk.io/vuln/npm:parse-ssi:20170518,,True,* ,n/a
Directory Traversal,utahcityfinder,https://security.snyk.io/vuln/npm:utahcityfinder:20170510,CVE-2017-16173,True,* ,n/a
Directory Traversal,unicorn-list,https://security.snyk.io/vuln/npm:unicorn-list:20170510,CVE-2017-16131,True,* ,n/a
Directory Traversal,uekw1511server,https://security.snyk.io/vuln/npm:uekw1511server:20170509,CVE-2017-16185,True,* ,n/a
Directory Traversal,tmock,https://security.snyk.io/vuln/npm:tmock:20170420,CVE-2017-16106,True,* ,n/a
Directory Traversal,wenluhong1,https://security.snyk.io/vuln/npm:wenluhong1:20170509,,True,* ,n/a
Directory Traversal,tinyserver2,https://security.snyk.io/vuln/npm:tinyserver2:20170503,CVE-2017-16085,True,<0.6.1 ,n/a
Directory Traversal,tiny-http,https://security.snyk.io/vuln/npm:tiny-http:20170418,CVE-2017-16097,True,* ,n/a
Directory Traversal,tencent-server,https://security.snyk.io/vuln/npm:tencent-server:20170503,CVE-2017-16216,True,* ,n/a
Directory Traversal,static-html-server,https://security.snyk.io/vuln/npm:static-html-server:20170418,CVE-2017-16152,True,* ,n/a
Directory Traversal,sspa,https://security.snyk.io/vuln/npm:sspa:20170510,CVE-2017-16145,True,* ,n/a
Directory Traversal,sly07,https://security.snyk.io/vuln/npm:sly07:20170518,CVE-2017-16189,True,* ,n/a
Directory Traversal,shit-server,https://security.snyk.io/vuln/npm:shit-server:20170511,CVE-2017-16147,True,* ,n/a
Directory Traversal,sgqserve,https://security.snyk.io/vuln/npm:sgqserve:20170518,CVE-2017-16215,True,* ,n/a
Directory Traversal,serverzyy,https://security.snyk.io/vuln/npm:serverzyy:20170430,CVE-2017-16135,True,* ,n/a
Directory Traversal,serveryztyzt,https://security.snyk.io/vuln/npm:serveryztyzt:20170516,CVE-2017-16103,True,* ,n/a
Directory Traversal,serveryaozeyan,https://security.snyk.io/vuln/npm:serveryaozeyan:20170504,CVE-2017-16096,True,* ,n/a
Directory Traversal,serverwzl,https://security.snyk.io/vuln/npm:serverwzl:20170511,CVE-2017-16105,True,* ,n/a
Directory Traversal,serverwg,https://security.snyk.io/vuln/npm:serverwg:20170511,CVE-2017-16101,True,* ,n/a
Directory Traversal,serverlyr,https://security.snyk.io/vuln/npm:serverlyr:20170518,CVE-2017-16089,True,* ,n/a
Directory Traversal,serverliujiayi1,https://security.snyk.io/vuln/npm:serverliujiayi1:20170518,CVE-2017-16095,True,* ,n/a
Directory Traversal,serverhuwenhui,https://security.snyk.io/vuln/npm:serverhuwenhui:20170516,CVE-2017-16102,True,* ,n/a
Directory Traversal,serverabc,https://security.snyk.io/vuln/npm:serverabc:20170518,CVE-2017-16180,True,* ,n/a
Directory Traversal,run-this-place,https://security.snyk.io/vuln/npm:run-this-place:20170508,,True,* ,n/a
Directory Traversal,ritp,https://security.snyk.io/vuln/npm:ritp:20170508,CVE-2017-16198,True,* ,n/a
Directory Traversal,reecerver,https://security.snyk.io/vuln/npm:reecerver:20170425,CVE-2017-16188,True,* ,n/a
Directory Traversal,quickserver,https://security.snyk.io/vuln/npm:quickserver:20170425,CVE-2017-16196,True,* ,n/a
Directory Traversal,qinserve,https://security.snyk.io/vuln/npm:qinserve:20170510,CVE-2017-16197,True,* ,n/a
Directory Traversal,pytservce,https://security.snyk.io/vuln/npm:pytservce:20170508,CVE-2017-16195,True,* ,n/a
Directory Traversal,picard,https://security.snyk.io/vuln/npm:picard:20170510,CVE-2017-16194,True,* ,n/a
Arbitrary Command Injection,pidusage,https://security.snyk.io/vuln/npm:pidusage:20170605,CVE-2017-16034,True,<1.1.5 ,"https://github.com/soyuka/pidusage/commit/b70eca15f7ca7f1b82a15f8a5d4bb48737f5a89d)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2017-06-07T12:36:55Z"",disclosureTime:""2017-06-05T21:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-PIDUSAGE-10633""],CVE:[""CVE-2017-1000220"",""CVE-2017-16034""],CWE:[""CWE-77""],GHSA:[""GHSA-hfq9-rfpv-j8r8""],NSP:[356]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C"",cvssScore:8.4,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""/vulns"",label:""Snyk Vulnerability Database""},{label:f,url:""/vulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview
"":""<p><a href=""https://www.npmjs.com/package/pidusage""><code>pidusage</code></a> is a package for Cross-platform process cpu % and memory usage of a PID"
Directory Traversal,peiserver,https://security.snyk.io/vuln/npm:peiserver:20170518,CVE-2017-16214,True,* ,n/a
Directory Traversal,open-device,https://security.snyk.io/vuln/npm:open-device:20170430,CVE-2017-16187,True,* ,n/a
Directory Traversal,nodeaaaaa,https://security.snyk.io/vuln/npm:nodeaaaaa:20170430,CVE-2017-16223,True,* ,n/a
Directory Traversal,node-server-forfront,https://security.snyk.io/vuln/npm:node-server-forfront:20170521,CVE-2017-16124,True,* ,n/a
Directory Traversal,zwserver,https://security.snyk.io/vuln/npm:zwserver:20170516,CVE-2017-16149,True,* ,n/a
Directory Traversal,myserver.alexcthomas18,https://security.snyk.io/vuln/npm:myserver.alexcthomas18:20170518,,False,* ,n/a
Directory Traversal,myprolyz,https://security.snyk.io/vuln/npm:myprolyz:20170505,CVE-2017-16156,True,* ,n/a
Directory Traversal,mockserve,https://security.snyk.io/vuln/npm:mockserve:20170423,CVE-2017-16146,True,* ,n/a
Directory Traversal,mfrserver,https://security.snyk.io/vuln/npm:mfrserver:20170505,CVE-2017-16213,True,* ,n/a
Directory Traversal,nodeload-nmickuli,https://security.snyk.io/vuln/npm:nodeload-nmickuli:20170418,,True,* ,n/a
Directory Traversal,looppake,https://security.snyk.io/vuln/npm:looppake:20170518,CVE-2017-16169,True,* ,n/a
Directory Traversal,liyujing,https://security.snyk.io/vuln/npm:liyujing:20170510,CVE-2017-16120,True,* ,n/a
Directory Traversal,liuyaserver,https://security.snyk.io/vuln/npm:liuyaserver:20170521,CVE-2017-16170,True,* ,n/a
Directory Traversal,lessindex,https://security.snyk.io/vuln/npm:lessindex:20170425,CVE-2017-16211,True,* ,n/a
Directory Traversal,lab6.brit95,https://security.snyk.io/vuln/npm:lab6.brit95:20170518,,False,* ,n/a
Directory Traversal,jn_jj_server,https://security.snyk.io/vuln/npm:jn_jj_server:20170422,CVE-2017-16210,True,* ,n/a
Directory Traversal,jansenstuffpleasework,https://security.snyk.io/vuln/npm:jansenstuffpleasework:20170518,CVE-2017-16176,True,* ,n/a
Directory Traversal,iter-server,https://security.snyk.io/vuln/npm:iter-server:20170511,CVE-2017-16183,True,* ,n/a
Directory Traversal,iter-http,https://security.snyk.io/vuln/npm:iter-http:20170418,CVE-2017-16094,True,* ,n/a
Directory Traversal,intsol-package,https://security.snyk.io/vuln/npm:intsol-package:20170511,CVE-2017-16178,True,* ,n/a
Directory Traversal,infraserver,https://security.snyk.io/vuln/npm:infraserver:20170518,CVE-2017-16142,True,* ,n/a
Resources Downloaded over Insecure Protocol,hubl-server,https://security.snyk.io/vuln/npm:hubl-server:20170605,CVE-2017-16035,False,* ,n/a
Directory Traversal,hcbserver,https://security.snyk.io/vuln/npm:hcbserver:20170429,CVE-2017-16171,True,* ,n/a
Directory Traversal,gomeplus-h5-proxy,https://security.snyk.io/vuln/npm:gomeplus-h5-proxy:20170429,CVE-2017-16037,True,* ,n/a
Directory Traversal,getcityapi.yoehoehne,https://security.snyk.io/vuln/npm:getcityapi.yoehoehne:20170518,,False,* ,n/a
Directory Traversal,gaoxuyan,https://security.snyk.io/vuln/npm:gaoxuyan:20170505,CVE-2017-16153,True,* ,n/a
Directory Traversal,gaoxiaotingtingting,https://security.snyk.io/vuln/npm:gaoxiaotingtingting:20170510,CVE-2017-16108,True,* ,n/a
Directory Traversal,fsk-server,https://security.snyk.io/vuln/npm:fsk-server:20170419,CVE-2017-16090,True,* ,n/a
Directory Traversal,fbr-client,https://security.snyk.io/vuln/npm:fbr-client:20170510,CVE-2017-16217,True,* ,n/a
Directory Traversal,fast-http-cli,https://security.snyk.io/vuln/npm:fast-http-cli:20170418,CVE-2017-16155,True,* ,n/a
Directory Traversal,exxxxxxxxxxx,https://security.snyk.io/vuln/npm:exxxxxxxxxxx:20170510,CVE-2017-16130,True,* ,n/a
Directory Traversal,ewgaddis.lab6,https://security.snyk.io/vuln/npm:ewgaddis.lab6:20170510,,False,* ,n/a
Directory Traversal,enserver,https://security.snyk.io/vuln/npm:enserver:20170516,CVE-2017-16209,True,* ,n/a
Directory Traversal,easyquick,https://security.snyk.io/vuln/npm:easyquick:20170418,CVE-2017-16109,True,* ,n/a
Directory Traversal,earlybird,https://security.snyk.io/vuln/npm:earlybird:20170418,CVE-2017-16154,True,* ,n/a
Directory Traversal,dylmomo,https://security.snyk.io/vuln/npm:dylmomo:20170518,CVE-2017-16163,True,* ,n/a
Directory Traversal,dgard8.lab6,https://security.snyk.io/vuln/npm:dgard8.lab6:20170516,,False,* ,n/a
Directory Traversal,desafio,https://security.snyk.io/vuln/npm:desafio:20170429,CVE-2017-16164,True,* ,n/a
Directory Traversal,dcserver,https://security.snyk.io/vuln/npm:dcserver:20170516,CVE-2017-16158,True,* ,n/a
Directory Traversal,datachannel-client,https://security.snyk.io/vuln/npm:datachannel-client:20170418,CVE-2017-16121,True,* ,n/a
Directory Traversal,dasafio,https://security.snyk.io/vuln/npm:dasafio:20170509,CVE-2017-16179,True,* ,n/a
Directory Traversal,cyber-js,https://security.snyk.io/vuln/npm:cyber-js:20170418,CVE-2017-16093,True,* ,n/a
Directory Traversal,cuciuci,https://security.snyk.io/vuln/npm:cuciuci:20170511,CVE-2017-16122,True,* ,n/a
Resources Downloaded over Insecure Protocol,craft-ai-icons,https://security.snyk.io/vuln/npm:craft-ai-icons:20170514,,False,* ,n/a
Directory Traversal,city-weather-abe,https://security.snyk.io/vuln/npm:city-weather-abe:20170521,,True,* ,n/a
Directory Traversal,censorify.tanisjr,https://security.snyk.io/vuln/npm:censorify.tanisjr:20170509,,False,* ,n/a
Directory Traversal,calmquist.static-server,https://security.snyk.io/vuln/npm:calmquist.static-server:20170516,,False,* ,n/a
Directory Traversal,badjs-sourcemap-server,https://security.snyk.io/vuln/npm:badjs-sourcemap-server:20170418,CVE-2017-16036,True,* ,n/a
Directory Traversal,22lixian,https://security.snyk.io/vuln/npm:22lixian:20170511,CVE-2017-16162,True,* ,n/a
Directory Traversal,11xiaoli,https://security.snyk.io/vuln/npm:11xiaoli:20170509,CVE-2017-16160,True,* ,n/a
Resources Downloaded over Insecure Protocol,rocketmake-nuget,https://security.snyk.io/vuln/npm:rocketmake-nuget:20170514,,False,* ,n/a
Uninitialized Memory Exposure,ip,https://security.snyk.io/vuln/npm:ip:20170304,,False,<1.1.5 ,https://github.com/indutny/node-ip/commit/b2b4469255a624619bda71e52fd1f05dc0dd621f
Cross-site Scripting (XSS),rendr-handlebars,https://security.snyk.io/vuln/npm:rendr-handlebars:20140722,,False,<1.0.0 ,https://github.com/rendrjs/rendr-handlebars/commit/f1ee88e36318175b401b743ed00379e8bc63ea8c
Cross-site Scripting (XSS),octotree,https://security.snyk.io/vuln/npm:octotree:20140514,,False,<1.1 ,https://github.com/buunguyen/octotree/commit/a1e8a63ca894d4ecc58ba722727ca8b3c1a2128d
Man-in-the-Middle (MitM),hotel,https://security.snyk.io/vuln/npm:hotel:20160322,,False,* ,n/a
Cross-site Scripting (XSS),octotree,https://security.snyk.io/vuln/npm:octotree:20160613,,False,<2.0.11 ,n/a
Cross-site Scripting (XSS),ghost,https://security.snyk.io/vuln/npm:ghost:20170110,,False,<0.11.4 >=0.8.0 ,https://github.com/TryGhost/Ghost/commit/32b9fc71a7f1400acff1f2446167b6c852769843
Cross-site Scripting (XSS),ghost,https://security.snyk.io/vuln/npm:ghost:20161007,,False,<1.0.0-alpha.5 >=1.0.0-alpha.1 >=0.8.0 < 0.11.2 ,https://github.com/TryGhost/Ghost/commit/03e4acdb374ce5067ce630b40f95743ca3e1ef21
Open Redirect,ghost,https://security.snyk.io/vuln/npm:ghost:20160823,,False,<0.10.0 ,https://github.com/TryGhost/Ghost/commit/f546a5ce1d2dd7a018eeaf0413a23d71155f0869
Information Exposure,ghost,https://security.snyk.io/vuln/npm:ghost:20150303,CVE-2015-1411,False,<0.5.9 ,n/a
Denial of Service (DoS),ghost,https://security.snyk.io/vuln/npm:ghost:20150303-5,CVE-2015-1407,False,<0.5.9 ,n/a
Authentication Bypass,ghost,https://security.snyk.io/vuln/npm:ghost:20150303-4,CVE-2015-1409,False,<0.5.9 ,n/a
Authentication Bypass,ghost,https://security.snyk.io/vuln/npm:ghost:20150303-3,CVE-2015-1408,False,<0.5.9 ,n/a
Cross-site Scripting (XSS),ghost,https://security.snyk.io/vuln/npm:ghost:20150303-2,CVE-2015-1406,False,<0.5.9 ,n/a
Identity Spoofing,ghost,https://security.snyk.io/vuln/npm:ghost:20150303-1,CVE-2015-1410,False,<0.5.9 ,n/a
Cross-site Scripting (XSS),easyxdm,https://security.snyk.io/vuln/npm:easyxdm:20130110,CVE-2014-1403,False,<2.4.19 ,https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13
Cross-site Scripting (XSS),bootstrap-markdown,https://security.snyk.io/vuln/npm:bootstrap-markdown:20140826,,False,* ,n/a
Arbitrary Command Execution,windows-cpu,https://security.snyk.io/vuln/npm:windows-cpu:20170417,CVE-2017-1000219,False,* ,n/a
Regular Expression Denial of Service (ReDoS),amqp-match,https://security.snyk.io/vuln/npm:amqp-match:20170515,,True,* ,n/a
Regular Expression Denial of Service (ReDoS),ms,https://security.snyk.io/vuln/npm:ms:20170412,,False,>=0.7.1 <2.0.0 ,"https:\u002F\u002Fgithub.com\u002Fzeit\u002Fms\u002Fpull\u002F89\u002Fcommits\u002F305f2ddcd4eff7cc7c518aca6bb2b2d2daad8fef)"",severity:""low"",packageName:d,packageManager:e,publicationTime:""2017-05-15T06:02:45Z"",disclosureTime:""2017-04-11T21:00:00Z"",credit:[f],identifiers:{ALTERNATIVE:[""SNYK-JS-MS-10509""],CVE:[],CWE:[""CWE-400""]},semver:{vulnerable:[""\u003E=0.7.1 \u003C2.0.0""]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L"",cvssScore:3.7,language:""js"",socialTrendAlert:g,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:e,url:""\u002Fvulns?type=npm""},{label:d,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fms\""\u003E\u003Ccode\u003Ems\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is a tiny millisecond conversion utility.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),riot,https://security.snyk.io/vuln/npm:riot:20131114,,False,<0.9.6 ,https://github.com/riot/riot/commit/759fc7fac07cc700302ac47c2c9dd80daa55d567
Cross-site Scripting (XSS),rendr,https://security.snyk.io/vuln/npm:rendr:20160311,,False,<1.1.4 >=0.4.0 ,https://github.com/rendrjs/rendr/commit/d712bd5c3a5a9f5150153dec8555b06ee30680f7
Cross-site Scripting (XSS),rendr,https://security.snyk.io/vuln/npm:rendr:20131212,,False,<0.5.0-rc1 ,https://github.com/rendrjs/rendr/commit/dc0a80f8c6cfed474964e097bc80b16958305bfc
Cross-site Scripting (XSS),ql.io-engine,https://security.snyk.io/vuln/npm:ql.io-engine:20120214,,False,<0.4.2 ,n/a
Cross-site Scripting (XSS),polyfill-service,https://security.snyk.io/vuln/npm:polyfill-service:20160126,,False,<3.1.2 ,https://github.com/financial-times/polyfill-service/commit/aadd8d08b50f7f9c02b431d06f6ee2158902c53c
Information Exposure,nforce,https://security.snyk.io/vuln/npm:nforce:20131218,,False,<0.6.1 ,https://github.com/kevinohara80/nforce/pull/33/commits/584ebd7ebb795dca9849f8f85ce0d2778c431aa3
Regular Expression Denial of Service (ReDoS),uikit,https://security.snyk.io/vuln/npm:uikit:20160701,,False,>=2.0.0 <2.26.4 ,https://github.com/uikit/uikit/commit/aabd2bf61615fdb25c729a836148aaa4549e9a8b
Cross-site Scripting (XSS),mediaelement,https://security.snyk.io/vuln/npm:mediaelement:20170208,,False,>=3.0.0 <3.1.2 ,https://github.com/johndyer/mediaelement/commit/fd88ce0e2fab8e02f8ab8e00a0b2bfc5769966cf
Cross-site Scripting (XSS),fullpage.js,https://security.snyk.io/vuln/npm:fullpage.js:20151207,,False,<2.7.6 ,n/a
Cross-site Scripting (XSS),favico.js,https://security.snyk.io/vuln/npm:favico.js:20150907,,False,<0.3.10 ,n/a
Cross-site Request Forgery (CSRF),eslint_d,https://security.snyk.io/vuln/npm:eslint_d:20160723,,False,<4.0.1 >=4.0.0 <3.1.2 ,https://github.com/mantoni/eslint_d.js/commit/61a76cec941af9b05c3b907b4883d4c89c77a9f4
Cross-site Scripting (XSS),datatables,https://security.snyk.io/vuln/npm:datatables:20151106,,False,<1.10.10 >=1.10.1 ,https://github.com/DataTables/DataTables/commit/6f67df2d21f9858ec40a6e9565c3a653cdb691a6
Information Exposure,brunch,https://security.snyk.io/vuln/npm:brunch:20130925,,False,<1.7.7 >=1.7.0 ,https://github.com/brunch/brunch/commit/343b4848283685e4ca644cf23a3c40196b86166e
Cross-site Scripting (XSS),actionhero,https://security.snyk.io/vuln/npm:actionhero:20161027,,False,<15.1.2 >=13.0.0 ,https://github.com/actionhero/actionhero/commit/f9f5d92f7c50a6dad38f558bd0a207b18e3580c1
Directory Traversal,actionhero,https://security.snyk.io/vuln/npm:actionhero:20121127,,False,<4.0.0 >=1.0.2 ,https://github.com/actionhero/actionhero/commit/76e7429633de6df5078f2d3f0e2550bc755d7bb1
Cross-site Scripting (XSS),mediaelement,https://security.snyk.io/vuln/npm:mediaelement:20160504,CVE-2016-4567,False,>=2.17.0 <2.21.0 ,https://github.com/contao/core/commit/4d42a56531c82598436d5102fac94721ea99ad49
Arbitrary Code Injection,growl,https://security.snyk.io/vuln/npm:growl:20160721,CVE-2017-16042,False,<1.10.0 ,https://github.com/tj/node-growl/commit/d71177d5331c9de4658aca62e0ac921f178b0669
Directory Traversal,sencisho,https://security.snyk.io/vuln/npm:sencisho:20170418,CVE-2017-16092,False,<0.3.3 ,https://github.com/julien/sencisho/commit/4254c85823fd0bbb0e8a53dc5a8e4f126639893d
Resources Downloaded over Insecure Protocol,ec2-price,https://security.snyk.io/vuln/npm:ec2-price:20170418,,False,<0.5.0 ,https://github.com/toshimaru/ec2-price/commit/45fe7ec0ed9600d324a47d9161741b3571242693
Directory Traversal,guaycuru,https://security.snyk.io/vuln/npm:guaycuru:20170418,,False,<0.2.4 ,https://github.com/sandy98/guaycuru/commit/7b64c9cb13dca0d4ad40fd37158dbe31dd59a0d0
Arbitrary Code Injection,protojs,https://security.snyk.io/vuln/npm:protojs:20160407,,False,<1.0.6 ,https://github.com/milojs/proto/pull/2/commits/10adbec293e7dfdb2e9e565bfd77187cf0373cbe
Arbitrary Code Injection,microservicebus.node,https://security.snyk.io/vuln/npm:microservicebus.node:20160408,,False,<0.4.3 ,n/a
Arbitrary Code Injection,mongo-parse,https://security.snyk.io/vuln/npm:mongo-parse:20160408,,False,* ,n/a
Arbitrary Code Injection,mongo-edit,https://security.snyk.io/vuln/npm:mongo-edit:20160408,,False,* ,n/a
Arbitrary Code Injection,kmc,https://security.snyk.io/vuln/npm:kmc:20160407,,False,* ,n/a
Arbitrary Code Injection,mongui,https://security.snyk.io/vuln/npm:mongui:20160408,,False,* ,n/a
Arbitrary Code Injection,mock2easy,https://security.snyk.io/vuln/npm:mock2easy:20160408,,False,* ,n/a
Arbitrary Code Injection,mongoosemask,https://security.snyk.io/vuln/npm:mongoosemask:20160408,,False,* ,n/a
Arbitrary Code Injection,mongoosify,https://security.snyk.io/vuln/npm:mongoosify:20160408,,False,<0.0.4 ,https://github.com/nanachimi/mongoosify/commit/e755e676fbac7000d498a819116437964b1351a3
Arbitrary Code Injection,nd-validator,https://security.snyk.io/vuln/npm:nd-validator:20160408,,False,* ,n/a
Arbitrary Code Injection,m-log,https://security.snyk.io/vuln/npm:m-log:20160408,,False,* ,https://github.com/m-prj/m-log/pull/1/commits/ee1a08f25555201001dee497addeae9d1705226a
Arbitrary Code Injection,modjs,https://security.snyk.io/vuln/npm:modjs:20160407,,False,* ,n/a
Arbitrary Code Injection,modulify,https://security.snyk.io/vuln/npm:modulify:20160407,,False,* ,n/a
Arbitrary Code Injection,nameless-cli,https://security.snyk.io/vuln/npm:nameless-cli:20160408,,False,* ,n/a
Arbitrary Code Injection,m2m-supervisor,https://security.snyk.io/vuln/npm:m2m-supervisor:20160408,,False,* ,n/a
Arbitrary Code Injection,mobile-icon-resizer,https://security.snyk.io/vuln/npm:mobile-icon-resizer:20160408,,False,<0.4.3 ,https://github.com/muzzley/mobile-icon-resizer/commit/a6c50f884bd282d74ab77e1fce6317d5d0dd2f0f
Arbitrary Code Injection,mixin-pro,https://security.snyk.io/vuln/npm:mixin-pro:20160407,,False,<0.6.7 ,https://github.com/floatinghotpot/mixin-pro/commit/8bb355209f0a082d24b04355b3e8051a6455454f
Regular Expression Denial of Service (ReDoS),brace-expansion,https://security.snyk.io/vuln/npm:brace-expansion:20170302,CVE-2017-18077,False,<1.1.7 ,"https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2017-04-26T09:19:21Z"",disclosureTime:""2017-03-01T22:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-BRACEEXPANSION-10483""],CVE:[""CVE-2017-18077""],CWE:[""CWE-400""],GHSA:[""GHSA-832h-xg76-4gv6""],NSP:[338]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"",cvssScore:6.2,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""/vulns"",label:""Snyk Vulnerability Database""},{label:f,url:""/vulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview
"":""<p><a href=""https://www.npmjs.com/package/brace-expansion""><code>brace-expansion</code></a> is a package that performs brace expansion as known from sh/bash"
Directory Traversal,pooledwebsocket,https://security.snyk.io/vuln/npm:pooledwebsocket:20170420,CVE-2017-16107,False,<0.0.18 ,https://github.com/Eeems/PooledWebSocket/commit/7b3b4e5c6be6d8a964296fa3c50e38dc07e9701d
Directory Traversal,list-n-stream,https://security.snyk.io/vuln/npm:list-n-stream:20170418,CVE-2017-16084,True,<0.0.11 ,https:\u002F\u002Fgithub.com\u002FKoryNunn\u002Flist-n-stream\u002Fcommit\u002F99b0b40b34aaedfcdf25da46bef0a06b9c47fb59)\
Resources Downloaded over Insecure Protocol,nodux-core,https://security.snyk.io/vuln/npm:nodux-core:20170424,,True,<0.0.18 ,https://github.com/davidmarkclements/nodux-core/commit/06787343a2a9bd1b37820d69a46022f5a7af3b86
Cross-site Scripting (XSS),dompurify,https://security.snyk.io/vuln/npm:dompurify:20170421,,False,<0.8.6 ,https://github.com/cure53/DOMPurify/commit/27908090e4a2d0a75f15924d68bed07ea5e52998
Cross-site Scripting (XSS),dompurify,https://security.snyk.io/vuln/npm:dompurify:20160412,,False,>=0.7.3 <0.8.0 ,https://github.com/cure53/DOMPurify/commit/6eccdd38fc11bc6df22386700ec2278cb743f8eb
Cross-site Scripting (XSS),dompurify,https://security.snyk.io/vuln/npm:dompurify:20150217,,False,<0.6.1 >=0.4.0 ,https://github.com/cure53/DOMPurify/commit/16e431f9749c7bc8c4e9ed438df1098d57b3aa2f
Cross-site Scripting (XSS),dompurify,https://security.snyk.io/vuln/npm:dompurify:20141008,,False,<0.4.4 ,https://github.com/cure53/DOMPurify/commit/4817f34ac0d413c002adb03d14da169f71057771
Insecure Defaults,dompurify,https://security.snyk.io/vuln/npm:dompurify:20140308,,False,<0.3 ,https://github.com/cure53/DOMPurify/commit/78037ea4db57daba7e171242378d3d97c517dd08
Regular Expression Denial of Service (ReDoS),decamelize,https://security.snyk.io/vuln/npm:decamelize:20151223,CVE-2017-16023,False,>=1.1.0 <1.1.2 ,https://github.com/sindresorhus/decamelize/commit/76d47d8de360afb574da2e34db87430ce11094e0
Regular Expression Denial of Service (ReDoS),useragent,https://security.snyk.io/vuln/npm:useragent:20170206,CVE-2017-16030,False,<2.1.12 ,https://github.com/3rd-Eden/useragent/commit/64b15c9446a24abd9f52ed4ceb970f1a5cf790dd
Regular Expression Denial of Service (ReDoS),uri-js,https://security.snyk.io/vuln/npm:uri-js:20160804,CVE-2017-16021,False,<3.0.0 ,n/a
Insecure use of Tmp files,sync-exec,https://security.snyk.io/vuln/npm:sync-exec:20160124,CVE-2017-16024,False,* ,n/a
Cross-site Scripting (XSS),sanitize-html,https://security.snyk.io/vuln/npm:sanitize-html:20140717,CVE-2017-16017,False,<1.2.3 ,n/a
Denial of Service (DoS),nes,https://security.snyk.io/vuln/npm:nes:20170127,CVE-2017-16025,False,<6.4.1 ,https://github.com/hapijs/nes/commit/249ba1755ed6977fbc208463c87364bf884ad655
Cross-site Scripting (XSS),morris.js,https://security.snyk.io/vuln/npm:morris.js:20140717,,False,<=0.5.0 ,n/a
Unsafe use of eval(),summit,https://security.snyk.io/vuln/npm:summit:20160408,CVE-2017-16020,False,>=0.1.0 ,n/a
Insecure Randomness,react-native-meteor-oauth,https://security.snyk.io/vuln/npm:react-native-meteor-oauth:20170414,CVE-2017-16028,False,* ,https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66
Cross-site Scripting (XSS),forms,https://security.snyk.io/vuln/npm:forms:20161116,CVE-2017-16015,False,<1.3.0 ,https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d
Cross-site Scripting (XSS),sanitize-html,https://security.snyk.io/vuln/npm:sanitize-html:20161026,CVE-2017-16016,True,<1.11.4 ,https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403
Cross-site Scripting (XSS),bootstrap,https://security.snyk.io/vuln/npm:bootstrap:20120510,,True,<2.1.0 ,https://github.com/twbs/bootstrap/commit/f836473129819c2e348f821ed268451b9b8bf2e4
Denial of Service (DoS),hapi,https://security.snyk.io/vuln/npm:hapi:20170331,CVE-2017-16013,False,<16.1.1 >=15.0.0 ,https://github.com/hapijs/hapi/commit/770cc7bad15122f796d938738b7c05b66d2f4b7f
Denial of Service (DoS),share,https://security.snyk.io/vuln/npm:share:20130612,,False,<0.7.0-alpha8 >=0.6.0 ,https://github.com/josephg/ShareJS/commit/9291e9b1d2593565fdba6d45b96cd58b62d9b178
Arbitrary Code Execution,nodebb,https://security.snyk.io/vuln/npm:nodebb:20161120,,False,>=0.4.3 <1.4.1 ,https://github.com/NodeBB/NodeBB/commit/e028ac13639faf703922ce3ed728a85d2e27655e
Cross-site Scripting (XSS),nodebb,https://security.snyk.io/vuln/npm:nodebb:20150413,,False,>=0.6.1 <0.7.0 ,https://github.com/NodeBB/NodeBB/commit/1910fdb977068d3f70f9b138175990bcc7910840
Insecure Defaults,faye,https://security.snyk.io/vuln/npm:faye:20121107,CVE-2011-3389,False,<0.8.9 >=0.5.0 ,https:\u002F\u002Fgithub.com\u002Ffaye\u002Ffaye\u002Fcommit\u002Fe407e08c68dd885896552b59ce65503be85030ad)\
Cross-site Scripting (XSS),jspdf,https://security.snyk.io/vuln/npm:jspdf:20140327,,False,<1.1.135 ,"https://github.com/MrRio/jsPDF/commit/626567755ca1ed35295fd75c2a70654449332468)"",severity:""medium"",packageName:f,packageManager:g,publicationTime:""2017-03-28T08:29:28Z"",disclosureTime:""2014-03-26T22:00:00Z"",credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-JSPDF-10451""],CVE:[],CWE:[""CWE-79""]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"",cvssScore:6.5,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""/vulns"",label:""Snyk Vulnerability Database""},{label:g,url:""/vulns?type=npm""},{label:f,testHook:""filter""}],vulnDescription:{""Overview
"":""<p><a href=""https://www.npmjs.com/package/jspdf""><code>jspdf</code></a> is a PDF Document creation from JavaScript"
Timing Attack,generator-jhipster,https://security.snyk.io/vuln/npm:generator-jhipster:20151006,,False,>=2.0.1 <2.23.0 ,https://github.com/jhipster/generator-jhipster/commit/79fe5626cb1bb80f9ac86cf46980748e65d2bdbc
Mishandled Logout Function,generator-jhipster,https://security.snyk.io/vuln/npm:generator-jhipster:20140428,,False,>=0.3.1 <0.14.0 ,https://github.com/jhipster/generator-jhipster/commit/9e14c6a890f9801ea413b989f16698d240c6390c
Open Redirect,keystone,https://security.snyk.io/vuln/npm:keystone:20140316,,False,>=0.2.7 <0.3.6 ,https://github.com/keystonejs/keystone/commit/d06a688e36bfb95c88336659fee9be10416ce46b
HTML Injection,ag-grid,https://security.snyk.io/vuln/npm:ag-grid:20160519,,False,>=3.3.0 <5.0.0-alpha.0 ,https:\u002F\u002Fgithub.com\u002Fceolter\u002Fag-grid\u002Fcommit\u002F828cdcf68aa9c766439448db50b696b87e1d4962)\
Elliptic Curve Key Disclosure,node-jose,https://security.snyk.io/vuln/npm:node-jose:20170313,CVE-2017-16007,True,<0.9.3 ,https://github.com/cisco/node-jose/pull/88/commits/a994629b4b389dd38dba013cdd4753dad854524f
Arbitrary File Upload,youtransfer,https://security.snyk.io/vuln/npm:youtransfer:20160710,,False,* ,n/a
Cross-site Scripting (XSS),wysihtml,https://security.snyk.io/vuln/npm:wysihtml:20121229,,False,<0.4.0 ,https://github.com/Voog/wysihtml/commit/34ebe36a3d6b070883f9315fa3097f7598ed11e9
Cross-site Scripting (XSS),zeroclipboard,https://security.snyk.io/vuln/npm:zeroclipboard:20140131,CVE-2014-1869,False,>=1.0.7 <1.3.2 ,"https:\u002F\u002Fgithub.com\u002Fzeroclipboard\u002Fzeroclipboard\u002Fcommit\u002F2f9eb9750a433965572d047e24b0fc78fd1415ca)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2017-03-13T08:00:23Z"",disclosureTime:""2014-01-30T22:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-ZEROCLIPBOARD-10428""],CVE:[""CVE-2014-1869""],CWE:[""CWE-79""]},semver:{vulnerable:[""\u003E=1.0.7 \u003C1.3.2""]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N"",cvssScore:4.3,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fzeroclipboard\""\u003E\u003Ccode\u003Ezeroclipboard\u003C\u002Fcode\u003E\u003C\u002Fa\u003E  Affected versions of the package are vulnerable to Cross-site Scripting (XSS). This allows remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),zeroclipboard,https://security.snyk.io/vuln/npm:zeroclipboard:20120528,CVE-2012-6550,False,<1.1.4 ,https:\u002F\u002Fgithub.com\u002Fzeroclipboard\u002Fzeroclipboard\u002Fcommit\u002F51b67b6d696f62aaf003210c08542588222c4913)\
Cross-site Scripting (XSS),vega,https://security.snyk.io/vuln/npm:vega:20151121,,False,<2.4.0 ,https://github.com/vega/vega/compare/d778748acd9833e77d7b8380d3402d305b16c9e8...c97316c4462cde93297e0c7e861873131da8fb54
Cross-site Scripting (XSS),squire-rte,https://security.snyk.io/vuln/npm:squire-rte:20160606,,False,<1.6.0 ,https://github.com/neilj/Squire/commit/bd4d377cf0c836f81ecf30b76bbdf7fc454bb0be
Cross-site Scripting (XSS),reveal.js,https://security.snyk.io/vuln/npm:reveal.js:20131024,,False,<2.6.0 ,n/a
Cross-site Scripting (XSS),rethinkdb,https://security.snyk.io/vuln/npm:rethinkdb:20150514,,False,<2.1.0 >=1.2.0 ,https://github.com/rethinkdb/rethinkdb/commit/439f0fa2224adc53a094c857f391c618a2526aa7
Information Exposure,rethinkdb,https://security.snyk.io/vuln/npm:rethinkdb:20150514-1,,False,<2.1.0 >=1.2.0 ,https://github.com/rethinkdb/rethinkdb/commit/439f0fa2224adc53a094c857f391c618a2526aa7
SQL Injection,pouchdb,https://security.snyk.io/vuln/npm:pouchdb:20131221,,False,<1.1.0 ,https://github.com/pouchdb/pouchdb/commit/59b1f9e003b9858796bbbe7f5f476b3cba527c26
Cross-site Scripting (XSS),knockout,https://security.snyk.io/vuln/npm:knockout:20130701,,False,>=2.1.0-pre <3.0.0 ,https://github.com/knockout/knockout/commit/0f6e3c9dcc7df4a1b8e8b7c4ec3d5b8c5eb4e4c2
Cross-site Scripting (XSS),foundation-sites,https://security.snyk.io/vuln/npm:foundation-sites:20120717,,False,>=3.0.0 <3.0.6 ,"https:\u002F\u002Fgithub.com\u002Fzurb\u002Ffoundation-sites\u002Fcommit\u002Ff3b408c955011cf19c69be3e5a3c582ced5fd24c)"",severity:""medium"",packageName:f,packageManager:g,publicationTime:""2017-03-13T08:00:22Z"",disclosureTime:""2012-07-16T21:00:00Z"",credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-FOUNDATIONSITES-10413""],CVE:[],CWE:[""CWE-79""]},semver:{vulnerable:[""\u003E=3.0.0 \u003C3.0.6""]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N"",cvssScore:6.5,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:g,url:""\u002Fvulns?type=npm""},{label:f,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Ffoundation-sites\""\u003E\u003Ccode\u003Efoundation-sites\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is an advanced responsive front-end framework.\u003C\u002Fp\u003"
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/npm:swagger-ui:20160901,,False,<2.2.3 ,https://github.com/swagger-api/swagger-ui/commit/f87eaaa81073a61e30ff0cedee4fd9cd2dd1fca9
Cross-site Scripting (XSS),foundation-sites,https://security.snyk.io/vuln/npm:foundation-sites:20150619,,False,<5.5.3 ,"https:\u002F\u002Fgithub.com\u002Fzurb\u002Ffoundation-sites\u002Fcommit\u002Fbf57af9429fbe5e4b18e32e951504136df996e10)"",severity:""medium"",packageName:f,packageManager:g,publicationTime:""2017-03-13T08:00:22Z"",disclosureTime:""2015-06-18T21:00:00Z"",credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-FOUNDATIONSITES-10414""],CVE:[],CWE:[""CWE-79""]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N"",cvssScore:6.5,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:g,url:""\u002Fvulns?type=npm""},{label:f,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Ffoundation-sites\""\u003E\u003Ccode\u003Efoundation-sites\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is an advanced responsive front-end framework.\u003C\u002Fp\u003"
Uninitialized Memory Exposure,concat-stream,https://security.snyk.io/vuln/npm:concat-stream:20160901,,False,<1.3.2 >=1.4.0 <1.4.11 >=1.5.0 <1.5.2 ,https://github.com/maxogden/concat-stream/pull/47/commits/3e285ba5e5b10b7c98552217f5c1023829efe69e
Cross-site Scripting (XSS),yms,https://security.snyk.io/vuln/npm:yms:20160516,,False,<1.0.1 ,https://github.com/yandex/yms/commit/b902abb840e5f6aea27e7770cf3af6a214439347
Cross-site Scripting (XSS),thelounge,https://security.snyk.io/vuln/npm:thelounge:20160404,,False,<1.5.0 >=1.0.0 ,https://github.com/thelounge/lounge/commit/7024bd454a9aa8013c990a845400e697b051953f
Cross-site Scripting (XSS),lets-chat,https://security.snyk.io/vuln/npm:lets-chat:20160810,,False,<0.4.8 >=0.3.10 ,https://github.com/sdelements/lets-chat/commit/34532f521927decd9cf896e62c15cb95fca555b1
Prototype Override Protection Bypass,qs,https://security.snyk.io/vuln/npm:qs:20170213,CVE-2017-1000048,False,<6.0.4 >=6.1.0 <6.1.2 >=6.2.0 <6.2.3 >=6.3.0 <6.3.2 ,https://github.com/ljharb/qs/commit/beade029171b8cef9cee0d03ebe577e2dd84976d
Arbitrary Code Execution,quill,https://security.snyk.io/vuln/npm:quill:20160916,,False,>=1.0.0-beta.0 <1.0.4 ,https://github.com/quilljs/quill/commit/d1149adff6b562fcfc62b25d2bfacd30a331fcff
Cross-site Scripting (XSS),plotly.js,https://security.snyk.io/vuln/npm:plotly.js:20151210,,False,>=1.0.0 <1.2.1 ,n/a
Arbitrary Code Execution,serialize-to-js,https://security.snyk.io/vuln/npm:serialize-to-js:20170208,CVE-2017-5954,False,<1.0.0 ,https://github.com/commenthol/serialize-to-js/commit/1cd433960e5b9db4c0b537afb28366198a319429
JSONP Callback Attack,angular,https://security.snyk.io/vuln/npm:angular:20150315,,False,<1.6.1 ,n/a
HTML Injection,shout,https://security.snyk.io/vuln/npm:shout:20150122,CVE-2017-16043,False,<0.50.0 >=0.44.0 ,https://github.com/erming/shout/compare/890c751bb624cde53dc392b2c851cdcd056033c6...e94341f8b022a980512c464cdc088063fa245dea
Arbitrary Code Execution,node-serialize,https://security.snyk.io/vuln/npm:node-serialize:20170208,CVE-2017-5941,False,* ,n/a
Regular Expression Denial of Service (ReDoS),http-proxy,https://security.snyk.io/vuln/npm:http-proxy:20110901,CVE-2017-16014,False,<0.7.0 ,https://github.com/nodejitsu/node-http-proxy/commit/07c8d2ee6017264c3d4deac9f42ca264a3740b48
Insecure Randomness,uuid,https://security.snyk.io/vuln/npm:uuid:20111230,,False,<1.3.1 ,https://github.com/defunctzombie/node-uuid/commit/283bd40be4c1836e510ec7a1685288f2d52943f8
Cross-site Scripting (XSS),restify,https://security.snyk.io/vuln/npm:restify:20160225,CVE-2017-16018,False,<4.1.0 >=2.0.0 ,https://github.com/restify/node-restify/commit/a015067232ad62aa035675dc63a46dce31fed3f3
Unsigned Request Headers,http-signature,https://security.snyk.io/vuln/npm:http-signature:20130418,CVE-2017-16005,False,<0.10.0 >=0.9.0 ,https://github.com/joyent/node-http-signature/commit/658961f638e4418678e70c5794f7f5b03ff43830
Cross-site Scripting (XSS),jquery-ui,https://security.snyk.io/vuln/npm:jquery-ui:20100903,CVE-2010-5312,False,<1.10.0 ,https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
Cross-site Scripting (XSS),remarkable,https://security.snyk.io/vuln/npm:remarkable:20160820,CVE-2017-16006,False,<1.7.0 ,https://github.com/jonschlinkert/remarkable/commit/49e24e8f2a431c095ddbb74ecb67cf1cf8f88c47
Insecure Randomness,socket.io,https://security.snyk.io/vuln/npm:socket.io:20120323,,False,<0.9.7 ,n/a
Cross-site Scripting (XSS),socket.io,https://security.snyk.io/vuln/npm:socket.io:20120417,,False,<0.9.6 ,n/a
Cross-site Scripting (XSS),textangular,https://security.snyk.io/vuln/npm:textangular:20131227,,False,<1.2.0 ,https://github.com/fraywing/textAngular/commit/eea6ec6c390301a673d89bc0eda1ba92c038b444
Cross-site Scripting (XSS),textangular,https://security.snyk.io/vuln/npm:textangular:20150213,,False,<1.3.7 ,n/a
Denial of Service (DoS),connect,https://security.snyk.io/vuln/npm:connect:20120107,,False,>=1.4.0 <2.0.0 ,https://github.com/senchalabs/connect/commit/2b0e8d69a14312fa2fd3449685be0c0896dfe53e
Symlink attack due to predictable tmp folder names,npm,https://security.snyk.io/vuln/npm:npm:20130708,CVE-2017-16017,False,<1.3.3 ,https://github.com/npm/npm/commit/f4d31693
Cross-site Scripting (XSS),markdown-it,https://security.snyk.io/vuln/npm:markdown-it:20150702,,False,<4.3.1 >=4.0.0 ,https://github.com/markdown-it/markdown-it/commit/019bbda5f5ee8b7d00f2633340aef3b0d000e3f1
SQL Injection,sequelize,https://security.snyk.io/vuln/npm:sequelize:20151019,,False,<3.12.1 ,https://github.com/sequelize/sequelize/commit/3f11bd97386f1cad4961d2cd054347508ef0aca5
Cross-site Scripting (XSS),yui,https://security.snyk.io/vuln/npm:yui:20101025,CVE-2010-4207,False,<2.8.2 >=2.4.0 ,n/a
Cross-site Scripting (XSS),yui,https://security.snyk.io/vuln/npm:yui:20121030,CVE-2012-5883,False,<3.0.0 >=2.4.0 ,n/a
Cross-site Scripting (XSS),yui,https://security.snyk.io/vuln/npm:yui:20120428,,False,<3.5.1 >=3.5.0-PR1 ,https://github.com/yui/yui3/commit/c5a4b8ccdcdae7142a0fd8d9a3ec3a499cd60b3d
Cross-site Scripting (XSS),yui,https://security.snyk.io/vuln/npm:yui:20130604,CVE-2013-4940,False,>=3.0.0 <3.10.1 =3.10.2 ,https://github.com/yui/yui3/commit/da0d3a401ebf5a9cfab30e9ca7621aaf73ace79c
Cross-site Scripting (XSS),yui,https://security.snyk.io/vuln/npm:yui:20130515,CVE-2013-4942,False,<3.10.0 >=3.0.0 ,https://github.com/yui/yui3/commit/6a2da7d0df7f4b0d347cfbfb46e131d403658fc4
Cross-site Scripting (XSS),i18next,https://security.snyk.io/vuln/npm:i18next:20161013,CVE-2017-16010,False,>=2.0.0 <3.4.4 ,https://github.com/i18next/i18next/pull/826/commits/d367309d4427c2d651b0f0b304504cf59c056cab
Cross-site Scripting (XSS),i18next,https://security.snyk.io/vuln/npm:i18next:20151018,CVE-2017-16008,False,<1.10.3 ,https://github.com/i18next/i18next/pull/443/commits/34e8e13a2b64708a0aed01092e4dbfd0e5013831
Insecure Randomness,ws,https://security.snyk.io/vuln/npm:ws:20160920,,False,<1.1.2 ,https://github.com/websockets/ws/commit/7253f06f5432c76f3e82e2c055fcea08b612d8b2
Cross-site Scripting (XSS),marked,https://security.snyk.io/vuln/npm:marked:20170112,CVE-2017-1000427,False,<0.3.7 ,https://github.com/chjj/marked/commit/cd2f6f5b7091154c5526e79b5f3bfb4d15995a51
Cross-site Scripting (XSS),validator,https://security.snyk.io/vuln/npm:validator:20150313,,False,>=3.0.0 <3.34.0 ,https://github.com/chriso/validator.js/commit/570889bf1b3c963439871a0c15aa5801ef6322d7
Denial of Service (DoS),websocket-driver,https://security.snyk.io/vuln/npm:websocket-driver:20131012,,False,<0.3.1 ,https://github.com/faye/websocket-driver-node/pull/2/commits/f15b331a3459d30800a8b9781da5e2a7b3982160
Denial of Service (DoS),sails,https://security.snyk.io/vuln/npm:sails:20130622,,False,<0.9.0 ,n/a
Denial of Service (DoS),sails,https://security.snyk.io/vuln/npm:sails:20150604,,False,>=0.11.0-rc6 <0.12.0-rc4 ,n/a
Content Security Policy (CSP) Bypass,angular,https://security.snyk.io/vuln/npm:angular:20161101,,False,>=1.5.0 <1.5.9 ,https://github.com/angular/angular.js/commit/0ff10e1b56c6b7c4ac465e35c96a5886e294bac5
Arbitrary Script Injection,angular,https://security.snyk.io/vuln/npm:angular:20160527,,False,>=1.0.0 <1.2.30 ,https://github.com/angular/angular.js/commit/f35f334bd3197585bdf034f4b6d9ffa3122dac62
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20160122,,False,>=1.3.0 <1.5.0-rc.2 ,https://github.com/angular/angular.js/commit/234053fc9ad90e0d05be7e8359c6af66be94c094
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20151205,,False,<1.5.0-rc.0 ,https://github.com/angular/angular.js/commit/7a668cdd7d08a7016883eb3c671cbcd586223ae8
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20151130,,False,<1.4.10 ,https://github.com/angular/angular.js/commit/5a674f3bb9d1118d11b333e3b966c01a571c09e6
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20150909,,False,<1.5.0-beta.2 ,https://github.com/angular/angular.js/commit/bc0d8c4eea9a34bff5e29dd492dcdd668251be40
Clickjacking,angular,https://security.snyk.io/vuln/npm:angular:20150807-1,,False,>=1.3.1 <1.5.0-beta.0 ,https://github.com/angular/angular.js/commit/181fc567d873df065f1e84af7225deb70a8d2eb9
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20150807,CVE-2019-14863,False,>=1.0.0 <1.5.0-beta.0 ,https://github.com/angular/angular.js/commit/f33ce173c90736e349cf594df717ae3ee41e0f7a
Arbitrary Code Execution,angular,https://security.snyk.io/vuln/npm:angular:20150310,,False,<1.4.0-beta.6 ,https://github.com/angular/angular.js/commit/67688d5ca00f6de4c7fe6084e2fa762a00d25610
Arbitrary Command Execution,angular,https://security.snyk.io/vuln/npm:angular:20141104,,False,<1.3.2 ,https://github.com/angular/angular.js/commit/e676d642f5feb8d3ba88944634afb479ba525c36
Unsafe Object Deserialization,angular,https://security.snyk.io/vuln/npm:angular:20140909,,False,>=1.2.19 <1.2.27 ,https://github.com/angular/angular.js/commit/b39e1d47b9a1b39a9fe34c847a81f589fba522f8
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20140908,,False,<1.3.0-rc.5 ,https://github.com/angular/angular.js/commit/ab80cd90661396dbb1c94c5f4dd2d11ee8f6b6af
Arbitrary Code Execution,angular,https://security.snyk.io/vuln/npm:angular:20140608,,False,<1.3.0 ,https://github.com/angular/angular.js/commit/48fa3aadd546036c7e69f71046f659ab1de244c6
Protection Bypass,angular,https://security.snyk.io/vuln/npm:angular:20131113,,False,<1.2.2 ,n/a
Arbitrary Script Injection,angular,https://security.snyk.io/vuln/npm:angular:20130625,,False,<1.1.5 ,https://github.com/angular/angular.js/commit/5349b20097dc5cdff0216ee219ac5f6e6ef8c219
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20130622,,False,>=1.0.0 <1.2.0 ,https://github.com/angular/angular.js/commit/38deedd6e3d806eb8262bb43f26d47245f6c2739
Cross-site Scripting (XSS),angular,https://security.snyk.io/vuln/npm:angular:20130621,,False,<1.2.0 ,https://github.com/angular/angular.js/commit/39841f2ec9b17b3b2920fd1eb548d444251f4f56
Cross-site Scripting (XSS),angular-gettext,https://security.snyk.io/vuln/npm:angular-gettext:20140624,,False,<1.0.0 ,https://github.com/rubenv/angular-gettext/commit/a1ef4c26c3cae348c601cbbf2f9f4ac96f397755
Cross-site Scripting (XSS),react,https://security.snyk.io/vuln/npm:react:20150318,,False,>=0.0.1 <0.14.0 ,n/a
Cross-site Scripting (XSS),react,https://security.snyk.io/vuln/npm:react:20131217,CVE-2013-7035,False,>=0.5.0 <0.5.2 >=0.4.0 <0.4.2 ,n/a
Arbitrary Command Execution,clamscan,https://security.snyk.io/vuln/npm:clamscan:20150821,,False,<0.8.2 ,https://github.com/kylefarris/clamscan/commit/e2a7cbcd222aa8bbd61477fc3beabbe9ad3d8a71
Directory Traversal,fury-adapter-swagger,https://security.snyk.io/vuln/npm:fury-adapter-swagger:20161024,CVE-2016-1000249,False,<0.9.7 >=0.2.0 ~0.8.0-pre ,https:\u002F\u002Fgithub.com\u002Fapiaryio\u002Ffury-adapter-swagger\u002Fcommit\u002F777e2d68f03546a88f3203bbd4725df8b1f662a7)\
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/npm:tinymce:20150610,,False,<4.2.0 ,https://github.com/tinymce/tinymce/commit/9c78e4a4f9aad14f3e86094b36f163177f38c248
Resources Downloaded over Insecure Protocol,windows-build-tools,https://security.snyk.io/vuln/npm:windows-build-tools:21122016,CVE-2017-16003,False,<1.0.0 ,https://github.com/felixrieseberg/windows-build-tools/commit/9835d33e68f2cb5e4d148e954bb3ed0221d98e90
Unauthorized SSL Connection due to lack of cert authentication,mysql,https://security.snyk.io/vuln/npm:mysql:20140514,,False,<2.3.0 >=2.0.0 ,https://github.com/mysqljs/mysql/commit/f03bf567ba64008c09a773858338c01842ed76db
SQL Injection,loopback-connector-mssql,https://security.snyk.io/vuln/npm:loopback-connector-mssql:20150108,,False,<1.3.0 ,https://github.com/strongloop/loopback-connector-mssql/commit/1440f3d29ba0628bf6d7e508670fb0ab1c52cb7c
SQL Injection,loopback-connector-oracle,https://security.snyk.io/vuln/npm:loopback-connector-oracle:20150108,,False,<1.5.0 ,https://github.com/strongloop/loopback-connector-oracle/commit/29128e79000382011fc30c2aec98a24b0668273e
SQL Injection,loopback-connector-postgresql,https://security.snyk.io/vuln/npm:loopback-connector-postgresql:20150108,,False,<1.3.0 ,https://github.com/strongloop/loopback-connector-postgresql/commit/384bbfc3aa0d74f6d0d92a76caf4bd3ca926d626
SQL Injection,loopback-connector-mysql,https://security.snyk.io/vuln/npm:loopback-connector-mysql:20150108,,False,<1.5.0 ,https://github.com/strongloop/loopback-connector-mysql/commit/8f1b5a3de23ef1b5ada5f40547b7a2f278d6ece6
Resources Downloaded over Insecure Protocol,mystem-fix,https://security.snyk.io/vuln/npm:mystem-fix:20170102,CVE-2016-10698,False,* ,n/a
Resources Downloaded over Insecure Protocol,react-native-baidu-voice-synthesizer,https://security.snyk.io/vuln/npm:react-native-baidu-voice-synthesizer:20170102,CVE-2016-10697,False,* ,n/a
Resources Downloaded over Insecure Protocol,windows-latestchromedriver,https://security.snyk.io/vuln/npm:windows-latestchromedriver:20170102,CVE-2016-10696,False,* ,n/a
Resources Downloaded over Insecure Protocol,npm-test-sqlite3-trunk,https://security.snyk.io/vuln/npm:npm-test-sqlite3-trunk:20170102,CVE-2016-10695,False,* ,n/a
Resources Downloaded over Insecure Protocol,alto-saxophone,https://security.snyk.io/vuln/npm:alto-saxophone:20161021,CVE-2016-10694,False,<2.25.1 ,https://github.com/tobli/alto-saxophone/commit/8cb735e8194fa3aac47727cda5ba0a876adc4e45
Resources Downloaded over Insecure Protocol,pm2-kafka,https://security.snyk.io/vuln/npm:pm2-kafka:20170102,CVE-2016-10693,False,* ,n/a
Resources Downloaded over Insecure Protocol,haxeshim,https://security.snyk.io/vuln/npm:haxeshim:20170102,CVE-2016-10692,False,* ,n/a
Resources Downloaded over Insecure Protocol,windows-seleniumjar,https://security.snyk.io/vuln/npm:windows-seleniumjar:20170102,CVE-2016-10691,False,* ,n/a
Resources Downloaded over Insecure Protocol,openframe-ascii-image,https://security.snyk.io/vuln/npm:openframe-ascii-image:20170102,CVE-2016-10690,False,* ,n/a
Resources Downloaded over Insecure Protocol,windows-iedriver,https://security.snyk.io/vuln/npm:windows-iedriver:20170102,CVE-2016-10689,False,* ,n/a
Resources Downloaded over Insecure Protocol,haxe3,https://security.snyk.io/vuln/npm:haxe3:20161202,CVE-2016-10688,False,* ,n/a
Resources Downloaded over Insecure Protocol,windows-selenium-chromedriver,https://security.snyk.io/vuln/npm:windows-selenium-chromedriver:20170102,CVE-2016-10687,False,* ,n/a
Resources Downloaded over Insecure Protocol,fis-sass-all,https://security.snyk.io/vuln/npm:fis-sass-all:20161202,CVE-2016-10686,False,* ,n/a
Resources Downloaded over Insecure Protocol,pk-app-wonderbox,https://security.snyk.io/vuln/npm:pk-app-wonderbox:20170102,CVE-2016-10685,False,* ,n/a
Resources Downloaded over Insecure Protocol,healthcenter,https://security.snyk.io/vuln/npm:healthcenter:20170102,CVE-2016-10684,False,* ,n/a
Resources Downloaded over Insecure Protocol,arcanist,https://security.snyk.io/vuln/npm:arcanist:20170102,CVE-2016-10683,False,* ,n/a
Resources Downloaded over Insecure Protocol,massif,https://security.snyk.io/vuln/npm:massif:20170102,CVE-2016-10682,False,* ,n/a
Resources Downloaded over Insecure Protocol,roslib-socketio,https://security.snyk.io/vuln/npm:roslib-socketio:20170102,CVE-2016-10681,False,* ,n/a
Resources Downloaded over Insecure Protocol,adamvr-geoip-lite,https://security.snyk.io/vuln/npm:adamvr-geoip-lite:20170102,CVE-2016-10680,False,* ,n/a
Resources Downloaded over Insecure Protocol,selenium-standalone-painful,https://security.snyk.io/vuln/npm:selenium-standalone-painful:20170102,CVE-2016-10679,False,* ,n/a
Resources Downloaded over Insecure Protocol,serc.js,https://security.snyk.io/vuln/npm:serc.js:20170102,,False,* ,n/a
Resources Downloaded over Insecure Protocol,google-closure-tools-latest,https://security.snyk.io/vuln/npm:google-closure-tools-latest:20170102,CVE-2016-10677,False,* ,n/a
Resources Downloaded over Insecure Protocol,rs-brightcove,https://security.snyk.io/vuln/npm:rs-brightcove:20170102,CVE-2016-10676,False,* ,n/a
Resources Downloaded over Insecure Protocol,libsbmlsim,https://security.snyk.io/vuln/npm:libsbmlsim:20170102,CVE-2016-10675,False,* ,n/a
Resources Downloaded over Insecure Protocol,limbus-buildgen,https://security.snyk.io/vuln/npm:limbus-buildgen:20161202,CVE-2016-10674,False,<0.1.1 ,https://github.com/redien/limbus-buildgen/commit/dfdcf27117f7ed03560054952c90b9d78c121329
Resources Downloaded over Insecure Protocol,ipip-coffee,https://security.snyk.io/vuln/npm:ipip-coffee:20170102,CVE-2016-10673,False,* ,n/a
Resources Downloaded over Insecure Protocol,cloudpub-redis,https://security.snyk.io/vuln/npm:cloudpub-redis:20170102,CVE-2016-10672,False,* ,n/a
Resources Downloaded over Insecure Protocol,mystem-wrapper,https://security.snyk.io/vuln/npm:mystem-wrapper:20170102,CVE-2016-10671,False,* ,n/a
Resources Downloaded over Insecure Protocol,windows-seleniumjar-mirror,https://security.snyk.io/vuln/npm:windows-seleniumjar-mirror:20170102,CVE-2016-10670,False,* ,n/a
Resources Downloaded over Insecure Protocol,soci,https://security.snyk.io/vuln/npm:soci:20170102,CVE-2016-10669,False,* ,n/a
Resources Downloaded over Insecure Protocol,libsbml,https://security.snyk.io/vuln/npm:libsbml:20170102,CVE-2016-10668,False,* ,n/a
Resources Downloaded over Insecure Protocol,selenium-portal,https://security.snyk.io/vuln/npm:selenium-portal:20170101,CVE-2016-10667,False,* ,n/a
Resources Downloaded over Insecure Protocol,tomita-parser,https://security.snyk.io/vuln/npm:tomita-parser:20170101,CVE-2016-10666,False,* ,n/a
Resources Downloaded over Insecure Protocol,herbivore,https://security.snyk.io/vuln/npm:herbivore:20161102,CVE-2016-10665,False,<=0.0.3 ,https://github.com/samatt/Herbivore/commit/0a041defc3463e99948e5d2064aef54b2128c5a3
Resources Downloaded over Insecure Protocol,mystem,https://security.snyk.io/vuln/npm:mystem:20170101,CVE-2016-10664,False,* ,n/a
Resources Downloaded over Insecure Protocol,wixtoolset,https://security.snyk.io/vuln/npm:wixtoolset:20170102,CVE-2016-10663,False,* ,n/a
Resources Downloaded over Insecure Protocol,tomita,https://security.snyk.io/vuln/npm:tomita:20170102,CVE-2016-10662,False,* ,n/a
Resources Downloaded over Insecure Protocol,phantomjs-cheniu,https://security.snyk.io/vuln/npm:phantomjs-cheniu:20170101,CVE-2016-10661,False,* ,n/a
Resources Downloaded over Insecure Protocol,fis-parser-sass-bin,https://security.snyk.io/vuln/npm:fis-parser-sass-bin:20170102,CVE-2016-10660,False,* ,n/a
Resources Downloaded over Insecure Protocol,poco,https://security.snyk.io/vuln/npm:poco:20170102,CVE-2016-10659,False,* ,n/a
Resources Downloaded over Insecure Protocol,native-opencv,https://security.snyk.io/vuln/npm:native-opencv:20170101,CVE-2016-10658,False,* ,n/a
Resources Downloaded over Insecure Protocol,co-cli-installer,https://security.snyk.io/vuln/npm:co-cli-installer:20170102,CVE-2016-10657,False,* ,n/a
Resources Downloaded over Insecure Protocol,qbs,https://security.snyk.io/vuln/npm:qbs:20170102,CVE-2016-10656,False,* ,n/a
Resources Downloaded over Insecure Protocol,clang-extra,https://security.snyk.io/vuln/npm:clang-extra:20170102,CVE-2016-10655,False,* ,n/a
Resources Downloaded over Insecure Protocol,sfml,https://security.snyk.io/vuln/npm:sfml:20170101,CVE-2016-10654,False,* ,n/a
Resources Downloaded over Insecure Protocol,xd-testing,https://security.snyk.io/vuln/npm:xd-testing:20170101,CVE-2016-10653,False,* ,n/a
Resources Downloaded over Insecure Protocol,prebuild-lwip,https://security.snyk.io/vuln/npm:prebuild-lwip:20170101,CVE-2016-10652,False,* ,n/a
Resources Downloaded over Insecure Protocol,webdriver-launcher,https://security.snyk.io/vuln/npm:webdriver-launcher:20170101,CVE-2016-10651,False,* ,n/a
Resources Downloaded over Insecure Protocol,ntfserver,https://security.snyk.io/vuln/npm:ntfserver:20170101,CVE-2016-10650,False,* ,n/a
Resources Downloaded over Insecure Protocol,frames-compiler,https://security.snyk.io/vuln/npm:frames-compiler:20170101,CVE-2016-10649,False,* ,n/a
Resources Downloaded over Insecure Protocol,marionette-socket-host,https://security.snyk.io/vuln/npm:marionette-socket-host:20170101,CVE-2016-10648,False,* ,n/a
Resources Downloaded over Insecure Protocol,node-air-sdk,https://security.snyk.io/vuln/npm:node-air-sdk:20170101,CVE-2016-10647,False,* ,n/a
Resources Downloaded over Insecure Protocol,resourcehacker,https://security.snyk.io/vuln/npm:resourcehacker:20170101,CVE-2016-10646,False,* ,n/a
Resources Downloaded over Insecure Protocol,grunt-images,https://security.snyk.io/vuln/npm:grunt-images:20170101,CVE-2016-10645,False,* ,n/a
Resources Downloaded over Insecure Protocol,slimerjs-edge,https://security.snyk.io/vuln/npm:slimerjs-edge:20170101,CVE-2016-10644,False,* ,n/a
Resources Downloaded over Insecure Protocol,jstestdriver,https://security.snyk.io/vuln/npm:jstestdriver:20170101,CVE-2016-10643,False,* ,n/a
Resources Downloaded over Insecure Protocol,cmake,https://security.snyk.io/vuln/npm:cmake:20170101,CVE-2016-10642,False,* ,n/a
Resources Downloaded over Insecure Protocol,node-bsdiff-android,https://security.snyk.io/vuln/npm:node-bsdiff-android:20170101,CVE-2016-10641,False,* ,n/a
Resources Downloaded over Insecure Protocol,node-thulac,https://security.snyk.io/vuln/npm:node-thulac:20170101,CVE-2016-10640,False,* ,n/a
Resources Downloaded over Insecure Protocol,redis-srvr,https://security.snyk.io/vuln/npm:redis-srvr:20170101,CVE-2016-10639,False,* ,n/a
Resources Downloaded over Insecure Protocol,js-given,https://security.snyk.io/vuln/npm:js-given:20170101,CVE-2016-10638,False,<0.0.18 ,n/a
Resources Downloaded over Insecure Protocol,grunt-ccompiler,https://security.snyk.io/vuln/npm:grunt-ccompiler:20170101,CVE-2016-10636,False,* ,n/a
Resources Downloaded over Insecure Protocol,broccoli-closure,https://security.snyk.io/vuln/npm:broccoli-closure:20161101,CVE-2016-10635,False,<1.3.1 ,https://github.com/markuskobler/broccoli-closure-plugin/commit/94021ec4def22f28685e4f85a66a22176c115b16
Resources Downloaded over Insecure Protocol,scalajs-standalone-bin,https://security.snyk.io/vuln/npm:scalajs-standalone-bin:20170101,CVE-2016-10634,False,* ,n/a
Man in the Middle (MitM),dwebp-bin,https://security.snyk.io/vuln/npm:dwebp-bin:20170101,CVE-2016-10633,False,<1.0.0 ,https://github.com/1000ch/dwebp-bin/commit/06aa7cdd98097117824e54fe68dff0255fb50af2
Resources Downloaded over Insecure Protocol,apk-parser2,https://security.snyk.io/vuln/npm:apk-parser2:20170101,CVE-2016-10632,False,* ,n/a
Resources Downloaded over Insecure Protocol,jvminstall,https://security.snyk.io/vuln/npm:jvminstall:20170101,CVE-2016-10631,False,* ,n/a
Resources Downloaded over Insecure Protocol,install-g-test,https://security.snyk.io/vuln/npm:install-g-test:20170101,CVE-2016-10630,False,* ,n/a
Resources Downloaded over Insecure Protocol,nw-with-arm,https://security.snyk.io/vuln/npm:nw-with-arm:20170101,CVE-2016-10629,False,* ,n/a
Resources Downloaded over Insecure Protocol,selenium-wrapper,https://security.snyk.io/vuln/npm:selenium-wrapper:20170101,CVE-2016-10628,False,* ,n/a
Resources Downloaded over Insecure Protocol,scala-bin,https://security.snyk.io/vuln/npm:scala-bin:20170101,CVE-2016-10627,False,* ,n/a
Resources Downloaded over Insecure Protocol,mystem3,https://security.snyk.io/vuln/npm:mystem3:20170101,CVE-2016-10626,False,<1.0.8 ,https://github.com/koorchik/node-mystem3/commit/4bd31c0e0110afc327c414d7ebfc2ffe738cbad2
Resources Downloaded over Insecure Protocol,headless-browser-lite,https://security.snyk.io/vuln/npm:headless-browser-lite:20170101,CVE-2016-10625,False,* ,n/a
Resources Downloaded over Insecure Protocol,selenium-chromedriver,https://security.snyk.io/vuln/npm:selenium-chromedriver:20170101,CVE-2016-10624,False,* ,n/a
Resources Downloaded over Insecure Protocol,macaca-chromedriver-zxa,https://security.snyk.io/vuln/npm:macaca-chromedriver-zxa:20170101,CVE-2016-10623,False,* ,n/a
Resources Downloaded over Insecure Protocol,nodeschnaps,https://security.snyk.io/vuln/npm:nodeschnaps:20170101,CVE-2016-10622,False,* ,n/a
Resources Downloaded over Insecure Protocol,fibjs,https://security.snyk.io/vuln/npm:fibjs:20170101,CVE-2016-10621,False,* ,n/a
Resources Downloaded over Insecure Protocol,atom-node-module-installer,https://security.snyk.io/vuln/npm:atom-node-module-installer:20170101,CVE-2016-10620,False,* ,n/a
Resources Downloaded over Insecure Protocol,pennyworth,https://security.snyk.io/vuln/npm:pennyworth:20170101,CVE-2016-10619,False,* ,n/a
Resources Downloaded over Insecure Protocol,node-browser,https://security.snyk.io/vuln/npm:node-browser:20170101,CVE-2016-10618,False,* ,n/a
Resources Downloaded over Insecure Protocol,box2d-native,https://security.snyk.io/vuln/npm:box2d-native:20170101,CVE-2016-10617,False,* ,n/a
Resources Downloaded over Insecure Protocol,openframe-image,https://security.snyk.io/vuln/npm:openframe-image:20170101,CVE-2016-10616,False,* ,n/a
Resources Downloaded over Insecure Protocol,curses,https://security.snyk.io/vuln/npm:curses:20170101,CVE-2016-10615,False,* ,n/a
Resources Downloaded over Insecure Protocol,httpsync,https://security.snyk.io/vuln/npm:httpsync:20170101,CVE-2016-10614,False,* ,n/a
Resources Downloaded over Insecure Protocol,bionode-sra,https://security.snyk.io/vuln/npm:bionode-sra:20170101,CVE-2016-10613,False,* ,n/a
Resources Downloaded over Insecure Protocol,dalek-browser-ie-canary,https://security.snyk.io/vuln/npm:dalek-browser-ie-canary:20170101,CVE-2016-10612,False,* ,n/a
Resources Downloaded over Insecure Protocol,strider-sauce,https://security.snyk.io/vuln/npm:strider-sauce:20161130,CVE-2016-10611,False,<=0.6.3 ,https://github.com/Strider-CD/strider-sauce/commit/5ff6d6593f89aee505b4e86958ab6f8898baa9eb
Resources Downloaded over Insecure Protocol,unicode-json,https://security.snyk.io/vuln/npm:unicode-json:20170101,CVE-2016-10610,False,* ,n/a
Resources Downloaded over Insecure Protocol,chromedriver126,https://security.snyk.io/vuln/npm:chromedriver126:20170101,CVE-2016-10609,False,* ,n/a
Resources Downloaded over Insecure Protocol,robot-js,https://security.snyk.io/vuln/npm:robot-js:20170101,CVE-2016-10608,False,* ,n/a
Resources Downloaded over Insecure Protocol,openframe-glslviewer,https://security.snyk.io/vuln/npm:openframe-glslviewer:20170101,CVE-2016-10607,False,* ,n/a
Resources Downloaded over Insecure Protocol,grunt-webdriver-qunit,https://security.snyk.io/vuln/npm:grunt-webdriver-qunit:20170101,CVE-2016-10606,False,* ,n/a
Resources Downloaded over Insecure Protocol,dalek-browser-ie,https://security.snyk.io/vuln/npm:dalek-browser-ie:20170101,CVE-2016-10605,False,* ,n/a
Resources Downloaded over Insecure Protocol,dalek-browser-chrome,https://security.snyk.io/vuln/npm:dalek-browser-chrome:20170101,CVE-2016-10604,False,* ,n/a
Resources Downloaded over Insecure Protocol,air-sdk,https://security.snyk.io/vuln/npm:air-sdk:20170101,CVE-2016-10603,False,* ,n/a
Resources Downloaded over Insecure Protocol,haxe-dev,https://security.snyk.io/vuln/npm:haxe-dev:20170101,CVE-2016-10637,False,* ,n/a
Resources Downloaded over Insecure Protocol,haxe,https://security.snyk.io/vuln/npm:haxe:20170101,CVE-2016-10602,False,* ,n/a
Resources Downloaded over Insecure Protocol,webdrvr,https://security.snyk.io/vuln/npm:webdrvr:20170101,CVE-2016-10601,False,* ,n/a
Resources Downloaded over Insecure Protocol,webrtc-native,https://security.snyk.io/vuln/npm:webrtc-native:20170101,CVE-2016-10600,False,* ,n/a
Resources Downloaded over Insecure Protocol,sauce-connect,https://security.snyk.io/vuln/npm:sauce-connect:20170101,CVE-2016-10599,False,* ,n/a
Resources Downloaded over Insecure Protocol,arrayfire-js,https://security.snyk.io/vuln/npm:arrayfire-js:20170101,CVE-2016-10598,False,* ,n/a
Resources Downloaded over Insecure Protocol,cobalt-cli,https://security.snyk.io/vuln/npm:cobalt-cli:20170101,CVE-2016-10597,False,* ,n/a
Resources Downloaded over Insecure Protocol,imageoptim,https://security.snyk.io/vuln/npm:imageoptim:20170101,CVE-2016-10596,False,* ,n/a
Resources Downloaded over Insecure Protocol,jdf-sass,https://security.snyk.io/vuln/npm:jdf-sass:20170101,CVE-2016-10595,False,* ,n/a
Resources Downloaded over Insecure Protocol,fuseki,https://security.snyk.io/vuln/npm:fuseki:20161113,CVE-2016-10576,False,<1.0.1 ,https://github.com/bergos/fuseki/commit/154c0f12c468a8af33562dff12b1bb0e5b659df9)
Resources Downloaded over Insecure Protocol,mongodb-instance,https://security.snyk.io/vuln/npm:mongodb-instance:20161102,CVE-2016-10572,False,<0.0.3 ,https://github.com/Janpot/mongodb-instance/commit/c8fea750f8020ace8410c442b2684b33a9fddd3b
Resources Downloaded over Insecure Protocol,geoip-lite-country,https://security.snyk.io/vuln/npm:geoip-lite-country:20161116,CVE-2016-10568,False,<1.1.4 ,https://github.com/arve0/node-geoip-country/commit/9228f2096a882b251f917deba5ae7ffa1a9b4ccc
Resources Downloaded over Insecure Protocol,install-nw,https://security.snyk.io/vuln/npm:install-nw:20161104,CVE-2016-10566,False,<1.1.5 ,https://github.com/davidmarkclements/install-nw/commit/5c64eff1ed116fceeba55a51867554f0fe4f6556
Resources Downloaded over Insecure Protocol,iedriver,https://security.snyk.io/vuln/npm:iedriver:20161111,CVE-2016-10562,False,<3.0.0 ,https://github.com/barretts/node-iedriver/commit/32ca1602573618c8d76182c4f2a30aee379d6629
Denial of Service (DoS),jquery,https://security.snyk.io/vuln/npm:jquery:20160529,CVE-2016-10707,False,>=3.0.0-rc1 <3.0.0 ,n/a
Cross-site Scripting (XSS),jquery-ui,https://security.snyk.io/vuln/npm:jquery-ui:20121127,CVE-2012-6662,False,<1.10.0 ,"https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2016-12-26T15:04:27Z"",disclosureTime:""2012-11-26T22:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-JQUERYUI-10189""],CVE:[""CVE-2012-6662""],CWE:[""CWE-79""]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"",cvssScore:4.3,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""/vulns"",label:""Snyk Vulnerability Database""},{label:f,url:""/vulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview
"":""<p><a href=""https://www.npmjs.com/package/jquery-ui""><code>jquery-ui</code></a> is a curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library."
Timing Attack,node-forge,https://security.snyk.io/vuln/npm:node-forge:20150626,,False,<0.6.33 ,https://github.com/digitalbazaar/forge/commit/17c6aaf2fa3bb0fc8756c561c541dd8e8127e1dd
Cross-site Scripting (XSS),jquery-mobile,https://security.snyk.io/vuln/npm:jquery-mobile:20120802,,False,<1.2.0 ,https://github.com/jquery/jquery-mobile/commit/370413072db4fd8ee0da4455d9a08abc9ef5ba24
Cross-site Scripting (XSS),jquery-migrate,https://security.snyk.io/vuln/npm:jquery-migrate:20130419,,False,<1.2.1 ,https://github.com/jquery/jquery-migrate/commit/91d55f51fd28908d98d5c5fba6b63c3475213556
Cross-site Scripting (XSS),clusterize.js,https://security.snyk.io/vuln/npm:clusterize.js:20150429,,False,<0.3.1 ,n/a
Resources Downloaded over Insecure Protocol,jser-stat,https://security.snyk.io/vuln/npm:jser-stat:20161201,CVE-2016-10592,False,* ,n/a
Resources Downloaded over Insecure Protocol,ipip,https://security.snyk.io/vuln/npm:ipip:20161130,CVE-2016-10594,False,* ,n/a
Resources Downloaded over Insecure Protocol,prince,https://security.snyk.io/vuln/npm:prince:20161201,CVE-2016-10591,False,<1.4.5 ,https://github.com/nwjs/npm-installer/commit/adb4df1e012d38a3872578d484291b9af07aad5b#diff-153f7a81745c9180edcfa4838beeae7b
Resources Downloaded over Insecure Protocol,ibapi,https://security.snyk.io/vuln/npm:ibapi:20161130,CVE-2016-10593,False,<2.5.6 ,n/a
Resources Downloaded over Insecure Protocol,cue-sdk-node,https://security.snyk.io/vuln/npm:cue-sdk-node:20161201,CVE-2016-10590,False,* ,n/a
Directory Traversal,hostr,https://security.snyk.io/vuln/npm:hostr:20161211,CVE-2017-16029,False,<2.3.6 ,https://github.com/henrytseng/hostr/commit/789a00047459fd80b6f0a9701a1378a47fb73ba8
Resources Downloaded over Insecure Protocol,apk-parser,https://security.snyk.io/vuln/npm:apk-parser:20161219,CVE-2016-10564,False,<0.1.6 ,n/a
SQL Injection,knex,https://security.snyk.io/vuln/npm:knex:20150413,,False,<0.6.23 >=0.7.0 <0.7.6 ,https://github.com/tgriesser/knex/commit/13995d6936208fe0a968b9ae0f46a2f19faacffc
Denial of Service (DoS),podium,https://security.snyk.io/vuln/npm:podium:20160913,,False,<1.2.5 >=1.2.2 ,https://github.com/hapijs/podium/pull/17/commits/47f9ea3f9ab5a5664528722f570eeed11a446c90
Resources Downloaded over Insecure Protocol,steroids,https://security.snyk.io/vuln/npm:steroids:20161219,CVE-2016-10581,False,* ,n/a
Resources Downloaded over Insecure Protocol,kindlegen,https://security.snyk.io/vuln/npm:kindlegen:20161103,CVE-2016-10575,False,<1.1.0 ,https://github.com/hakatashi/kindlegen/commit/9a67ba62890ab78597f4c3af36b97e19ea410fa4
Resources Downloaded over Insecure Protocol,baryton-saxophone,https://security.snyk.io/vuln/npm:baryton-saxophone:20161104,CVE-2016-10573,False,<3.0.1 ,https://github.com/tobli/baryton-saxophone/commit/a5e943c46779e5372cdd13bfe2a69ec2530045be
Resources Downloaded over Insecure Protocol,libxl,https://security.snyk.io/vuln/npm:libxl:20161219,CVE-2016-10585,False,<0.2.21 >=0.3.1 <0.3.4 >=0.4.0 <0.4.4 ,https://github.com/DirtyHairy/node-libxl/commit/1fb0f70ce082ff43b675af9bd33a26d06c946478
Resources Downloaded over Insecure Protocol,embedza,https://security.snyk.io/vuln/npm:embedza:20161102,CVE-2016-10569,False,<1.2.4 ,https://github.com/nodeca/embedza/commit/19ab5ed72c37a311ba2685f4ef4ed08b3b5c95c3
Resources Downloaded over Insecure Protocol,bkjs-wand,https://security.snyk.io/vuln/npm:bkjs-wand:20161101,CVE-2016-10571,False,<0.3.2 ,https://github.com/vseryakov/bkjs-wand/commit/3b8d854dd765546ecb77282a6f87406746378dcf
Resources Downloaded over Insecure Protocol,macaca-chromedriver,https://security.snyk.io/vuln/npm:macaca-chromedriver:20161102,CVE-2016-10586,False,<1.0.27 ,https://github.com/macacajs/macaca-chromedriver/commit/03cb4a186b83122383bc2292761d418f519bf3b9
Resources Downloaded over Insecure Protocol,apk-parser3,https://security.snyk.io/vuln/npm:apk-parser3:20161106,CVE-2016-10574,False,<0.1.3 ,https://github.com/zhao0/node-apk-parser3/commit/ba1ade7f677dc5c80fe3f7355794d501b61a7917
Resources Downloaded over Insecure Protocol,selenium-binaries,https://security.snyk.io/vuln/npm:selenium-binaries:20161219,CVE-2016-10589,False,* ,n/a
Resources Downloaded over Insecure Protocol,unicode,https://security.snyk.io/vuln/npm:unicode:20161219,CVE-2016-10578,False,<9.0.0 ,n/a
Resources Downloaded over Insecure Protocol,dalek-browser-chrome-canary,https://security.snyk.io/vuln/npm:dalek-browser-chrome-canary:20161219,CVE-2016-10584,False,* ,n/a
Resources Downloaded over Insecure Protocol,ibm_db,https://security.snyk.io/vuln/npm:ibm_db:20161219,CVE-2016-10577,False,<1.0.2 ,https://github.com/ibmdb/node-ibm_db/commit/d7e2d4b4cbeb6f067df8bba7d0b2ac5d40fcfc19#diff-315091eb1586966006e05ebc21cd2a94
Resources Downloaded over Insecure Protocol,wasdk,https://security.snyk.io/vuln/npm:wasdk:20161219,CVE-2016-10587,False,<1.0.42 ,https://github.com/wasdk/wasdk/commit/58c2d22e7958d921e4f90d56805460ca33918971
Resources Downloaded over Insecure Protocol,product-monitor,https://security.snyk.io/vuln/npm:product-monitor:20161104,CVE-2016-10567,False,<2.2.5 ,https://github.com/connected-web/product-monitor/commit/122122c605a235d5897590c0ef9d3682961707de
Resources Downloaded over Insecure Protocol,pngcrush-installer,https://security.snyk.io/vuln/npm:pngcrush-installer:20161104,CVE-2016-10570,False,<1.8.10 ,https://github.com/jefflembeck/pngcrush-installer/commit/d56bc439fc6ed0654b30b345906f77bd000368f3
Resources Downloaded over Insecure Protocol,nodewebkit,https://security.snyk.io/vuln/npm:nodewebkit:20161219,CVE-2016-10580,False,* ,n/a
Resources Downloaded over Insecure Protocol,nw,https://security.snyk.io/vuln/npm:nw:20161219,CVE-2016-10588,False,<0.23.7 ,"https:\u002F\u002Fgithub.com\u002Fnwjs\u002Fnpm-installer\u002Fcommit\u002Fadb4df1e012d38a3872578d484291b9af07aad5b#diff-153f7a81745c9180edcfa4838beeae7b)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2016-12-20T10:25:00Z"",disclosureTime:""2016-12-19T10:25:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-NW-10252""],CVE:[""CVE-2016-10588""],CWE:[""CWE-319""],GHSA:[""GHSA-hv96-xxx2-5v7w""],NSP:[166]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:R\u002FS:U\u002FC:H\u002FI:H\u002FA:H"",cvssScore:7.1,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fnw\""\u003E\u003Ccode\u003Enw\u003C\u002Fcode\u003E\u003C\u002Fa\u003E is an installer for nw.js.\u003C\u002Fp\u003"
Resources Downloaded over Insecure Protocol,closurecompiler,https://security.snyk.io/vuln/npm:closurecompiler:20160831,CVE-2016-10582,False,<1.6.1 ,https://github.com/dcodeIO/ClosureCompiler.js/commit/c01efe9d86dc8d07e14c5a6ba1586244ce53a698
Resources Downloaded over Insecure Protocol,closure-util,https://security.snyk.io/vuln/npm:closure-util:20161219,CVE-2016-10583,False,<1.19.0 ,https://github.com/openlayers/closure-util/commit/24492288469f72c902d590321917934ef62e323d
Resources Downloaded over Insecure Protocol,chromedriver,https://security.snyk.io/vuln/npm:chromedriver:20161208,CVE-2016-10579,False,<2.25.2 ,https://github.com/giggio/node-chromedriver/commit/71981099216b7c15ec01e50baaacb15fe1b85e56
Resources Downloaded over Insecure Protocol,operadriver,https://security.snyk.io/vuln/npm:operadriver:20161104,CVE-2016-10565,False,<0.2.3 ,"https://github.com/cnpm/node-operadriver/commit/190f09f0da4780f9d68a0a3e6466b871e090b1e1)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2016-12-20T10:24:00Z"",disclosureTime:""2016-11-04T10:25:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-OPERADRIVER-10244""],CVE:[""CVE-2016-10565""],CWE:[""CWE-319""],GHSA:[""GHSA-2wrq-wmqf-8vcc""],NSP:[196]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"",cvssScore:7.1,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""/vulns"",label:""Snyk Vulnerability Database""},{label:f,url:""/vulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview
"":""<p><a href=""https://www.npmjs.com/package/operadriver""><code>operadriver</code></a> is an OperaDriver for Selenium"
Resources Downloaded over Insecure Protocol,go-ipfs-dep,https://security.snyk.io/vuln/npm:go-ipfs-dep:20161219,CVE-2016-10563,False,<0.4.4 ,n/a
Denial of Service (DoS),mongoose,https://security.snyk.io/vuln/npm:mongoose:20150925,,False,>=4.0.0 <4.1.10 ,https://github.com/Automattic/mongoose/commit/d4d57176848bcaaae20d466273f124355c0d262f
Directory Traversal,bitty,https://security.snyk.io/vuln/npm:bitty:20161014,CVE-2016-10561,False,* ,n/a
Denial of Service (DoS),ejs,https://security.snyk.io/vuln/npm:ejs:20161130-1,CVE-2017-1000189,False,<2.5.5 ,n/a
Cross-site Scripting (XSS),ejs,https://security.snyk.io/vuln/npm:ejs:20161130,CVE-2017-1000188,False,<2.5.5 ,n/a
Resources Downloaded over Insecure Protocol,appium-chromedriver,https://security.snyk.io/vuln/npm:appium-chromedriver:20161103,CVE-2016-10557,False,<2.9.4 ,https://github.com/appium/appium-chromedriver/pull/51/commits/c7e384afcddf009636b8e5bb23b1f06150eda293
Resources Downloaded over Insecure Protocol,aerospike,https://security.snyk.io/vuln/npm:aerospike:20161101,CVE-2016-10558,False,<2.4.2 ,https://github.com/aerospike/aerospike-client-nodejs/commit/d5e916a3a65c169e60200f18f02524c67bb58237
Resources Downloaded over Insecure Protocol,selenium-download,https://security.snyk.io/vuln/npm:selenium-download:20161102,CVE-2016-10559,False,<2.0.7 ,https://github.com/groupon/selenium-download/commit/1957ca79707b9bee224b222500ceb250f736b93b
Resources Downloaded over Insecure Protocol,galenframework-cli,https://security.snyk.io/vuln/npm:galenframework-cli:20161101,CVE-2016-10560,False,<2.3.1 ,https://github.com/hypery2k/galenframework-cli/commit/dcf9505f77f2ea50f84372f9b6b521c89561cbe1
Authentication Bypass,passport-azure-ad,https://security.snyk.io/vuln/npm:passport-azure-ad:20160824,CVE-2016-7191,False,>=1.0.0 <1.4.6 >=2.0.0 <2.0.1 ,n/a
Arbitrary Code Execution,ejs,https://security.snyk.io/vuln/npm:ejs:20161128,CVE-2017-1000228,False,<2.5.3 ,n/a
Cross-site Scripting (XSS),jquery,https://security.snyk.io/vuln/npm:jquery:20150627,CVE-2017-16012,False,<1.12.2 >=1.12.3 <2.2.0 >=2.2.3 <3.0.0 ,https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
Denial of Service (DoS),node-uuid,https://security.snyk.io/vuln/npm:node-uuid:20111130,,False,<1.3.1 ,https://github.com/broofa/node-uuid/commit/499574c84bc660b52c4322a011abfdd3edfd28bf
Timing Attack,fernet,https://security.snyk.io/vuln/npm:fernet:20140306,,False,<0.1.0 >=0.0.1 ,https://github.com/csquared/fernet.js/commit/29c456543c69604289931b4e8979ec17bbeeff33
Cross-site Scripting (XSS),rendr,https://security.snyk.io/vuln/npm:rendr:20130709,,False,<0.4.8-2 ,n/a
Cross-site Scripting (XSS),hapi,https://security.snyk.io/vuln/npm:hapi:20130320,,False,<0.16.0 ,n/a
Denial of Service (DoS),engine.io,https://security.snyk.io/vuln/npm:engine.io:20140212,,False,<1.0.0 ,n/a
Uninitialized Memory Exposure,life_star,https://security.snyk.io/vuln/npm:life_star:20160212,,False,<=0.8.4 ,n/a
Cross-site Scripting (XSS),hoek,https://security.snyk.io/vuln/npm:hoek:20130326,,False,<0.7.3 ,n/a
Cross-site Scripting (XSS),shout,https://security.snyk.io/vuln/npm:shout:20160913,,False,<0.51.2 >=0.38.0 ,https://github.com/erming/shout/commit/7ef2da0c832175cea1776a651a3c14051468fdc2
Forgeable public/private tokens,jwt-simple,https://security.snyk.io/vuln/npm:jwt-simple:20160804,CVE-2016-10555,False,<0.3.0 ,"https://github.com/hokaccha/node-jwt-simple/commit/957957cfa44474049b4603b293569588ee9ffd97)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2016-10-31T03:44:13Z"",disclosureTime:""2016-08-18T03:44:13Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-JWTSIMPLE-10166""],CVE:[""CVE-2016-10555""],CWE:[""CWE-310""],GHSA:[""GHSA-vgrx-w6rg-8fqf""],NSP:[87]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"",cvssScore:4.2,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""/vulns"",label:""Snyk Vulnerability Database""},{label:f,url:""/vulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview
"":""<p><a href=""https://www.npmjs.com/package/jwt-simple"">&#39;jwt-simple&#39;</a> is a <code>JSON Web Token</code> encode and decode module"
SQL Injection,waterline-sequel,https://security.snyk.io/vuln/npm:waterline-sequel:20160804,CVE-2016-10551,False,<0.5.1 ,n/a
Resources Downloaded over Insecure Protocol,igniteui,https://security.snyk.io/vuln/npm:igniteui:20160804,CVE-2016-10552,False,<=0.0.5 ,n/a
Cross-site Scripting (XSS),tinymce,https://security.snyk.io/vuln/npm:tinymce:20150813,,False,<4.2.4 ,https://github.com/tinymce/tinymce/commit/c68a5930512d7b37b5dc495bde5f7cbb739e11e7
Regular Expression Denial of Service (ReDoS),moment,https://security.snyk.io/vuln/npm:moment:20161019,,False,<2.15.2 ,n/a
Authentication Bypass,jsjws,https://security.snyk.io/vuln/npm:jsjws:20150531,,False,<2.0.0 ,https://github.com/davedoesdev/node-jsjws/commit/ac456b5f9bb96695f1dd838acc8f089154b2da04
Cross-site Scripting (XSS),cheerio,https://security.snyk.io/vuln/npm:cheerio:20120311,,False,<=0.8.3 ,https://github.com/cheeriojs/cheerio/pull/71/commits/1e2b3240f11b1a7fa3f0bc9009f18a5d7b59bae1
Cross-site Scripting (XSS),jquery,https://security.snyk.io/vuln/npm:jquery:20140902,CVE-2014-6071,False,>=1.4.2 <1.6.2 ,n/a
Cross-site Scripting (XSS),jquery,https://security.snyk.io/vuln/npm:jquery:20120206,CVE-2017-16011,False,<1.9.1 ,https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
Cross-site Scripting (XSS),jquery,https://security.snyk.io/vuln/npm:jquery:20110606,CVE-2011-4969,False,<1.6.3 ,n/a
Broken CORS,sails,https://security.snyk.io/vuln/npm:sails:20161013,CVE-2016-10549,False,<0.12.7 ,n/a
Denial of Service (DoS),uws,https://security.snyk.io/vuln/npm:uws:20161013,CVE-2016-10544,False,<0.10.9 >=0.10.0 ,n/a
Cross-site Scripting (XSS),plotly.js,https://security.snyk.io/vuln/npm:plotly.js:20160808,,False,>=1.10.4 <1.16.0 ,n/a
Arbitrary Code Injection,reduce-css-calc,https://security.snyk.io/vuln/npm:reduce-css-calc:20160913,CVE-2016-10548,False,<1.2.5 ,n/a
Arbitrary Code Injection,pouchdb,https://security.snyk.io/vuln/npm:pouchdb:20160830,CVE-2016-10546,False,<6.0.5 ,n/a
CSS Injection,plotly.js,https://security.snyk.io/vuln/npm:plotly.js:20160808-1,,False,<1.16.0 ,n/a
Sensitive Information Exposure,airbrake,https://security.snyk.io/vuln/npm:airbrake:20160215,,False,<=0.3.8 ,https://github.com/airbrake/node-airbrake/pull/84/commits/e35b9ba8bd5fe3d20ce543c754d6479872ff3b74
Regular Expression Denial of Service (ReDoS),uc.micro,https://security.snyk.io/vuln/npm:uc.micro:20160530,,False,<=1.0.0 ,n/a
Cross-site Scripting (XSS),boom,https://security.snyk.io/vuln/npm:boom:20130209,,False,<0.3.0 ,https://github.com/hapijs/boom/commit/c56a9f859e2c17da7973a7cdaacb92d804cb43b0
Cross-site Scripting (XSS),ckeditor-dev,https://security.snyk.io/vuln/npm:ckeditor-dev:20140626,,False,<4.4.3 ,n/a
Cross-site Scripting (XSS),markdown-it,https://security.snyk.io/vuln/npm:markdown-it:20160912,,False,<4.1.0 ,https://github.com/markdown-it/markdown-it/commit/f76d3beb46abd121892a2e2e5c78376354c214e3
Cross-site Scripting (XSS),ckeditor-dev,https://security.snyk.io/vuln/npm:ckeditor-dev:20141118,,False,<4.4.6 ,n/a
Shell Command Injection,git-ls-remote,https://security.snyk.io/vuln/npm:git-ls-remote:20160923,,False,<0.2.0 ,n/a
Cross-site Scripting (XSS),ckeditor-dev,https://security.snyk.io/vuln/npm:ckeditor-dev:20150630,,False,<4.4.8 ,n/a
Cross-site Scripting (XSS),brisket,https://security.snyk.io/vuln/npm:brisket:20160913,,False,<=0.33.0 ,n/a
Cross-site Scripting (XSS),ckeditor-dev,https://security.snyk.io/vuln/npm:ckeditor-dev:20160822,,False,<4.5.11 ,n/a
Uninitialized Memory Exposure,bl,https://security.snyk.io/vuln/npm:bl:20160119,,False,<0.9.5 >=1.0.0 <1.0.1 ,n/a
Code Injection,crossbow-lang,https://security.snyk.io/vuln/npm:crossbow-lang:20160819,,False,* ,n/a
Code Injection,dustjs-linkedin,https://security.snyk.io/vuln/npm:dustjs-linkedin:20160819,,False,<2.6.0 ,https://github.com/linkedin/dustjs/pull/534/commits/884be3bb3a34a843e6fb411100088e9b02326bd4
Cross-site Scripting (XSS),nunjucks,https://security.snyk.io/vuln/npm:nunjucks:20160906,CVE-2016-10547,False,<2.4.3 ,n/a
Non-Constant Time String Comparison,cookie-signature,https://security.snyk.io/vuln/npm:cookie-signature:20160804,CVE-2016-1000236,False,<1.0.4 ,"https:\u002F\u002Fgithub.com\u002Ftj\u002Fnode-cookie-signature\u002Fcommit\u002F39791081692e9e14aa62855369e1c7f80fbfd50e)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2016-08-29T00:00:00Z"",disclosureTime:""2014-01-28T00:00:00Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-COOKIESIGNATURE-10134""],CVE:[""CVE-2016-1000236""],CWE:[""CWE-208""],GHSA:[""GHSA-92vm-wfm5-mxvv""],NSP:[134]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:L\u002FUI:N\u002FS:C\u002FC:H\u002FI:N\u002FA:N"",cvssScore:6.3,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fcookie-signature\""\u003E&#39;cookie-signature&#39;\u003C\u002Fa\u003E is a library for signing cookies.\u003C\u002Fp\u003"
Insecure use of /tmp folder,cli,https://security.snyk.io/vuln/npm:cli:20160615,CVE-2016-10538,False,<1.0.0 ,n/a
Cross-site Scripting (XSS),pivottable,https://security.snyk.io/vuln/npm:pivottable:20160817,CVE-2016-1000241,False,>=1.4.0 <2.0.0 ,n/a
Denial of Service (DoS),mqtt,https://security.snyk.io/vuln/npm:mqtt:20160817,CVE-2016-1000242,False,<1.0.0 ,n/a
Cross-site Scripting (XSS),c3,https://security.snyk.io/vuln/npm:c3:20160817,CVE-2016-1000240,False,<0.4.11 ,https://github.com/c3js/c3/commit/de3864650300488a63d0541620e9828b00e94b42
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/npm:swagger-ui:20160815,,False,<2.1.0 ,https://github.com/swagger-api/swagger-ui/commit/162cd536a1d4bcf883af6129806c1f6387c3e690
Spoofing attack due to unvalidated KDC,node-krb5,https://security.snyk.io/vuln/npm:node-krb5:20160804,CVE-2016-1000238,False,* ,n/a
Cross-site Scripting (XSS),sanitize-html,https://security.snyk.io/vuln/npm:sanitize-html:20160801,,False,<=1.4.2 ,n/a
Insecure Defaults Allow MitM,ezseed-transmission,https://security.snyk.io/vuln/npm:ezseed-transmission:20160729,CVE-2016-1000224,False,>=0.0.10 <0.0.15 ,n/a
Forgeable Public/Private Tokens,jws,https://security.snyk.io/vuln/npm:jws:20160726,CVE-2016-1000223,False,<3.0.0 ,n/a
Cross-site Scripting (XSS),fuelux,https://security.snyk.io/vuln/npm:fuelux:20160725,CVE-2016-1000235,False,<3.15.7 ,n/a
Cross-site Scripting (XSS),jqtree,https://security.snyk.io/vuln/npm:jqtree:20160725,CVE-2016-1000234,False,<1.3.4 ,n/a
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/npm:swagger-ui:20160725,,False,<2.2.1 ,n/a
Cross-site Scripting (XSS),emojione,https://security.snyk.io/vuln/npm:emojione:20160725,CVE-2016-1000231,False,<1.3.1 ,https://github.com/Ranks/emojione/commit/613079b16c00e47fb3c44744a67ed88a9295afb1
Cross-site Scripting (XSS),rendr,https://security.snyk.io/vuln/npm:rendr:20160725,CVE-2016-1000230,False,<1.1.4 ,n/a
Regular Expression Denial of Service (ReDoS),tough-cookie,https://security.snyk.io/vuln/npm:tough-cookie:20160722,CVE-2016-1000232,False,>=0.9.7 <2.3.0 ,https://github.com/SalesforceEng/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534
Cross-site Scripting (XSS),jquery-ui,https://security.snyk.io/vuln/npm:jquery-ui:20160721,CVE-2016-7103,False,<1.12.0 ,n/a
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/npm:swagger-ui:20160721,CVE-2016-1000229,False,<2.2.1 ,n/a
Cross-site Scripting (XSS),gmail-js,https://security.snyk.io/vuln/npm:gmail-js:20160721,CVE-2016-1000228,False,<0.6.5 ,https://github.com/KartikTalwar/gmail.js/commit/82f1876bdc379531043d3f46ee19b338e8ec907d
Cross-site Scripting (XSS),bootstrap-tagsinput,https://security.snyk.io/vuln/npm:bootstrap-tagsinput:20160720,CVE-2016-1000227,False,* ,n/a
Cross-site Scripting (XSS),swagger-ui,https://security.snyk.io/vuln/npm:swagger-ui:20160720,,False,<2.2.1 ,n/a
SQL Injection,sequelize,https://security.snyk.io/vuln/npm:sequelize:20160718,CVE-2016-1000225,False,>=3.4.0 <3.23.6 ,n/a
Improper input validation,call,https://security.snyk.io/vuln/npm:call:20160705,CVE-2016-10543,False,>=2.0.1 <3.0.2 ,n/a
Denial of Service (DoS),ws,https://security.snyk.io/vuln/npm:ws:20160624,CVE-2016-10542,False,<1.1.1 ,n/a
Cross-site Scripting (XSS),backbone,https://security.snyk.io/vuln/npm:backbone:20160523,CVE-2016-10537,False,<0.1.2 ,n/a
Private Data Disclosure,express-restify-mongoose,https://security.snyk.io/vuln/npm:express-restify-mongoose:20160419,CVE-2016-10533,False,< 2.5.0 >= 3.0.0 <3.1.0 ,n/a
Non-Constant Time String Comparison,csrf-lite,https://security.snyk.io/vuln/npm:csrf-lite:20160423,CVE-2016-10535,False,<=0.1.1 ,n/a
Command Injection,shell-quote,https://security.snyk.io/vuln/npm:shell-quote:20160621,CVE-2016-10541,False,<1.6.1 ,n/a
Regular Expression Denial of Service (ReDoS),minimatch,https://security.snyk.io/vuln/SNYK-JS-MINIMATCH-1019388,,False,<3.0.2 ,https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
Regular Expression Denial of Service (ReDoS),minimatch,https://security.snyk.io/vuln/npm:minimatch:20160620,CVE-2016-10540,False,<3.0.2 ,https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
Regular Expression Denial of Service (ReDoS),negotiator,https://security.snyk.io/vuln/npm:negotiator:20160616,CVE-2016-10539,False,<0.6.1 ,https://github.com/jshttp/negotiator/commit/26a05ec15cf7d1fa56000d66ebe9c9a1a62cb75c
Insecure Defaults,engine.io-client,https://security.snyk.io/vuln/npm:engine.io-client:20160426,,False,<1.6.9 ,n/a
Authentication Bypass,console-io,https://security.snyk.io/vuln/npm:console-io:20160418,CVE-2016-10532,False,<2.3.0 ,https://github.com/cloudcmd/console/commit/62f0fbcb36226436af0dad52ffe4d8cd9a0c533f
SSL Validation disabled by default,electron-packager,https://security.snyk.io/vuln/npm:electron-packager:20160422,CVE-2016-10534,False,>= 5.2.1 <= 6.0.2 ,n/a
Cross-site Scripting (XSS),marked,https://security.snyk.io/vuln/npm:marked:20150520,CVE-2016-10531,False,>=0.3.1 <0.3.6 ,https://github.com/chjj/marked/pull/592/commits/2cff85979be8e7a026a9aca35542c470cf5da523
npm Token Leak,npm,https://security.snyk.io/vuln/npm:npm:20160418,,False,<2.15.1 >=3.0.0 <3.8.4 ,"https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401)"",severity:""medium"",packageName:c,packageManager:c,publicationTime:""2016-04-20T14:45:19Z"",disclosureTime:""2016-04-18T21:16:44Z"",credit:[""Mitar"",""Will White & the team at Mapbox"",""Max Motovilov"",""James Taylor""],identifiers:{ALTERNATIVE:[""SNYK-JS-NPM-10100""],CVE:[],CWE:[""CWE-200""],NSP:[98]},semver:{vulnerable:[""<2.15.1"","">=3.0.0 <3.8.4""]},CVSSv3:""CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"",cvssScore:6.8,language:""js"",socialTrendAlert:a,proprietary:a,breadcrumbItems:[{url:""/vulns"",label:""Snyk Vulnerability Database""},{label:c,url:""/vulns?type=npm""},{label:c,testHook:""filter""}],vulnDescription:{""Overview
"":""<p>This vulnerability could cause the unintentional leakage of bearer tokens"
Remote Memory Exposure,sequelize,https://security.snyk.io/vuln/npm:sequelize:20160115,CVE-2016-10550,False,<3.17.2 ,n/a
SQL Injection,sequelize,https://security.snyk.io/vuln/npm:sequelize:20150517,CVE-2016-10553,False,<2.1.4 ,n/a
SQL Injection,sequelize,https://security.snyk.io/vuln/npm:sequelize:20130614,CVE-2016-10554,False,>=0.2.2 <1.7.0-alpha3 ,n/a
SQL Injection,sequelize,https://security.snyk.io/vuln/npm:sequelize:20160106,,False,>=0.2.2 <3.13.17 ,n/a
SQL Injection,sequelize,https://security.snyk.io/vuln/npm:sequelize:20160329,CVE-2016-10556,False,<3.20.0 ,n/a
Template Injection,jsrender,https://security.snyk.io/vuln/npm:jsrender:20160330,CVE-2016-3942,False,<=0.9.73 ,n/a
Directory Traversal,restafary,https://security.snyk.io/vuln/npm:restafary:20160328,CVE-2016-10528,False,<1.6.1 ,"https:\u002F\u002Fgithub.com\u002Fcoderaiser\u002Fnode-restafary\u002Fcommit\u002F63e4b13c802991bbff2d0af8bd15b0bce9ff971a)"",severity:""medium"",packageName:f,packageManager:g,publicationTime:""2016-03-29T00:00:02.781000Z"",disclosureTime:""2016-03-28T22:21:23Z"",credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-RESTAFARY-10091""],CVE:[""CVE-2016-10528""],CWE:[""CWE-22""],GHSA:[""GHSA-xg5r-8j97-2wrj""],NSP:[89]},semver:{vulnerable:[i]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:N\u002FA:N"",cvssScore:4.3,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:g,url:""\u002Fvulns?type=npm""},{label:f,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ccode\u003Erestafary\u003C\u002Fcode\u003E versions prior to 1.6.1 did not properly prevent path traversal, allowing access to sensitive files and data on the server. For example, requesting the following url \u003Ccode\u003E\u002Fapi\u002Fv1\u002Ffs\u002F..%2f..%2fetc\u002Fpasswd\u003C\u002Fcode\u003E would result in \u003Ccode\u003E\u002Fetc\u002Fpasswd\u003C\u002Fcode\u003E leak.\u003C\u002Fp\u003"
Cross-site Request Forgery (CSRF),droppy,https://security.snyk.io/vuln/npm:droppy:20160328,CVE-2016-10529,False,<3.5.0 ,n/a
Insecure Default Configuration,airbrake,https://security.snyk.io/vuln/npm:airbrake:20160328,CVE-2016-10530,False,<=0.3.8 ,n/a
Insecure Randomness,node-uuid,https://security.snyk.io/vuln/npm:node-uuid:20160328,CVE-2015-8851,False,<1.4.4 ,n/a
Remote Memory Exposure,request,https://security.snyk.io/vuln/npm:request:20160119,CVE-2017-16026,False,>2.2.5 <2.68.0 ,https://github.com/request/request/pull/2018/commits/3d31d4526fa4d4e4f59b89cabe194fb671063cdb
Regular Expression Denial of Service (ReDoS),riot-compiler,https://security.snyk.io/vuln/npm:riot-compiler:20160321,CVE-2016-10527,False,<=2.3.21 ,n/a
Credentials saved as clear-text in log,grunt-gh-pages,https://security.snyk.io/vuln/npm:grunt-gh-pages:20160316,CVE-2016-10526,False,<=0.9.1 ,n/a
Regular Expression Denial of Service (ReDoS),moment,https://security.snyk.io/vuln/npm:moment:20160126,CVE-2016-4055,False,<2.11.2 ,https:\u002F\u002Fgithub.com\u002Fmoment\u002Fmoment\u002Fcommit\u002F52a807b961ead925be11ff5e632c8f7325a9ce36)\
Authentication Bypass in Try Mode,hapi-auth-jwt2,https://security.snyk.io/vuln/npm:hapi-auth-jwt2:20160128,CVE-2016-10525,False,<5.1.2 ,n/a
Denial of Service (DoS),i18n-node-angular,https://security.snyk.io/vuln/npm:i18n-node-angular:20160125,CVE-2016-10524,False,<1.4.0 ,n/a
Remote Memory Exposure,mongoose,https://security.snyk.io/vuln/npm:mongoose:20160116,,False,>=3.5.5 <3.8.39 >=4.0.0 <4.3.6 ,n/a
Regular Expression Denial of Service (ReDoS),hawk,https://security.snyk.io/vuln/npm:hawk:20160119,CVE-2016-2515,False,<3.1.3 >=4.0.0 <4.1.1 ,n/a
Sensitive Information Exposure,libxmljs,https://security.snyk.io/vuln/npm:libxmljs:20151214,CVE-2015-7499,False,<0.17.0 ,n/a
Regular Expression Denial of Service (ReDoS),is-my-json-valid,https://security.snyk.io/vuln/npm:is-my-json-valid:20160118,CVE-2016-2537,False,<2.12.4 ,"https:\u002F\u002Fgithub.com\u002Fmafintosh\u002Fis-my-json-valid\u002Fcommit\u002Feca4beb21e61877d76fdf6bea771f72f39544d9b)"",severity:""high"",packageName:e,packageManager:f,publicationTime:""2016-01-18T12:28:12Z"",disclosureTime:""2016-01-18T04:29:55Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-ISMYJSONVALID-10079""],CVE:[""CVE-2016-2537""],CWE:[""CWE-400""],GHSA:[""GHSA-f522-ffg8-j8r6""],NSP:[76]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:H\u002FE:F\u002FRL:O\u002FRC:C"",cvssScore:7.5,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fgithub.com\u002Fmafintosh\u002Fis-my-json-valid\""\u003Eis-my-json-valid\u003C\u002Fa\u003E is a JSONSchema validator that uses code generation to be extremely fast.\u003C\u002Fp\u003"
Denial of Service (DoS),mqtt-packet,https://security.snyk.io/vuln/npm:mqtt-packet:20160115,CVE-2016-10523,False,<3.4.6 >4.0.0 <4.0.5 ,n/a
Content Injection via TileJSON Name,mapbox.js,https://security.snyk.io/vuln/npm:mapbox.js:20160112,,False,<1.6.6 >2.0.0 <2.2.4 ,n/a
Regular Expression Denial of Service (ReDoS),jadedown,https://security.snyk.io/vuln/npm:jadedown:20160105,CVE-2016-10520,False,* ,n/a
Regular Expression Denial of Service (ReDoS),jshamcrest,https://security.snyk.io/vuln/npm:jshamcrest:20160105,CVE-2016-10521,False,* ,n/a
Potentially loose security restrictions,hapi,https://security.snyk.io/vuln/npm:hapi:20151228,CVE-2015-9243,False,<11.1.4 ,n/a
Remote Memory Exposure,ws,https://security.snyk.io/vuln/npm:ws:20160104,CVE-2016-10518,False,< 1.0.1 ,n/a
SQL Injection,mysql,https://security.snyk.io/vuln/npm:mysql:20151228,CVE-2015-9244,False,>=2.0.0-alpha <2.0.0-alpha8 ,https://github.com/felixge/node-mysql/commit/bc8f3df0694fa876d7858f9d56cb9a9696ef38fa
Remote Memory Exposure,bittorrent-dht,https://security.snyk.io/vuln/npm:bittorrent-dht:20160104,CVE-2016-10519,False,<5.1.3 ,n/a
Denial of Service (DoS),hapi,https://security.snyk.io/vuln/npm:hapi:20151223,CVE-2015-9241,False,<11.1.3 ,n/a
Denial of Service (DoS),ecstatic,https://security.snyk.io/vuln/npm:ecstatic:20151223,CVE-2015-9242,False,<1.4.0 ,n/a
Cross-site Scripting (XSS),handlebars,https://security.snyk.io/vuln/npm:handlebars:20151207,CVE-2015-8861,False,<4.0.0 ,"https:\u002F\u002Fgithub.com\u002Fwycats\u002Fhandlebars.js\u002Fcommit\u002F83b8e846a3569bd366cf0b6bdc1e4604d1a2077e)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:""2015-12-14T23:52:16Z"",disclosureTime:""2015-12-07T16:52:07Z"",credit:[g],identifiers:{ALTERNATIVE:[""SNYK-JS-HANDLEBARS-10068""],CVE:[""CVE-2015-8861""],CWE:[""CWE-79""],GHSA:[""GHSA-9prh-257w-9277"",""GHSA-fmr4-7g9q-7hc7""],NSP:[61]},semver:{vulnerable:[h]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N"",cvssScore:5.3,language:""js"",socialTrendAlert:c,proprietary:c,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{""Overview\r"":""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fgithub.com\u002Fwycats\u002Fhandlebars.js\u002F\""\u003Ehandlebars\u003C\u002Fa\u003E provides the power necessary to let you build semantic templates.\u003C\u002Fp\u003"
Content Injection due to quoteless attributes,mustache,https://security.snyk.io/vuln/npm:mustache:20151207,CVE-2015-8862,False,<2.2.1 ,n/a
Authentication Weakness,keystone,https://security.snyk.io/vuln/npm:keystone:20151204,CVE-2015-9240,False,<0.3.16 ,n/a
Regular Expression Denial of Service (ReDoS),millisecond,https://security.snyk.io/vuln/npm:millisecond:20151120,CVE-2015-8315,False,<0.1.2 ,n/a
CORS Bypass,hapi,https://security.snyk.io/vuln/npm:hapi:20151020,CVE-2015-9236,False,<11.0.0 ,n/a
Regular Expression Denial of Service (ReDoS),bleach,https://security.snyk.io/vuln/npm:bleach:20151024,CVE-2014-8881,False,* ,n/a
Regular Expression Denial of Service (ReDoS),ansi2html,https://security.snyk.io/vuln/npm:ansi2html:20151025,CVE-2015-9239,False,* ,n/a
Remote Shell Command Injection,gm,https://security.snyk.io/vuln/npm:gm:20151026,CVE-2015-7982,False,<=1.20.0 ,n/a
Cross-site Scripting (XSS),mustache,https://security.snyk.io/vuln/npm:mustache:20110814,,False,< 0.3.1 ,n/a
Cross-site Scripting (XSS),backbone,https://security.snyk.io/vuln/npm:backbone:20110701,,False,<0.5.0 ,n/a
Cross-site Scripting (XSS),handlebars,https://security.snyk.io/vuln/npm:handlebars:20110425,,False,<=1.0.0-beta.3 ,n/a
Cross-site Scripting (XSS),dojo,https://security.snyk.io/vuln/npm:dojo:20100614-6,CVE-2010-2275,False,<1.4.2 ,n/a
Cross-site Scripting (XSS),ember,https://security.snyk.io/vuln/npm:ember:20130105,CVE-2013-4170,False,>= 1.0.0-rc.1 <1.0.0-rc.1.1 >= 1.0.0-rc.2 <1.0.0-rc.2.1 >= 1.0.0-rc.3 <1.0.0-rc.3.1 >= 1.0.0-rc.4 <1.0.0-rc.4.1 >= 1.0.0-rc.5 <1.0.0-rc.5.1 >= 1.0.0-rc.6 <1.0.0-rc.6.1 ,n/a
Insecure Comparison,secure-compare,https://security.snyk.io/vuln/npm:secure-compare:20151024,CVE-2015-9238,False,<3.0.1 ,n/a
Symlink File Overwrite,tar,https://security.snyk.io/vuln/npm:tar:20151103,CVE-2015-8860,False,>0.0.1 <2.0.0 ,https://github.com/npm/node-tar/commit/a5337a6cd58a2d800fc03b3781a25751cf459f28
Content Injection via TileJSON attribute,mapbox.js,https://security.snyk.io/vuln/npm:mapbox.js:20151024,,False,<1.6.5 >2.0.0 <2.1.7 ,n/a
Cross-site Scripting (XSS),dojo,https://security.snyk.io/vuln/npm:dojo:20100614,CVE-2010-2276,False,>=0.4.0 <0.4.4 >=1.0.0 <1.0.3 >=1.1.0 <1.1.2 >=1.2.0 <1.2.4 >=1.3.0 <1.3.3 >=1.4.0 <1.4.2 ,n/a
Regular Expression Denial of Service (ReDoS),ms,https://security.snyk.io/vuln/npm:ms:20151024,CVE-2015-8315,False,<0.7.1 ,n/a
Root Path Disclosure,send,https://security.snyk.io/vuln/npm:send:20151103,CVE-2015-8859,False,<0.11.1 ,https:\u002F\u002Fgithub.com\u002Fpillarjs\u002Fsend\u002Fcommit\u002F98a5b89982b38e79db684177cf94730ce7fc7aed)\
Cross-site Scripting (XSS),sanitize-html,https://security.snyk.io/vuln/npm:sanitize-html:20141024,CVE-2016-1000237,False,<1.4.3 ,n/a
Cross-site Scripting (XSS),ember,https://security.snyk.io/vuln/npm:ember:20140214,,False,>=1.2.0 <1.2.2 >=1.3.0 <1.3.1 ,n/a
Regular Expression Denial of Service (ReDoS),uglify-js,https://security.snyk.io/vuln/npm:uglify-js:20151024,CVE-2015-8858,False,<2.6.0 ,n/a
Cross-site Scripting (XSS),ember,https://security.snyk.io/vuln/npm:ember:20140114,CVE-2014-0014,False,>=1.4.0-beta.1 <1.4.0-beta.2 >=1.3.0 <1.3.1 >=1.2.0 <1.2.1 >=1.1.0 <1.1.3 >=1.0.0 <1.0.1 ,n/a
LDAP Injection,ldapauth,https://security.snyk.io/vuln/npm:ldapauth:20150918,,False,<=2.2.4 ,n/a
LDAP Injection,ldapauth-fork,https://security.snyk.io/vuln/npm:ldapauth-fork:20150918,CVE-2015-7294,False,< 2.3.3 ,n/a
Cross-site Scripting (XSS),datatables,https://security.snyk.io/vuln/npm:datatables:20150918,CVE-2015-6584,False,<1.10.10 ,n/a
Improper minification of non-boolean comparisons,uglify-js,https://security.snyk.io/vuln/npm:uglify-js:20150824,CVE-2015-8857,False,>=2.2.0 <2.4.24 ,n/a
Directory Traversal,geddy,https://security.snyk.io/vuln/npm:geddy:20150727,CVE-2015-5688,False,<13.0.8 ,n/a
Cross-site Request Forgery (CSRF),jquery-ujs,https://security.snyk.io/vuln/npm:jquery-ujs:20150624,CVE-2015-1840,False,<1.0.4 ,n/a
Regular Expression Denial of Service (ReDoS),semver,https://security.snyk.io/vuln/npm:semver:20150403,CVE-2015-8855,False,<4.3.2 ,n/a
Authentication Bypass,jsonwebtoken,https://security.snyk.io/vuln/npm:jsonwebtoken:20150331,CVE-2015-9235,False,<4.2.2 ,https://github.com/auth0/node-jsonwebtoken/commit/1bb584bc382295eeb7ee8c4452a673a77a68b687
Cross-site Scripting (XSS),serve-index,https://security.snyk.io/vuln/npm:serve-index:20150314,CVE-2015-8856,False,<1.6.3 ,n/a
Command Injection,ungit,https://security.snyk.io/vuln/npm:ungit:20150122,CVE-2015-4130,False,<=0.8.4 ,n/a
SQL Injection,sequelize,https://security.snyk.io/vuln/npm:sequelize:20150118,CVE-2015-1369,False,<2.0.0-rc8 ,n/a
Open Redirect,serve-static,https://security.snyk.io/vuln/npm:serve-static:20150113,CVE-2015-1164,False,<1.6.5 >=1.7.0 <1.7.2 ,n/a
Hidden Directories Leakage,inert,https://security.snyk.io/vuln/npm:inert:20141215,CVE-2014-10068,False,<1.1.1 ,n/a
Validation Bypass,paypal-ipn,https://security.snyk.io/vuln/npm:paypal-ipn:20141203,CVE-2014-10067,False,<3.0.0 ,n/a
Directory Traversal,fancy-server,https://security.snyk.io/vuln/npm:fancy-server:20141114,CVE-2014-10066,False,<0.1.4 ,n/a
Directory Traversal,nhouston,https://security.snyk.io/vuln/npm:nhouston:20141114,CVE-2014-8883,False,* ,n/a
Content Injection,remarkable,https://security.snyk.io/vuln/npm:remarkable:20141113,CVE-2014-10065,False,<1.4.1 ,n/a
Regular Expression Denial of Service (ReDoS),validator,https://security.snyk.io/vuln/npm:validator:20130705,CVE-2014-8882,False,>=0.1.0 <3.22.1 ,n/a
Arbitrary Command Injection,dns-sync,https://security.snyk.io/vuln/npm:dns-sync:20141111,CVE-2014-9682,False,<0.1.3 ,n/a
Cross-site Scripting (XSS),validator,https://security.snyk.io/vuln/npm:validator:20130705-1,CVE-2014-9772,False,<2.0.0 ,n/a
Arbitrary JavaScript Code Injection,bassmaster,https://security.snyk.io/vuln/npm:bassmaster:20140927,CVE-2014-7205,False,<=1.5.1 ,n/a
Directory Traversal,send,https://security.snyk.io/vuln/npm:send:20140912,CVE-2014-6394,False,< 0.8.4 ,https://github.com/visionmedia/send/commit/9c6ca9b2c0b880afd3ff91ce0d211213c5fa5f9a
Cross-site Scripting (XSS),express,https://security.snyk.io/vuln/npm:express:20140912,CVE-2014-6393,False,<3.11.0 >=4.0.0 <4.5.0 ,n/a
Denial of Service (DoS),qs,https://security.snyk.io/vuln/npm:qs:20140806-1,CVE-2014-10064,False,<1.0.0 ,n/a
Denial of Service (DoS),qs,https://security.snyk.io/vuln/npm:qs:20140806,CVE-2014-7191,False,<1.0.0 ,https://github.com/tj/node-querystring/pull/114/commits/43a604b7847e56bba49d0ce3e222fe89569354d8
CORS Token Disclosure,crumb,https://security.snyk.io/vuln/npm:crumb:20140801,CVE-2014-7193,False,<3.0.0 ,n/a
Potential Script Injection,syntax-error,https://security.snyk.io/vuln/npm:syntax-error:20140715,CVE-2014-7192,False,< 1.1.1 ,n/a
Rosetta-flash jsonp vulnerability,hapi,https://security.snyk.io/vuln/npm:hapi:20140708-1,CVE-2014-4671,False,< 6.1.0 ,n/a
Denial of Service (DoS),hapi,https://security.snyk.io/vuln/npm:hapi:20140708,CVE-2014-3742,False,>=2.0.0 <2.2.0 ,n/a
Denial of Service (DoS),yar,https://security.snyk.io/vuln/npm:yar:20140616,CVE-2014-4179,False,<2.2.0 ,n/a
Arbitrary Command Injection,printer,https://security.snyk.io/vuln/npm:printer:20140306,CVE-2014-3741,False,<= 0.0.1 ,n/a
Directory Traversal,st,https://security.snyk.io/vuln/npm:st:20140206,CVE-2014-3744,False,<0.2.5 ,n/a
Heap-based Buffer Overflow,libyaml,https://security.snyk.io/vuln/npm:libyaml:20140204,CVE-2013-6393,False,<0.2.3 ,n/a
Regular Expression Denial of Service (ReDoS),marked,https://security.snyk.io/vuln/npm:marked:20140131-1,CVE-2015-8854,False,<0.3.4 ,https://github.com/chjj/marked/commit/a37bd643f05bf95ff18cafa2b06e7d741d2e2157
VBScript Content Injection,marked,https://security.snyk.io/vuln/npm:marked:20140131-2,CVE-2015-1370,False,<0.3.3 ,https://github.com/markedjs/marked/commit/3c191144939107c45a7fa11ab6cb88be6694a1ba
Multiple Content Injection Vulnerabilities,marked,https://security.snyk.io/vuln/npm:marked:20140131,CVE-2014-3743,False,<=0.3.0 ,n/a
Arbitrary Command Injection,codem-transcode,https://security.snyk.io/vuln/npm:codem-transcode:20130707,CVE-2013-7377,False,<0.5.0 ,n/a
Cross-site Scripting (XSS),validator,https://security.snyk.io/vuln/npm:validator:20130705-2,CVE-2013-7454,False,<1.1.1 ,n/a
Cross-site Scripting (XSS),connect,https://security.snyk.io/vuln/npm:connect:20130701,CVE-2013-7370,False,<2.8.2 ,https://github.com/senchalabs/connect/commit/126187c4e12162e231b87350740045e5bb06e93a
Code Execution due to Deserialization,js-yaml,https://security.snyk.io/vuln/npm:js-yaml:20130623,CVE-2013-4660,False,<2.0.5 ,n/a
Potential Command Injection,libnotify,https://security.snyk.io/vuln/npm:libnotify:20130515,CVE-2013-7381,False,<= 1.0.3 ,n/a
Command Injection,hubot-scripts,https://security.snyk.io/vuln/npm:hubot-scripts:20130515,CVE-2013-7378,False,<= 2.4.3 ,"https:\u002F\u002Fgithub.com\u002Fgithub\u002Fhubot-scripts\u002Fcommit\u002Ffeee5abdb038a229a98969ae443cdb8a61747782)"",severity:""medium"",packageName:e,packageManager:f,publicationTime:g,disclosureTime:g,credit:[h],identifiers:{ALTERNATIVE:[""SNYK-JS-HUBOTSCRIPTS-10002""],CVE:[""CVE-2013-7378""],CWE:[""CWE-77""],GHSA:[""GHSA-hwch-749c-rv63""],NSP:[13]},semver:{vulnerable:[""\u003C= 2.4.3""]},CVSSv3:""CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N"",cvssScore:4.8,language:""js"",socialTrendAlert:b,proprietary:b,breadcrumbItems:[{url:""\u002Fvulns"",label:""Snyk Vulnerability Database""},{label:f,url:""\u002Fvulns?type=npm""},{label:e,testHook:""filter""}],vulnDescription:{Overview:""\u003Cp\u003E\u003Ca href=\""https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fhubot-scripts\""\u003Ehubot-scripts\u003C\u002Fa\u003E is a collection of community scripts for hubot, a chat bot.\u003C\u002Fp\u003"
Unauthenticated Remote Command Injection,ep_imageconvert,https://security.snyk.io/vuln/npm:ep_imageconvert:20130506,CVE-2013-7380,False,<=0.0.2 ,n/a
API Admin Auth Weakness,tomato,https://security.snyk.io/vuln/npm:tomato:20130307,CVE-2013-7379,False,<0.0.6 ,n/a