All Advisories (1,023)

Title Package Date Published
Weak Randomization of BridgeSecret in cordova-android cordova-android 6/21/17
API Admin Auth Weakness in tomato tomato 3/7/13
Access Restriction Bypass in npm npm 3/21/18
Arbitrary Code Execution gifsicle 2/20/18
Arbitrary Code Execution in cordova-android cordova-android 6/21/17
Arbitrary Code Execution in mathjs mathjs 1/28/18
Arbitrary Code Execution in mathjs mathjs 11/28/17
Arbitrary Code Execution in nodebb nodebb 4/3/17
Arbitrary Code Execution in quill quill 2/28/17
Arbitrary Code Execution in sandbox sandbox 11/7/17
Arbitrary Code Execution in static-eval static-eval 10/18/17
Arbitrary Code Injection mobile-icon-resizer 1/15/18
Arbitrary Code Injection in growl growl 5/1/17
Arbitrary Code Injection in kmc kmc 5/1/17
Arbitrary Code Injection in m-log m-log 5/1/17
Arbitrary Code Injection in m2m-supervisor m2m-supervisor 5/1/17
Arbitrary Code Injection in microservicebus.node microservicebus.node 5/1/17
Arbitrary Code Injection in mixin-pro mixin-pro 4/30/17
Arbitrary Code Injection in mobile-icon-resizer mobile-icon-resizer 4/30/17
Arbitrary Code Injection in mock2easy mock2easy 5/1/17
Arbitrary Code Injection in modjs modjs 5/1/17
Arbitrary Code Injection in modulify modulify 5/1/17
Arbitrary Code Injection in mol-proto mol-proto 4/8/18
Arbitrary Code Injection in mongo-edit mongo-edit 5/1/17
Arbitrary Code Injection in mongo-parse mongo-parse 5/1/17
Arbitrary Code Injection in mongoosemask mongoosemask 5/1/17
Arbitrary Code Injection in mongoosify mongoosify 5/1/17
Arbitrary Code Injection in mongui mongui 5/1/17
Arbitrary Code Injection in nameless-cli nameless-cli 5/1/17
Arbitrary Code Injection in nd-validator nd-validator 5/1/17
Arbitrary Code Injection in pouchdb pouchdb 10/16/16
Arbitrary Code Injection in protojs protojs 5/1/17
Arbitrary Code Injection in reduce-css-calc reduce-css-calc 10/16/16
Arbitrary Command Execution pullit 2/13/18
Arbitrary Command Execution in clamscan clamscan 1/18/17
Arbitrary Command Execution in windows-cpu windows-cpu 5/19/17
Arbitrary Command Injection in dns-sync dns-sync 11/11/14
Arbitrary Command Injection in whereis whereis 4/1/18
Arbitrary File Upload in youtransfer youtransfer 3/13/17
Arbitrary File Write cli 6/15/16
Arbitrary File Write in connect-parse-php connect-parse-php 6/7/17
Arbitrary File Write in frvr frvr 6/7/17
Arbitrary File Write in innomon innomon 6/7/17
Arbitrary File Write in lam lam 6/7/17
Arbitrary File Write in mysql2csv mysql2csv 6/7/17
Arbitrary File Write in parse-ssi parse-ssi 6/7/17
Arbitrary File Write in terminal-share terminal-share 3/15/18
Arbitrary File Write in thrushs thrushs 6/7/17
Arbitrary File Write in wisper wisper 6/7/17
Arbitrary JavaScript Code Injection in bassmaster bassmaster 9/26/14
Arbitrary Script Injection in angular angular 1/23/17
Arbitrary execution in cordova-ios cordova-ios 6/21/17
Authentication Bypass loopback 3/5/18
Authentication Bypass console-io 4/18/16
Authentication Bypass in Try Mode hapi-auth-jwt2 1/27/16
Authentication Bypass in crumb crumb 6/21/17
Authentication Bypass in ghost ghost 5/30/17
Authentication Bypass in jsjws jsjws 10/20/16
Authentication Bypass in jsonwebtoken jsonwebtoken 3/31/15
Authentication Bypass in keycloak-auth-utils keycloak-auth-utils 1/31/18
Authentication Weakness keystone 12/4/15
Authentication bypass passport-azure-ad 12/5/16
Authentication bypass via incorrect XML canonicalization and DOM traversal saml2-js 2/27/18
Authentication credentails logged in clear text grunt-gh-pages 3/16/16
Authorization Bypass in cordova-ios cordova-ios 6/21/17
Broken CORS in sails sails 10/19/16
CORS Token Disclosure in crumb crumb 7/31/14
CRLF Injection in cordova-plugin-file-transfer cordova-plugin-file-transfer 6/21/17
CSS Injection in plotly.js plotly.js 10/16/16
CSV Injection in keystone keystone 11/5/17
Chromium Remote Code Execution electron 9/28/17
Clickjacking in angular angular 1/23/17
Code Execution Through IIFE serialize-to-js 2/10/17
Code Execution due to Deserialization in js-yaml js-yaml 6/23/13
Code Execution through IIFE node-serialize 2/9/17
Code Injection in crossbow-lang crossbow-lang 9/17/16
Code Injection in dustjs-linkedin dustjs-linkedin 9/13/16
Command Injection fs-git 8/29/17
Command Injection pidusage 6/5/17
Command Injection dns-sync 4/11/17
Command Injection due to untrusted input in printer printer 3/5/14
Command Injection in email.coffee in hubot-scripts hubot-scripts 5/15/13
Command Injection in ffprobe in codem-transcode codem-transcode 7/6/13
Command Injection in gm.compare function gm 10/26/15
Command Injection in shelljs shelljs 2/13/17
Command Injection in ungit ungit 1/21/15
Content & Code Injection (XSS) in nunjucks nunjucks 9/9/16
Content Injection in remarkable remarkable 11/13/14
Content Injection via TileJSON Name mapbox.js 1/12/16
Content Injection via TileJSON attribute mapbox.js 10/24/15
Cross Site Scripting gitbook 4/14/17
Cross Site Scripting sanitize-html 4/11/17
Cross Site Scripting backbone 5/23/16
Cross Site Scripting dojo 5/23/16
Cross-Application Scripting in cordova-android cordova-android 6/21/17
Cross-Site Request Forgery (CSRF) in eslint_d eslint_d 5/8/17
Cross-Site Request Forgery (CSRF) in keystone keystone 12/25/17
Cross-Site Request Forgery in jquery-ujs jquery-ujs 6/23/15
Cross-Site Scripting (XSS) simplehttpserver 3/5/18
Cross-Site Scripting (XSS) in bootstrap bootstrap 1/19/18
Cross-site Request Forgery (CSRF) auth0-js 3/7/18
Cross-site Request Forgery (CSRF) pym.js 2/20/18
Cross-site Request Forgery (CSRF) in auth0-lock auth0-lock 4/9/18
Cross-site Scripting (XSS) zeroclipboard 3/14/18
Cross-site Scripting (XSS) mrk.js 3/5/18
Cross-site Scripting (XSS) anywhere 3/5/18
Cross-site Scripting (XSS) simditor 2/28/18
Cross-site Scripting (XSS) knockout 2/28/18
Cross-site Scripting (XSS) crud-file-server 2/20/18
Cross-site Scripting (XSS) angular 2/18/18
Cross-site Scripting (XSS) dijit 2/13/18
Cross-site Scripting (XSS) in actionhero actionhero 5/8/17
Cross-site Scripting (XSS) in angular angular 1/23/17
Cross-site Scripting (XSS) in angular-gettext angular-gettext 1/23/17
Cross-site Scripting (XSS) in backbone backbone 11/5/15
Cross-site Scripting (XSS) in blocks blocks 1/19/18
Cross-site Scripting (XSS) in boom boom 10/5/16
Cross-site Scripting (XSS) in bootstrap bootstrap 4/10/17
Cross-site Scripting (XSS) in bootstrap-markdown bootstrap-markdown 5/30/17
Cross-site Scripting (XSS) in bracket-template bracket-template 4/15/18
Cross-site Scripting (XSS) in bui bui 3/21/18
Cross-site Scripting (XSS) in cheerio cheerio 10/20/16
Cross-site Scripting (XSS) in ckeditor-dev ckeditor-dev 9/18/16
Cross-site Scripting (XSS) in clusterize.js clusterize.js 12/25/16
Cross-site Scripting (XSS) in datatables datatables 5/8/17
Cross-site Scripting (XSS) in datatables datatables 9/18/15
Cross-site Scripting (XSS) in dojo dojo 11/5/15
Cross-site Scripting (XSS) in dompurify dompurify 4/24/17
Cross-site Scripting (XSS) in easyxdm easyxdm 5/30/17
Cross-site Scripting (XSS) in ejs ejs 12/6/16
Cross-site Scripting (XSS) in electron electron 10/9/17
Cross-site Scripting (XSS) in express express 9/11/14
Cross-site Scripting (XSS) in express-graphql express-graphql 6/21/17
Cross-site Scripting (XSS) in favico.js favico.js 5/8/17
Cross-site Scripting (XSS) in foundation-sites foundation-sites 3/13/17
Cross-site Scripting (XSS) in fullpage.js fullpage.js 5/8/17
Cross-site Scripting (XSS) in ghost ghost 5/30/17
Cross-site Scripting (XSS) in glance glance 4/17/18
Cross-site Scripting (XSS) in handlebars handlebars 11/5/15
Cross-site Scripting (XSS) in hapi hapi 11/22/16
Cross-site Scripting (XSS) in hoek hoek 11/9/16
Cross-site Scripting (XSS) in html-janitor html-janitor 2/11/18
Cross-site Scripting (XSS) in i18next i18next 2/13/17
Cross-site Scripting (XSS) in jquery jquery 10/20/16
Cross-site Scripting (XSS) in jquery-colorbox jquery-colorbox 12/25/17
Cross-site Scripting (XSS) in jquery-migrate jquery-migrate 12/26/16
Cross-site Scripting (XSS) in jquery-mobile jquery-mobile 12/26/16
Cross-site Scripting (XSS) in jquery-ui jquery-ui 2/13/17
Cross-site Scripting (XSS) in js-xss js-xss 1/19/18
Cross-site Scripting (XSS) in jspdf jspdf 3/28/17
Cross-site Scripting (XSS) in jstree jstree 6/21/17
Cross-site Scripting (XSS) in keystone keystone 11/5/17
Cross-site Scripting (XSS) in kibana kibana 1/4/18
Cross-site Scripting (XSS) in kibana kibana 12/25/17
Cross-site Scripting (XSS) in knockout knockout 3/13/17
Cross-site Scripting (XSS) in lets-chat lets-chat 3/6/17
Cross-site Scripting (XSS) in mediaelement mediaelement 5/8/17
Cross-site Scripting (XSS) in metascraper metascraper 4/1/18
Cross-site Scripting (XSS) in morris.js morris.js 4/16/17
Cross-site Scripting (XSS) in mustache mustache 11/5/15
Cross-site Scripting (XSS) in next next 6/13/17
Cross-site Scripting (XSS) in nodebb nodebb 4/3/17
Cross-site Scripting (XSS) in octotree octotree 5/30/17
Cross-site Scripting (XSS) in pivottable pivottable 8/17/16
Cross-site Scripting (XSS) in plotly.js plotly.js 2/28/17
Cross-site Scripting (XSS) in plotly.js plotly.js 10/16/16
Cross-site Scripting (XSS) in polyfill-service polyfill-service 5/8/17
Cross-site Scripting (XSS) in public public 4/17/18
Cross-site Scripting (XSS) in pure pure 12/25/17
Cross-site Scripting (XSS) in ql.io-engine ql.io-engine 5/8/17
Cross-site Scripting (XSS) in react react 1/18/17
Cross-site Scripting (XSS) in rendr rendr 5/8/17
Cross-site Scripting (XSS) in rendr-handlebars rendr-handlebars 5/30/17
Cross-site Scripting (XSS) in restify restify 2/13/17
Cross-site Scripting (XSS) in rethinkdb rethinkdb 3/13/17
Cross-site Scripting (XSS) in reveal.js reveal.js 3/13/17
Cross-site Scripting (XSS) in riot riot 5/8/17
Cross-site Scripting (XSS) in select2 select2 3/13/17
Cross-site Scripting (XSS) in semantic-ui semantic-ui 6/21/17
Cross-site Scripting (XSS) in shiba shiba 1/22/18
Cross-site Scripting (XSS) in shout shout 10/31/16
Cross-site Scripting (XSS) in showdown-xss-filter showdown-xss-filter 1/19/18
Cross-site Scripting (XSS) in simple-server simple-server 3/18/18
Cross-site Scripting (XSS) in socket.io socket.io 2/13/17
Cross-site Scripting (XSS) in squire-rte squire-rte 3/13/17
Cross-site Scripting (XSS) in swagger-ui swagger-ui 3/13/17
Cross-site Scripting (XSS) in textangular textangular 2/13/17
Cross-site Scripting (XSS) in thelounge thelounge 3/6/17
Cross-site Scripting (XSS) in tinymce tinymce 1/9/17
Cross-site Scripting (XSS) in tinymce tinymce 10/27/16
Cross-site Scripting (XSS) in validator validator 1/30/17
Cross-site Scripting (XSS) in vega vega 3/13/17
Cross-site Scripting (XSS) in vue vue 12/25/17
Cross-site Scripting (XSS) in weyland weyland 1/19/18
Cross-site Scripting (XSS) in wysihtml wysihtml 3/13/17
Cross-site Scripting (XSS) in yms yms 3/6/17
Cross-site Scripting (XSS) in yui yui 2/13/17
Cross-site Scripting (XSS) in zeroclipboard zeroclipboard 3/13/17
Cross-site Scripting (XSS) via Bootstrapped data URL in brisket brisket 9/20/16
Cross-site Scripting (XSS) via Class Injection in markdown-it markdown-it 2/13/17
Cross-site Scripting (XSS) via Data URIs in markdown-it markdown-it 9/26/16
Cross-site Scripting (XSS) via Data URIs in marked marked 1/30/17
Cross-site Scripting (XSS) via Data Uri in remarkable remarkable 2/13/17
Cross-site Scripting due to improper file and directory names escaping in serve-index serve-index 3/13/15
DOM-based XSS gmail-js 7/21/16
Denial of Service ecstatic 12/13/17
Denial of Service ws 11/8/17
Denial of Service nes 4/14/17
Denial of Service uws 10/17/16
Denial of Service mqtt-packet 1/15/16
Denial of Service (DDoS) in botkit botkit 12/25/17
Denial of Service (DoS) in connect connect 2/13/17
Denial of Service (DoS) in ejs ejs 12/6/16
Denial of Service (DoS) in electron electron 10/9/17
Denial of Service (DoS) in engine.io engine.io 11/14/16
Denial of Service (DoS) in ghost ghost 5/30/17
Denial of Service (DoS) in jquery jquery 12/26/16
Denial of Service (DoS) in js-quantities js-quantities 8/2/17
Denial of Service (DoS) in kibana kibana 1/4/18
Denial of Service (DoS) in mqtt mqtt 1/3/18
Denial of Service (DoS) in mqtt mqtt 8/17/16
Denial of Service (DoS) in ng-dialog ng-dialog 3/13/17
Denial of Service (DoS) in node-uuid node-uuid 11/22/16
Denial of Service (DoS) in podium podium 12/20/16
Denial of Service (DoS) in ractive ractive 12/25/17
Denial of Service (DoS) in sails sails 1/30/17
Denial of Service (DoS) in share share 4/3/17
Denial of Service (DoS) in websocket-driver websocket-driver 1/30/17
Denial of Service (DoS) in yar yar 6/16/14
Denial of Service (DoS) via Infinite Loop in mongoose mongoose 12/13/16
Denial of Service (Memory Exhaustion) in qs qs 8/5/14
Denial of Service - Illegal access crash from if-modified-since header ecstatic 12/23/15
Denial of Service and Content Injection i18n-node-angular 1/25/16
Denial of Service via malformed accept-encoding header hapi 4/5/17
Denial of service - Potential socket exhaustion hapi 12/23/15
Directory Traversal jacobj66-weather 3/14/18
Directory Traversal hdsdhhksjd 3/14/18
Directory Traversal gyfserver 3/14/18
Directory Traversal node-srv 3/7/18
Directory Traversal glance 3/7/18
Directory Traversal angular-http-server 3/7/18
Directory Traversal hekto 3/5/18
Directory Traversal 626 3/5/18
Directory Traversal zxyserver 3/5/18
Directory Traversal yypsulie11 3/5/18
Directory Traversal yxxserver 3/5/18
Directory Traversal wuzhuangserver 3/5/18
Directory Traversal wrlc 3/5/18
Directory Traversal wenluhong111 3/5/18
Directory Traversal web-server-mock 3/5/18
Directory Traversal web-node-server 3/5/18
Directory Traversal weathertest.bryceperkins 3/5/18
Directory Traversal songcaihong 3/5/18
Directory Traversal shenliru3 3/5/18
Directory Traversal servewuqianqianqian 3/5/18
Directory Traversal serveryyl 3/5/18
Directory Traversal serverfff 3/5/18
Directory Traversal rapid-httpserver 3/5/18
Directory Traversal proxey 3/5/18
Directory Traversal nodeload 3/5/18
Directory Traversal myserve111 3/5/18
Directory Traversal iceman178.weather.cs360 3/5/18
Directory Traversal cs360getcity 3/5/18
Directory Traversal localhost-now 3/4/18
Directory Traversal xingbaohai 2/28/18
Directory Traversal willvdb_test_server 2/28/18
Directory Traversal websvr 2/28/18
Directory Traversal simple-mock-server 2/28/18
Directory Traversal mime_web_server 2/28/18
Directory Traversal express-blinker 2/28/18
Directory Traversal easy-router 2/28/18
Directory Traversal caolilinode1 2/28/18
Directory Traversal caihong 2/28/18
Directory Traversal binocular-lamp 2/28/18
Directory Traversal cuiaiguang 2/26/18
Directory Traversal wuzhuang 2/26/18
Directory Traversal asset-cache 2/26/18
Directory Traversal ptest 2/26/18
Directory Traversal micra 2/26/18
Directory Traversal m-server 2/25/18
Directory Traversal static-cling 2/25/18
Directory Traversal html-pages 2/25/18
Directory Traversal api-proxy 2/25/18
Directory Traversal basic-static 2/25/18
Directory Traversal hserver-static 2/25/18
Directory Traversal sabu 2/25/18
Directory Traversal awning 2/25/18
Directory Traversal atropa-server 2/25/18
Directory Traversal atropa-ide 2/25/18
Directory Traversal aso-server 2/25/18
Directory Traversal stattic 2/25/18
Directory Traversal pico-static-server 2/25/18
Directory Traversal bae-nodejs 2/25/18
Directory Traversal crud-file-server 2/25/18
Directory Traversal node-staticserver 2/25/18
Directory Traversal server-static 2/25/18
Directory Traversal bruteser 2/25/18
Directory Traversal butler-server 2/25/18
Directory Traversal canvas-designer 2/25/18
Directory Traversal glurp 2/25/18
Directory Traversal der-server 2/25/18
Directory Traversal ex-http-frame 2/25/18
Directory Traversal btnode 2/25/18
Directory Traversal gfm-srv 2/25/18
Directory Traversal getstats 2/25/18
Directory Traversal gamebutler 2/25/18
Directory Traversal fast-http 2/25/18
Directory Traversal easy-node-server 2/25/18
Directory Traversal dilu 2/25/18
Directory Traversal isv-http 2/25/18
Directory Traversal httpea 2/25/18
Directory Traversal markdown-server 2/25/18
Directory Traversal serverxh 2/25/18
Directory Traversal lab6.1 2/25/18
Directory Traversal less-livereload 2/25/18
Directory Traversal lander 2/25/18
Directory Traversal litedoc 2/25/18
Directory Traversal censorify.matt.shurtz 2/25/18
Directory Traversal zhanglina 2/25/18
Directory Traversal node-http-server 2/25/18
Directory Traversal node-static-webserver 2/25/18
Directory Traversal server12311 2/25/18
Directory Traversal fakelearnnodejs 2/25/18
Directory Traversal servershuai 2/25/18
Directory Traversal lab6-wclaibor 2/25/18
Directory Traversal ussasasa 2/25/18
Directory Traversal grunt-serve 2/25/18
Directory Traversal grunt-fileserver 2/25/18
Directory Traversal nitro-server 2/25/18
Directory Traversal wenluhong11 2/25/18
Directory Traversal my-sn 2/25/18
Directory Traversal zhangranbigman 2/25/18
Directory Traversal secure-servedir 2/25/18
Directory Traversal servedir 2/25/18
Directory Traversal node-cxc 2/25/18
Directory Traversal resolve-path 2/24/18
Directory Traversal public 2/20/18
Directory Traversal serve 1/23/18
Directory Traversal ltt.js 1/23/18
Directory Traversal yjmyjmyjm 1/23/18
Directory Traversal lactate 1/23/18
Directory Traversal augustine 1/23/18
Directory Traversal featurebook 1/15/18
Directory Traversal @vivaxy/here 1/14/18
Directory Traversal serve-here 1/11/18
Directory Traversal fast-http-cli 9/28/17
Directory Traversal http_static_simple 9/26/17
Directory Traversal tiny-http 9/6/17
Directory Traversal iter-http 9/6/17
Directory Traversal f2e-server 6/27/17
Directory Traversal gomeplus-h5-proxy 6/5/17
Directory Traversal badjs-sourcemap-server 6/5/17
Directory Traversal hostr 4/14/17
Directory Traversal bitty 12/7/16
Directory Traversal restafary 3/28/16
Directory Traversal in 11xiaoli 11xiaoli 6/7/17
Directory Traversal in 22lixian 22lixian 6/7/17
Directory Traversal in 360class.jansenhm 360class.jansenhm 7/10/17
Directory Traversal in actionhero actionhero 5/8/17
Directory Traversal in byucslabsix byucslabsix 6/12/17
Directory Traversal in calmquist.static-server calmquist.static-server 6/7/17
Directory Traversal in caolilinode caolilinode 7/10/17
Directory Traversal in censorify.tanisjr censorify.tanisjr 6/7/17
Directory Traversal in chatbyvista chatbyvista 7/10/17
Directory Traversal in city-weather-abe city-weather-abe 6/7/17
Directory Traversal in citypredict.whauwiller citypredict.whauwiller 6/12/17
Directory Traversal in commentapp.stetsonwood commentapp.stetsonwood 7/10/17
Directory Traversal in cuciuci cuciuci 6/7/17
Directory Traversal in cxy cxy 8/2/17
Directory Traversal in cyber-js cyber-js 6/7/17
Directory Traversal in cypserver cypserver 7/10/17
Directory Traversal in dasafio dasafio 6/7/17
Directory Traversal in datachannel-client datachannel-client 6/7/17
Directory Traversal in dcdcdcdcdc dcdcdcdcdc 7/10/17
Directory Traversal in dcserver dcserver 6/7/17
Directory Traversal in desafio desafio 6/7/17
Directory Traversal in dgard8.lab6 dgard8.lab6 6/7/17
Directory Traversal in dmmcquay.lab6 dmmcquay.lab6 6/12/17
Directory Traversal in dylmomo dylmomo 6/7/17
Directory Traversal in earlybird earlybird 6/7/17
Directory Traversal in easyquick easyquick 6/7/17
Directory Traversal in elding elding 6/12/17
Directory Traversal in electron electron 1/25/18
Directory Traversal in enserver enserver 6/7/17
Directory Traversal in ewgaddis.lab6 ewgaddis.lab6 6/7/17
Directory Traversal in exxxxxxxxxxx exxxxxxxxxxx 6/7/17
Directory Traversal in fancy-server fancy-server 11/14/14
Directory Traversal in fast-http-cli fast-http-cli 6/7/17
Directory Traversal in fbr-client fbr-client 6/7/17
Directory Traversal in fsk-server fsk-server 6/7/17
Directory Traversal in fury-adapter-swagger fury-adapter-swagger 1/11/17
Directory Traversal in gaoxiaotingtingting gaoxiaotingtingting 6/7/17
Directory Traversal in gaoxuyan gaoxuyan 6/7/17
Directory Traversal in geddy geddy 7/27/15
Directory Traversal in general-file-server general-file-server 3/18/18
Directory Traversal in getcityapi.yoehoehne getcityapi.yoehoehne 6/7/17
Directory Traversal in ghod5servercs360 ghod5servercs360 8/2/17
Directory Traversal in goserv goserv 7/10/17
Directory Traversal in guaycuru guaycuru 5/1/17
Directory Traversal in hcbserver hcbserver 6/7/17
Directory Traversal in hechatroom hechatroom 8/2/17
Directory Traversal in hftp hftp 6/7/17
Directory Traversal in hostr hostr 12/20/16
Directory Traversal in http_static_simple http_static_simple 7/10/17
Directory Traversal in infraserver infraserver 6/7/17
Directory Traversal in intsol-package intsol-package 6/7/17
Directory Traversal in iter-http iter-http 6/7/17
Directory Traversal in iter-server iter-server 6/7/17
Directory Traversal in jansenstuffpleasework jansenstuffpleasework 6/7/17
Directory Traversal in jiazhipeng jiazhipeng 3/15/18
Directory Traversal in jikes jikes 6/12/17
Directory Traversal in jn_jj_server jn_jj_server 6/7/17
Directory Traversal in koa-static-cache koa-static-cache 6/28/17
Directory Traversal in lab6.brit95 lab6.brit95 6/7/17
Directory Traversal in lab6_agolotin lab6_agolotin 3/15/18
Directory Traversal in lab6drewfusbyu lab6drewfusbyu 7/10/17
Directory Traversal in lessindex lessindex 6/7/17
Directory Traversal in lihuini lihuini 8/2/17
Directory Traversal in list-n-stream list-n-stream 4/24/17
Directory Traversal in liuyaserver liuyaserver 6/7/17
Directory Traversal in liyujing liyujing 6/7/17
Directory Traversal in ljjnodeserve ljjnodeserve 10/17/17
Directory Traversal in looppake looppake 6/7/17
Directory Traversal in ltt ltt 6/7/17
Directory Traversal in ltt.js ltt.js 6/7/17
Directory Traversal in lzl123 lzl123 8/2/17
Directory Traversal in meryl meryl 3/15/18
Directory Traversal in mfrs mfrs 6/7/17
Directory Traversal in mfrserver mfrserver 6/7/17
Directory Traversal in mockserve mockserve 6/7/17
Directory Traversal in myprolyz myprolyz 6/7/17
Directory Traversal in myserver.alexcthomas18 myserver.alexcthomas18 6/7/17
Directory Traversal in next next 1/31/18
Directory Traversal in next next 6/12/17
Directory Traversal in nhouston nhouston 11/13/14
Directory Traversal in node-server-forfront node-server-forfront 6/7/17
Directory Traversal in node-simple-router node-simple-router 6/12/17
Directory Traversal in nodeaaaaa nodeaaaaa 6/7/17
Directory Traversal in nodejs.jseidl nodejs.jseidl 10/9/17
Directory Traversal in nodejs_liamgb nodejs_liamgb 3/15/18
Directory Traversal in nodejsccc nodejsccc 3/15/18
Directory Traversal in nodeload-nmickuli nodeload-nmickuli 6/7/17
Directory Traversal in nodeserver-jta nodeserver-jta 10/17/17
Directory Traversal in nopach nopach 10/9/17
Directory Traversal in open-device open-device 6/7/17
Directory Traversal in paopao613 paopao613 3/15/18
Directory Traversal in peiserver peiserver 6/7/17
Directory Traversal in picard picard 6/7/17
Directory Traversal in pooledwebsocket pooledwebsocket 4/25/17
Directory Traversal in pytservce pytservce 6/7/17
Directory Traversal in qinserve qinserve 6/7/17
Directory Traversal in quickserver quickserver 6/7/17
Directory Traversal in reecerver reecerver 6/7/17
Directory Traversal in ritp ritp 6/7/17
Directory Traversal in rjpserver rjpserver 3/15/18
Directory Traversal in rtcmulticonnection-client rtcmulticonnection-client 6/7/17
Directory Traversal in run-this-place run-this-place 6/7/17
Directory Traversal in scott-blanch-weather-app scott-blanch-weather-app 6/12/17
Directory Traversal in section2.madisonjbrooks12 section2.madisonjbrooks12 7/10/17
Directory Traversal in sencisho sencisho 5/1/17
Directory Traversal in send send 9/11/14
Directory Traversal in serve serve 6/12/17
Directory Traversal in serve46 serve46 7/10/17
Directory Traversal in serverabc serverabc 6/7/17
Directory Traversal in servergmf servergmf 8/2/17
Directory Traversal in serverhuwenhui serverhuwenhui 6/7/17
Directory Traversal in serverliujiayi1 serverliujiayi1 6/7/17
Directory Traversal in serverlyj333 serverlyj333 3/15/18
Directory Traversal in serverlyr serverlyr 6/7/17
Directory Traversal in serversyysyy serversyysyy 3/15/18
Directory Traversal in serverwg serverwg 6/7/17
Directory Traversal in serverwzl serverwzl 6/7/17
Directory Traversal in serverxxx serverxxx 7/10/17
Directory Traversal in serveryaozeyan serveryaozeyan 6/7/17
Directory Traversal in serveryztyzt serveryztyzt 6/7/17
Directory Traversal in serverzyqzyq serverzyqzyq 3/15/18
Directory Traversal in serverzyy serverzyy 6/7/17
Directory Traversal in severzlt severzlt 10/17/17
Directory Traversal in sgqserve sgqserve 6/7/17
Directory Traversal in shenliru shenliru 7/10/17
Directory Traversal in shit-server shit-server 6/7/17
Directory Traversal in simple-npm-registry simple-npm-registry 7/10/17
Directory Traversal in sly07 sly07 6/7/17
Directory Traversal in srverqq srverqq 8/2/17
Directory Traversal in sspa sspa 6/7/17
Directory Traversal in st st 2/5/14
Directory Traversal in starfruit starfruit 3/15/18
Directory Traversal in static-html-server static-html-server 6/7/17
Directory Traversal in stevenc4.server stevenc4.server 3/15/18
Directory Traversal in susu-sum susu-sum 7/10/17
Directory Traversal in tencent-server tencent-server 6/7/17
Directory Traversal in tiny-http tiny-http 6/7/17
Directory Traversal in tinyserver tinyserver 10/9/17
Directory Traversal in tinyserver2 tinyserver2 6/7/17
Directory Traversal in tmadserver tmadserver 3/15/18
Directory Traversal in tmock tmock 6/7/17
Directory Traversal in uekw1511server uekw1511server 6/7/17
Directory Traversal in unicorn-list unicorn-list 6/7/17
Directory Traversal in utahcityfinder utahcityfinder 6/7/17
Directory Traversal in uv-tj-demo uv-tj-demo 6/7/17
Directory Traversal in wangguojing123 wangguojing123 6/7/17
Directory Traversal in wangshuai wangshuai 10/9/17
Directory Traversal in weather.swlyons weather.swlyons 6/7/17
Directory Traversal in web-debug web-debug 6/28/17
Directory Traversal in webrepl webrepl 3/15/18
Directory Traversal in welcomyzt welcomyzt 7/10/17
Directory Traversal in wenluhong1 wenluhong1 6/7/17
Directory Traversal in wffserve wffserve 6/12/17
Directory Traversal in whispercast whispercast 6/7/17
Directory Traversal in wind-mvc wind-mvc 6/7/17
Directory Traversal in wintiwebdev wintiwebdev 6/7/17
Directory Traversal in xbhxbh xbhxbh 10/9/17
Directory Traversal in xiongrui-httpserver xiongrui-httpserver 6/7/17
Directory Traversal in xtalk xtalk 6/7/17
Directory Traversal in xxf11 xxf11 8/2/17
Directory Traversal in yjmyjmyjm yjmyjmyjm 7/10/17
Directory Traversal in yttivy yttivy 6/7/17
Directory Traversal in yyooopack yyooopack 6/7/17
Directory Traversal in yzt yzt 6/7/17
Directory Traversal in zhaolei1111 zhaolei1111 3/15/18
Directory Traversal in zjjserver zjjserver 6/7/17
Directory Traversal in zs123 zs123 3/15/18
Directory Traversal in zwserver zwserver 6/7/17
DoS due to excessively large websocket message ws 6/24/16
Downloads Resources over HTTP ikst 7/5/17
Downloads Resources over HTTP gfe-sass 7/5/17
Downloads Resources over HTTP windows-build-tools 1/6/17
Downloads Resources over HTTP mystem-fix 12/31/16
Downloads Resources over HTTP react-native-baidu-voice-synthesizer 12/31/16
Downloads Resources over HTTP windows-latestchromedriver 12/31/16
Downloads Resources over HTTP npm-test-sqlite3-trunk 12/31/16
Downloads Resources over HTTP alto-saxophone 12/31/16
Downloads Resources over HTTP pm2-kafka 12/31/16
Downloads Resources over HTTP haxeshim 12/31/16
Downloads Resources over HTTP windows-seleniumjar 12/31/16
Downloads Resources over HTTP openframe-ascii-image 12/31/16
Downloads Resources over HTTP windows-iedriver 12/31/16
Downloads Resources over HTTP haxe3 12/31/16
Downloads Resources over HTTP windows-selenium-chromedriver 12/31/16
Downloads Resources over HTTP fis-sass-all 12/31/16
Downloads Resources over HTTP pk-app-wonderbox 12/31/16
Downloads Resources over HTTP healthcenter 12/31/16
Downloads Resources over HTTP arcanist 12/31/16
Downloads Resources over HTTP massif 12/31/16
Downloads Resources over HTTP roslib-socketio 12/31/16
Downloads Resources over HTTP adamvr-geoip-lite 12/31/16
Downloads Resources over HTTP selenium-standalone-painful 12/31/16
Downloads Resources over HTTP serc.js 12/31/16
Downloads Resources over HTTP google-closure-tools-latest 12/31/16
Downloads Resources over HTTP rs-brightcove 12/31/16
Downloads Resources over HTTP libsbmlsim 12/31/16
Downloads Resources over HTTP limbus-buildgen 12/31/16
Downloads Resources over HTTP ipip-coffee 12/31/16
Downloads Resources over HTTP cloudpub-redis 12/31/16
Downloads Resources over HTTP mystem-wrapper 12/31/16
Downloads Resources over HTTP windows-seleniumjar-mirror 12/31/16
Downloads Resources over HTTP soci 12/31/16
Downloads Resources over HTTP libsbml 12/31/16
Downloads Resources over HTTP selenium-portal 12/31/16
Downloads Resources over HTTP tomita-parser 12/31/16
Downloads Resources over HTTP herbivore 12/31/16
Downloads Resources over HTTP mystem 12/31/16
Downloads Resources over HTTP wixtoolset 12/31/16
Downloads Resources over HTTP tomita 12/31/16
Downloads Resources over HTTP phantomjs-cheniu 12/31/16
Downloads Resources over HTTP fis-parser-sass-bin 12/31/16
Downloads Resources over HTTP poco 12/31/16
Downloads Resources over HTTP native-opencv 12/31/16
Downloads Resources over HTTP co-cli-installer 12/31/16
Downloads Resources over HTTP qbs 12/31/16
Downloads Resources over HTTP clang-extra 12/31/16
Downloads Resources over HTTP sfml 12/31/16
Downloads Resources over HTTP xd-testing 12/31/16
Downloads Resources over HTTP prebuild-lwip 12/31/16
Downloads Resources over HTTP webdriver-launcher 12/31/16
Downloads Resources over HTTP ntfserver 12/31/16
Downloads Resources over HTTP frames-compiler 12/31/16
Downloads Resources over HTTP marionette-socket-host 12/31/16
Downloads Resources over HTTP node-air-sdk 12/31/16
Downloads Resources over HTTP resourcehacker 12/31/16
Downloads Resources over HTTP grunt-images 12/31/16
Downloads Resources over HTTP slimerjs-edge 12/31/16
Downloads Resources over HTTP jstestdriver 12/31/16
Downloads Resources over HTTP cmake 12/31/16
Downloads Resources over HTTP node-bsdiff-android 12/31/16
Downloads Resources over HTTP node-thulac 12/31/16
Downloads Resources over HTTP redis-srvr 12/31/16
Downloads Resources over HTTP js-given 12/31/16
Downloads Resources over HTTP haxe-dev 12/31/16
Downloads Resources over HTTP grunt-ccompiler 12/31/16
Downloads Resources over HTTP broccoli-closure 12/31/16
Downloads Resources over HTTP scalajs-standalone-bin 12/31/16
Downloads Resources over HTTP dwebp-bin 12/31/16
Downloads Resources over HTTP apk-parser2 12/31/16
Downloads Resources over HTTP jvminstall 12/31/16
Downloads Resources over HTTP install-g-test 12/31/16
Downloads Resources over HTTP nw-with-arm 12/31/16
Downloads Resources over HTTP selenium-wrapper 12/31/16
Downloads Resources over HTTP scala-bin 12/31/16
Downloads Resources over HTTP mystem3 12/31/16
Downloads Resources over HTTP headless-browser-lite 12/31/16
Downloads Resources over HTTP selenium-chromedriver 12/31/16
Downloads Resources over HTTP macaca-chromedriver-zxa 12/31/16
Downloads Resources over HTTP nodeschnaps 12/31/16
Downloads Resources over HTTP fibjs 12/31/16
Downloads Resources over HTTP atom-node-module-installer 12/31/16
Downloads Resources over HTTP pennyworth 12/31/16
Downloads Resources over HTTP node-browser 12/31/16
Downloads Resources over HTTP box2d-native 12/31/16
Downloads Resources over HTTP openframe-image 12/31/16
Downloads Resources over HTTP curses 12/31/16
Downloads Resources over HTTP httpsync 12/31/16
Downloads Resources over HTTP bionode-sra 12/31/16
Downloads Resources over HTTP dalek-browser-ie-canary 12/31/16
Downloads Resources over HTTP strider-sauce 12/31/16
Downloads Resources over HTTP unicode-json 12/31/16
Downloads Resources over HTTP chromedriver126 12/31/16
Downloads Resources over HTTP robot-js 12/31/16
Downloads Resources over HTTP openframe-glslviewer 12/31/16
Downloads Resources over HTTP grunt-webdriver-qunit 12/31/16
Downloads Resources over HTTP dalek-browser-ie 12/31/16
Downloads Resources over HTTP dalek-browser-chrome 12/31/16
Downloads Resources over HTTP air-sdk 12/31/16
Downloads Resources over HTTP haxe 12/31/16
Downloads Resources over HTTP webdrvr 12/31/16
Downloads Resources over HTTP webrtc-native 12/31/16
Downloads Resources over HTTP sauce-connect 12/31/16
Downloads Resources over HTTP arrayfire-js 12/31/16
Downloads Resources over HTTP cobalt-cli 12/31/16
Downloads Resources over HTTP imageoptim 12/31/16
Downloads Resources over HTTP jdf-sass 12/31/16
Downloads Resources over HTTP ipip 12/21/16
Downloads Resources over HTTP ibapi 12/21/16
Downloads Resources over HTTP jser-stat 12/21/16
Downloads Resources over HTTP prince 12/21/16
Downloads Resources over HTTP cue-sdk-node 12/21/16
Downloads Resources over HTTP selenium-binaries 12/18/16
Downloads Resources over HTTP nw 12/18/16
Downloads Resources over HTTP wasdk 12/18/16
Downloads Resources over HTTP macaca-chromedriver 12/18/16
Downloads Resources over HTTP libxl 12/18/16
Downloads Resources over HTTP dalek-browser-chrome-canary 12/18/16
Downloads Resources over HTTP closure-util 12/18/16
Downloads Resources over HTTP closurecompiler 12/18/16
Downloads Resources over HTTP steroids 12/18/16
Downloads Resources over HTTP nodewebkit 12/18/16
Downloads Resources over HTTP chromedriver 12/18/16
Downloads Resources over HTTP unicode 12/18/16
Downloads Resources over HTTP ibm_db 12/18/16
Downloads Resources over HTTP fuseki 12/15/16
Downloads Resources over HTTP kindlegen 12/15/16
Downloads Resources over HTTP apk-parser3 12/15/16
Downloads Resources over HTTP baryton-saxophone 12/15/16
Downloads Resources over HTTP mongodb-instance 12/15/16
Downloads Resources over HTTP bkjs-wand 12/15/16
Downloads Resources over HTTP pngcrush-installer 12/15/16
Downloads Resources over HTTP embedza 12/15/16
Downloads Resources over HTTP geoip-lite-country 12/15/16
Downloads Resources over HTTP product-monitor 12/15/16
Downloads Resources over HTTP install-nw 12/15/16
Downloads Resources over HTTP operadriver 12/15/16
Downloads Resources over HTTP apk-parser 12/15/16
Downloads Resources over HTTP go-ipfs-dep 12/15/16
Downloads Resources over HTTP iedriver 12/15/16
Downloads Resources over HTTP galenframework-cli 12/5/16
Downloads Resources over HTTP selenium-download 12/5/16
Downloads Resources over HTTP aerospike 12/5/16
Downloads Resources over HTTP appium-chromedriver 12/5/16
Downloads resources over HTTP hubl-server 6/5/17
Exceeding Stack Call Limit DoS jquery 4/14/17
Exfiltrates Discord login tokens to pastebin discordi.js 10/9/17
Exfiltrates data on installation cofee-script 10/5/17
Exfiltrates data on installation coffescript 10/5/17
Exfiltrates data on installation jquey 10/5/17
Exfiltrates data on installation coffe-script 10/5/17
Exfiltrates data on installation cofeescript 10/5/17
Fastify denial-of-service vulnerability with large JSON payloads fastify 1/25/18
File Descriptor Leak Can Cause DoS Vulnerability hapi 2/14/14
Forgeable Public/Private Tokens jws 7/26/16
Forgeable public/private tokens in jwt-simple jwt-simple 10/30/16
Github Token Leak aegir 10/13/17
HTML Injection in ag-grid ag-grid 3/16/17
HTML Injection in shout shout 2/13/17
Heap-based Buffer Overflow in libyaml libyaml 2/3/14
Hidden Directories Always Served inert 12/15/14
Hidden Directories Leakage in inert inert 12/15/14
Identity Spoofing libp2p-secio 1/15/18
Improper Escaping of Bound Arrays sequelize 10/31/16
Improper Input Validation in insight-api insight-api 3/26/18
Improper minification of non-boolean comparisons in uglify-js uglify-js 8/24/15
Incorrect handling of CORS preflight request headers hapi 10/20/15
Information Disclosure in ghost ghost 5/30/17
Information Disclosure in nforce nforce 5/8/17
Information Disclosure in rethinkdb rethinkdb 3/13/17
Information Exposure converse.js 2/21/18
Information Exposure in brunch brunch 5/8/17
Information Exposure in cordova-plugin-ios-keychain cordova-plugin-ios-keychain 3/21/18
Information Exposure in kibana kibana 1/4/18
Information Exposure in serve serve 3/18/18
Insecure Comparison secure-compare 10/24/15
Insecure Credential Comparison safe-compare 2/13/18
Insecure Credential Comparison in safe-compare safe-compare 4/17/18
Insecure Default Configuration airbrake 3/28/16
Insecure Defaults Allow MITM Over TLS engine.io-client 4/26/16
Insecure Defaults Leads to Potential MITM ezseed-transmission 7/29/16
Insecure Defaults in cordova-plugin-file-transfer cordova-plugin-file-transfer 11/8/17
Insecure Defaults in dompurify dompurify 4/24/17
Insecure Defaults in faye faye 3/28/17
Insecure Entropy Source - Math.random() node-uuid 3/28/16
Insecure Hashing Algorithm in contwidgetor contwidgetor 6/28/17
Insecure Randomness in crypto-browserify crypto-browserify 12/25/17
Insecure Randomness in socket.io socket.io 2/13/17
Insecure Randomness in uuid uuid 2/13/17
Insecure Randomness in ws ws 2/7/17
Insecure Token Validation in node-jose node-jose 1/10/18
Insufficient Error Handling http-proxy 4/11/17
Invalid Curve Attack node-jose 3/13/17
Invalid input to route validation rules call 7/5/16
JSONP Callback Attack in angular angular 2/13/17
LDAP Injection in ldapauth ldapauth 9/18/15
LDAP Injection in ldapauth-fork ldapauth-fork 9/18/15
Lack of HTML Escaping forms 4/11/17
Large gzip Denial of Service superagent 9/26/17
Malicious Module npm-script-demo 9/26/17
Malicious Package in anarchy anarchy 9/17/17
Malicious Package in babelcli babelcli 8/2/17
Malicious Package in botbait botbait 9/17/17
Malicious Package in cross-env.js cross-env.js 8/2/17
Malicious Package in crossenv crossenv 8/2/17
Malicious Package in d3.js d3.js 8/2/17
Malicious Package in deasyncp deasyncp 9/17/17
Malicious Package in discordi.js discordi.js 10/19/17
Malicious Package in fabric-js fabric-js 8/2/17
Malicious Package in ffmepg ffmepg 8/2/17
Malicious Package in gruntcli gruntcli 8/2/17
Malicious Package in harmlesspackage harmlesspackage 9/17/17
Malicious Package in http-proxy.js http-proxy.js 8/2/17
Malicious Package in ikst ikst 9/17/17
Malicious Package in jquery.js jquery.js 8/2/17
Malicious Package in mariadb mariadb 8/2/17
Malicious Package in maybemaliciouspackage maybemaliciouspackage 9/17/17
Malicious Package in mktmpio mktmpio 9/17/17
Malicious Package in mongose mongose 8/2/17
Malicious Package in mssql-node mssql-node 8/2/17
Malicious Package in mssql.js mssql.js 8/2/17
Malicious Package in mysqljs mysqljs 8/2/17
Malicious Package in node-fabric node-fabric 8/2/17
Malicious Package in node-opencv node-opencv 8/2/17
Malicious Package in node-opensl node-opensl 8/2/17
Malicious Package in node-openssl node-openssl 8/2/17
Malicious Package in node-sqlite node-sqlite 8/2/17
Malicious Package in node-tkinter node-tkinter 8/2/17
Malicious Package in nodecaffe nodecaffe 8/2/17
Malicious Package in nodefabric nodefabric 8/2/17
Malicious Package in nodeffmpeg nodeffmpeg 8/2/17
Malicious Package in nodemailer-js nodemailer-js 8/2/17
Malicious Package in nodemailer.js nodemailer.js 8/2/17
Malicious Package in nodemssql nodemssql 8/2/17
Malicious Package in noderequest noderequest 8/2/17
Malicious Package in nodesass nodesass 8/2/17
Malicious Package in nodesqlite nodesqlite 8/2/17
Malicious Package in npm-exploit npm-exploit 9/17/17
Malicious Package in npm_scripts_test_metrics npm_scripts_test_metrics 9/17/17
Malicious Package in opencv.js opencv.js 8/2/17
Malicious Package in openssl.js openssl.js 8/2/17
Malicious Package in pandora-doomsday pandora-doomsday 9/17/17
Malicious Package in proxy.js proxy.js 8/2/17
Malicious Package in sdfjghlkfjdshlkjdhsfg sdfjghlkfjdshlkjdhsfg 9/17/17
Malicious Package in shadowsock shadowsock 8/2/17
Malicious Package in shrugging-logging shrugging-logging 9/17/17
Malicious Package in smb smb 8/2/17
Malicious Package in sqlite.js sqlite.js 8/2/17
Malicious Package in sqliter sqliter 8/2/17
Malicious Package in sqlserver sqlserver 8/2/17
Malicious Package in subtitles-lib subtitles-lib 9/17/17
Malicious Package in test-module-a test-module-a 9/17/17
Malicious Package in tkinter tkinter 8/2/17
Man-in-the-Middle (MitM) tiny-json-http 3/14/18
Man-in-the-Middle (MitM) in electron electron 10/9/17
Man-in-the-Middle (MitM) in hotel hotel 5/30/17
Mishandled Logout Function in generator-jhipster generator-jhipster 3/28/17
Multiple XSS Filter Bypasses in validator validator 7/5/13
Multiple vulnerabilities in embedded binary version of libxml2 in libxmljs libxmljs 2/13/16
No CSRF Validation droppy 3/28/16
Non-Constant Time String Comparison csrf-lite 4/22/16
Non-Constant Time String Comparison in cookie-signature cookie-signature 8/28/16
Non-Constant Time String Comparison in csrf-lite csrf-lite 6/21/16
Open Redirect st 10/13/17
Open Redirect in ghost ghost 5/30/17
Open Redirect in keystone keystone 3/21/17
Open Redirect in kibana kibana 1/22/18
Open Redirect in serve-static serve-static 1/13/15
Open Redirection in cordova-ios cordova-ios 6/21/17
Out of Memory Crash in js-quantities js-quantities 8/2/17
Partial Sanitization in sanitize-html sanitize-html 11/5/15
Potential Command Injection shell-quote 6/21/16
Potential Command Injection in libnotify libnotify 5/15/13
Potential Cross-site Scripting (XSS) in ember ember 11/5/15
Potential Script Injection in syntax-error syntax-error 7/14/14
Potentially loose security restrictions in hapi hapi 1/5/16
Private Data Disclosure express-restify-mongoose 4/19/16
Privilege Escalation in auth0-js auth0-js 12/7/17
Privilege Escalation in cordova-plugin-inappbrowser cordova-plugin-inappbrowser 11/8/17
Protection Bypass in angular angular 1/23/17
Prototype Override Protection Bypass in qs qs 3/1/17
Prototype Pollution assign-deep 2/15/18
Prototype Pollution defaults-deep 2/15/18
Prototype Pollution merge-deep 2/15/18
Prototype Pollution mixin-deep 2/15/18
Prototype Pollution lodash 2/13/18
Prototype Pollution hoek 2/13/18
Prototype Pollution in deap deap 4/17/18
Prototype Pollution in merge-objects merge-objects 4/17/18
Prototype Pollution in merge-options merge-options 4/17/18
Prototype Pollution in merge-recursive merge-recursive 4/17/18
Prototype pollution attack hoek 2/15/18
Quoteless Attributes in Templates can lead to Content Injection mustache 12/14/15
Quoteless Attributes in Templates can lead to Content Injection handlebars 12/14/15
Random Token based off Math.random() react-native-meteor-oauth 4/14/17
ReDoS brace-expansion 4/25/17
ReDoS in ssri ssri 2/14/18
ReDoS via long UserAgent header ua-parser 8/29/17
ReDoS via long UserAgent header useragent 4/14/17
ReDoS via long string of semicolons tough-cookie 7/22/16
Reflected Cross-Site Scripting redis-commander 1/23/18
Regular Expression Denial Of Service uri-js 4/14/17
Regular Expression Denial of Service moment 11/27/17
Regular Expression Denial of Service method-override 9/27/17
Regular Expression Denial of Service fresh 9/26/17
Regular Expression Denial of Service forwarded 9/26/17
Regular Expression Denial of Service slug 9/25/17
Regular Expression Denial of Service string 9/25/17
Regular Expression Denial of Service timespan 9/25/17
Regular Expression Denial of Service parsejson 9/20/17
Regular Expression Denial of Service tough-cookie 9/20/17
Regular Expression Denial of Service content 9/12/17
Regular Expression Denial of Service no-case 9/8/17
Regular Expression Denial of Service charset 9/8/17
Regular Expression Denial of Service decamelize 4/14/17
Regular Expression Denial of Service minimatch 6/20/16
Regular Expression Denial of Service negotiator 6/16/16
Regular Expression Denial of Service riot-compiler 3/21/16
Regular Expression Denial of Service moment 1/26/16
Regular Expression Denial of Service hawk 1/19/16
Regular Expression Denial of Service is-my-json-valid 1/17/16
Regular Expression Denial of Service jshamcrest 1/5/16
Regular Expression Denial of Service jadedown 1/5/16
Regular Expression Denial of Service milliseconds 11/20/15
Regular Expression Denial of Service ansi2html 10/24/15
Regular Expression Denial of Service uglify-js 10/24/15
Regular Expression Denial of Service bleach 10/24/15
Regular Expression Denial of Service ms 10/24/15
Regular Expression Denial of Service marked 1/22/15
Regular Expression Denial of Service (DoS) in marked marked 1/30/14
Regular Expression Denial of Service (DoS) in millisecond millisecond 11/25/15
Regular Expression Denial of Service (DoS) in semver semver 4/3/15
Regular Expression Denial of Service (DoS) in uc.micro uc.micro 10/5/16
Regular Expression Denial of Service (DoS) in validator validator 11/12/14
Regular Expression Denial of Service (ReDoS) path-complete-extname 3/7/18
Regular Expression Denial of Service (ReDoS) clean-css 3/6/18
Regular Expression Denial of Service (ReDoS) diff 3/5/18
Regular Expression Denial of Service (ReDoS) useragent 3/5/18
Regular Expression Denial of Service (ReDoS) ua-parser-js 3/5/18
Regular Expression Denial of Service (ReDoS) aws-lambda-multipart-parser 3/5/18
Regular Expression Denial of Service (ReDoS) phpjs 3/4/18
Regular Expression Denial of Service (ReDoS) nwmatcher 3/4/18
Regular Expression Denial of Service (ReDoS) content 3/4/18
Regular Expression Denial of Service (ReDoS) uas-parser 3/4/18
Regular Expression Denial of Service (ReDoS) protobufjs 3/4/18
Regular Expression Denial of Service (ReDoS) emailjs-mime-codec 2/28/18
Regular Expression Denial of Service (ReDoS) highcharts 2/28/18
Regular Expression Denial of Service (ReDoS) wicket 2/26/18
Regular Expression Denial of Service (ReDoS) marked 2/26/18
Regular Expression Denial of Service (ReDoS) bson 2/26/18
Regular Expression Denial of Service (ReDoS) node-json-db 2/25/18
Regular Expression Denial of Service (ReDoS) node-forge 2/25/18
Regular Expression Denial of Service (ReDoS) mongoose-beautiful-unique-validation 2/25/18
Regular Expression Denial of Service (ReDoS) github-url-to-object 2/25/18
Regular Expression Denial of Service (ReDoS) git-username 2/25/18
Regular Expression Denial of Service (ReDoS) compromise 2/25/18
Regular Expression Denial of Service (ReDoS) checkit 2/25/18
Regular Expression Denial of Service (ReDoS) truncate 2/24/18
Regular Expression Denial of Service (ReDoS) skeemas 2/24/18
Regular Expression Denial of Service (ReDoS) sanitize 2/24/18
Regular Expression Denial of Service (ReDoS) email-existence 2/24/18
Regular Expression Denial of Service (ReDoS) datatype-expansion 2/24/18
Regular Expression Denial of Service (ReDoS) astronomia 2/24/18
Regular Expression Denial of Service (ReDoS) address-rfc2822 2/24/18
Regular Expression Denial of Service (ReDoS) xlsx 2/21/18
Regular Expression Denial of Service (ReDoS) vue 2/21/18
Regular Expression Denial of Service (ReDoS) valid-email 2/21/18
Regular Expression Denial of Service (ReDoS) shaka-player 2/21/18
Regular Expression Denial of Service (ReDoS) moddle-xml 2/21/18
Regular Expression Denial of Service (ReDoS) markdown-js 2/21/18
Regular Expression Denial of Service (ReDoS) harb 2/21/18
Regular Expression Denial of Service (ReDoS) node-pg-migrate 2/19/18
Regular Expression Denial of Service (ReDoS) html-dom-parser 2/19/18
Regular Expression Denial of Service (ReDoS) gettext-parser 2/19/18
Regular Expression Denial of Service (ReDoS) deckardcain 2/19/18
Regular Expression Denial of Service (ReDoS) abaaso 2/19/18
Regular Expression Denial of Service (ReDoS) braces 2/18/18
Regular Expression Denial of Service (ReDoS) validator 2/17/18
Regular Expression Denial of Service (ReDoS) postcss-inline-base64 2/17/18
Regular Expression Denial of Service (ReDoS) jasmine-core 2/17/18
Regular Expression Denial of Service (ReDoS) cejs 2/17/18
Regular Expression Denial of Service (ReDoS) valid-data-url 2/14/18
Regular Expression Denial of Service (ReDoS) q-io 2/14/18
Regular Expression Denial of Service (ReDoS) nicest 2/14/18
Regular Expression Denial of Service (ReDoS) mimer 2/14/18
Regular Expression Denial of Service (ReDoS) jquery.csssr.validation 2/14/18
Regular Expression Denial of Service (ReDoS) is-my-json-valid 2/14/18
Regular Expression Denial of Service (ReDoS) htmllint 2/14/18
Regular Expression Denial of Service (ReDoS) dirty-json 2/14/18
Regular Expression Denial of Service (ReDoS) citeproc 2/14/18
Regular Expression Denial of Service (ReDoS) in amqp-match amqp-match 5/15/17
Regular Expression Denial of Service (ReDoS) in content-type-parser content-type-parser 12/9/17
Regular Expression Denial of Service (ReDoS) in debug debug 9/25/17
Regular Expression Denial of Service (ReDoS) in dns-sync dns-sync 9/10/17
Regular Expression Denial of Service (ReDoS) in ducktype ducktype 4/15/18
Regular Expression Denial of Service (ReDoS) in eslint eslint 3/22/18
Regular Expression Denial of Service (ReDoS) in http-proxy http-proxy 2/13/17
Regular Expression Denial of Service (ReDoS) in is-url is-url 4/15/18
Regular Expression Denial of Service (ReDoS) in marked marked 9/21/17
Regular Expression Denial of Service (ReDoS) in mime mime 9/26/17
Regular Expression Denial of Service (ReDoS) in mobile-detect mobile-detect 12/9/17
Regular Expression Denial of Service (ReDoS) in ms ms 5/14/17
Regular Expression Denial of Service (ReDoS) in plist plist 4/15/18
Regular Expression Denial of Service (ReDoS) in simpl-schema simpl-schema 4/15/18
Regular Expression Denial of Service (ReDoS) in sshpk sshpk 4/9/18
Regular Expression Denial of Service (ReDoS) in uikit uikit 5/8/17
Regular Expression Denial of Service (ReDoS) in whatwg-mimetype whatwg-mimetype 12/9/17
Remote Code Execution electron 1/23/18
Remote Code Execution pg 8/12/17
Remote Code Execution in ejs ejs 11/28/16
Remote Memory Disclosure bittorrent-dht 1/4/16
Remote Memory Disclosure ws 1/4/16
Remote Memory Exposure request 4/14/17
Remote Memory Exposure in mongoose mongoose 1/23/16
Remote Memory Exposure in request request 3/22/16
Remote Memory Exposure in sequelize sequelize 3/31/16
Resources Downloaded over Insecure Protocol gatsby-cli 2/28/18
Resources Downloaded over Insecure Protocol in cordova-android cordova-android 2/12/18
Resources Downloaded over Insecure Protocol in edp-package edp-package 6/28/17
Resources Downloaded over Insecure Protocol in fuseki fuseki 1/3/17
Resources Downloaded over Insecure Protocol in geoip-lite-country geoip-lite-country 1/3/17
Resources Downloaded over Insecure Protocol in iedriver iedriver 1/3/17
Resources Downloaded over Insecure Protocol in install-nw install-nw 1/3/17
Resources Downloaded over Insecure Protocol in mongodb-instance mongodb-instance 1/3/17
Resources Downloaded over Insecure Protocol in nodux-core nodux-core 4/24/17
Resources downloaded over Insecure Protocol in ec2-price ec2-price 5/1/17
Resources downloaded over insecure protocol in craft-ai-icons craft-ai-icons 6/7/17
Resources downloaded over insecure protocol in given-html-report given-html-report 6/7/17
Resources downloaded over insecure protocol in igniteui igniteui 10/30/16
Resources downloaded over insecure protocol in rocketmake-nuget rocketmake-nuget 6/7/17
Root Path Disclosure send 11/2/15
Root Path Disclosure in serve-static serve-static 1/19/15
Rosetta-flash jsonp vulnerability in hapi hapi 7/7/14
SQL Injection due to unescaped object keys mysql 12/28/15
SQL Injection due to unescaped object keys in mysql mysql 1/5/16
SQL Injection in Order in sequelize sequelize 1/18/15
SQL Injection in knex knex 12/20/16
SQL Injection in loopback-connector-mssql loopback-connector-mssql 1/4/17
SQL Injection in loopback-connector-mysql loopback-connector-mysql 1/4/17
SQL Injection in loopback-connector-oracle loopback-connector-oracle 1/4/17
SQL Injection in loopback-connector-postgresql loopback-connector-postgresql 1/4/17
SQL Injection in order/limit in sequelize sequelize 3/31/16
SQL Injection in pouchdb pouchdb 3/13/17
SQL Injection in sequelize sequelize 2/13/17
SQL Injection in waterline-sequel waterline-sequel 10/30/16
SSL Validation Defaults to False electron-packager 4/22/16
Sandbox Breakout safe-eval 8/30/17
Sanitization bypass using HTML Entities marked 4/18/16
Sensitive Information Exposure in airbrake airbrake 10/9/16
Shell Command Injection in git-ls-remote git-ls-remote 9/25/16
Shell Command Injection in traceroute traceroute 1/23/18
Silently Runs Cryptocoin Miner hooka-tools 10/24/17
Spoofing attack due to unvalidated KDC node-krb5 8/4/16
Symlink Arbitrary File Overwrite tar 11/2/15
Symlink attack due to predictable tmp folder names in npm npm 2/13/17
Template Injection jsrender 3/30/16
Template Injection in jsviews jsviews 1/19/18
Timing Attack due to unsafe HMAC comparison in node-forge node-forge 12/26/16
Timing Attack in generator-jhipster generator-jhipster 3/28/17
Timing Attack via Non-constant Time Comparison in fernet fernet 11/22/16
Tmp files readable by other users sync-exec 4/14/17
URL Spoofing in electron electron 2/6/18
Unauthenticated Remote Command Injection in ep_imageconvert ep_imageconvert 5/5/13
Unauthorized SSL Connection due to lack of cert authentication in mysql mysql 1/4/17
Uninitialized Memory Exposure in bl bl 9/18/16
Uninitialized Memory Exposure in concat-stream concat-stream 3/9/17
Uninitialized Memory Exposure in floody floody 6/21/17
Uninitialized Memory Exposure in http-proxy-agent http-proxy-agent 4/9/18
Uninitialized Memory Exposure in https-proxy-agent https-proxy-agent 4/8/18
Uninitialized Memory Exposure in ip ip 6/4/17
Uninitialized Memory Exposure in life_star life_star 11/9/16
Uninitialized Memory Exposure in mysql mysql 8/8/17
Uninitialized Memory Exposure in openwhisk openwhisk 7/18/17
Uninitialized Memory Exposure in tunnel-agent tunnel-agent 7/5/17
Unsafe eval() summit 4/14/17
Unsigned Request Headers in http-signature http-signature 2/13/17
User Impersonation in passport-wsfed-saml2 passport-wsfed-saml2 1/3/18
VBScript Content Injection marked 1/22/15
VBScript Content Injection in marked marked 1/30/14
Validation Bypass in paypal-ipn paypal-ipn 12/2/14
Verification Bypass jsonwebtoken 3/31/15
XML External Entity (XXE) Injection in mxgraph mxgraph 3/21/18
XML Injection in express-saml2 express-saml2 1/22/18
XML Injection in samlify samlify 1/22/18
XSS - Sanitization not applied recursively sanitize-html 8/1/16
XSS Filter Bypass via Encoded URL in validator validator 10/26/14
XSS in Consumes/Produces Parameter swagger-ui 7/20/16
XSS in Hover Over Label Names Morris.js 4/14/17
XSS in Pillbox fuelux 7/25/16
XSS in client rendered block templates rendr 7/25/16
XSS in dialog closeText jquery-ui 7/21/16
XSS in drag and drop node jqtree 7/25/16
XSS in itemTitle parameter bootstrap-tagsinput 7/20/16
XSS in primary functions emojione 7/25/16
XSS via Angular Expression ag-grid 3/15/17
XSS via improper selector detection jquery 3/21/17
XSS via tooltips in c3 c3 8/17/16
methodOverride Middleware Reflected Cross-site Scripting (XSS) in connect connect 6/30/13
npm Token Leak npm 4/18/16

Insecure Access to File System (303)

Title Package Date Published
Arbitrary File Upload in youtransfer youtransfer 3/13/17
Arbitrary File Write cli 6/15/16
Arbitrary File Write in connect-parse-php connect-parse-php 6/7/17
Arbitrary File Write in frvr frvr 6/7/17
Arbitrary File Write in innomon innomon 6/7/17
Arbitrary File Write in lam lam 6/7/17
Arbitrary File Write in mysql2csv mysql2csv 6/7/17
Arbitrary File Write in parse-ssi parse-ssi 6/7/17
Arbitrary File Write in terminal-share terminal-share 3/15/18
Arbitrary File Write in thrushs thrushs 6/7/17
Arbitrary File Write in wisper wisper 6/7/17
Directory Traversal jacobj66-weather 3/14/18
Directory Traversal hdsdhhksjd 3/14/18
Directory Traversal gyfserver 3/14/18
Directory Traversal node-srv 3/7/18
Directory Traversal glance 3/7/18
Directory Traversal angular-http-server 3/7/18
Directory Traversal hekto 3/5/18
Directory Traversal 626 3/5/18
Directory Traversal zxyserver 3/5/18
Directory Traversal yypsulie11 3/5/18
Directory Traversal yxxserver 3/5/18
Directory Traversal wuzhuangserver 3/5/18
Directory Traversal wrlc 3/5/18
Directory Traversal wenluhong111 3/5/18
Directory Traversal web-server-mock 3/5/18
Directory Traversal web-node-server 3/5/18
Directory Traversal weathertest.bryceperkins 3/5/18
Directory Traversal songcaihong 3/5/18
Directory Traversal shenliru3 3/5/18
Directory Traversal servewuqianqianqian 3/5/18
Directory Traversal serveryyl 3/5/18
Directory Traversal serverfff 3/5/18
Directory Traversal rapid-httpserver 3/5/18
Directory Traversal proxey 3/5/18
Directory Traversal nodeload 3/5/18
Directory Traversal myserve111 3/5/18
Directory Traversal iceman178.weather.cs360 3/5/18
Directory Traversal cs360getcity 3/5/18
Directory Traversal localhost-now 3/4/18
Directory Traversal xingbaohai 2/28/18
Directory Traversal willvdb_test_server 2/28/18
Directory Traversal websvr 2/28/18
Directory Traversal simple-mock-server 2/28/18
Directory Traversal mime_web_server 2/28/18
Directory Traversal express-blinker 2/28/18
Directory Traversal easy-router 2/28/18
Directory Traversal caolilinode1 2/28/18
Directory Traversal caihong 2/28/18
Directory Traversal binocular-lamp 2/28/18
Directory Traversal cuiaiguang 2/26/18
Directory Traversal wuzhuang 2/26/18
Directory Traversal asset-cache 2/26/18
Directory Traversal ptest 2/26/18
Directory Traversal micra 2/26/18
Directory Traversal m-server 2/25/18
Directory Traversal static-cling 2/25/18
Directory Traversal html-pages 2/25/18
Directory Traversal api-proxy 2/25/18
Directory Traversal basic-static 2/25/18
Directory Traversal hserver-static 2/25/18
Directory Traversal sabu 2/25/18
Directory Traversal awning 2/25/18
Directory Traversal atropa-server 2/25/18
Directory Traversal atropa-ide 2/25/18
Directory Traversal aso-server 2/25/18
Directory Traversal stattic 2/25/18
Directory Traversal pico-static-server 2/25/18
Directory Traversal bae-nodejs 2/25/18
Directory Traversal crud-file-server 2/25/18
Directory Traversal node-staticserver 2/25/18
Directory Traversal server-static 2/25/18
Directory Traversal bruteser 2/25/18
Directory Traversal butler-server 2/25/18
Directory Traversal canvas-designer 2/25/18
Directory Traversal glurp 2/25/18
Directory Traversal der-server 2/25/18
Directory Traversal ex-http-frame 2/25/18
Directory Traversal btnode 2/25/18
Directory Traversal gfm-srv 2/25/18
Directory Traversal getstats 2/25/18
Directory Traversal gamebutler 2/25/18
Directory Traversal fast-http 2/25/18
Directory Traversal easy-node-server 2/25/18
Directory Traversal dilu 2/25/18
Directory Traversal isv-http 2/25/18
Directory Traversal httpea 2/25/18
Directory Traversal markdown-server 2/25/18
Directory Traversal serverxh 2/25/18
Directory Traversal lab6.1 2/25/18
Directory Traversal less-livereload 2/25/18
Directory Traversal lander 2/25/18
Directory Traversal litedoc 2/25/18
Directory Traversal censorify.matt.shurtz 2/25/18
Directory Traversal zhanglina 2/25/18
Directory Traversal node-http-server 2/25/18
Directory Traversal node-static-webserver 2/25/18
Directory Traversal server12311 2/25/18
Directory Traversal fakelearnnodejs 2/25/18
Directory Traversal servershuai 2/25/18
Directory Traversal lab6-wclaibor 2/25/18
Directory Traversal ussasasa 2/25/18
Directory Traversal grunt-serve 2/25/18
Directory Traversal grunt-fileserver 2/25/18
Directory Traversal nitro-server 2/25/18
Directory Traversal wenluhong11 2/25/18
Directory Traversal my-sn 2/25/18
Directory Traversal zhangranbigman 2/25/18
Directory Traversal secure-servedir 2/25/18
Directory Traversal servedir 2/25/18
Directory Traversal node-cxc 2/25/18
Directory Traversal resolve-path 2/24/18
Directory Traversal public 2/20/18
Directory Traversal serve 1/23/18
Directory Traversal ltt.js 1/23/18
Directory Traversal yjmyjmyjm 1/23/18
Directory Traversal lactate 1/23/18
Directory Traversal augustine 1/23/18
Directory Traversal featurebook 1/15/18
Directory Traversal @vivaxy/here 1/14/18
Directory Traversal serve-here 1/11/18
Directory Traversal fast-http-cli 9/28/17
Directory Traversal http_static_simple 9/26/17
Directory Traversal tiny-http 9/6/17
Directory Traversal iter-http 9/6/17
Directory Traversal f2e-server 6/27/17
Directory Traversal gomeplus-h5-proxy 6/5/17
Directory Traversal badjs-sourcemap-server 6/5/17
Directory Traversal hostr 4/14/17
Directory Traversal bitty 12/7/16
Directory Traversal restafary 3/28/16
Directory Traversal in 11xiaoli 11xiaoli 6/7/17
Directory Traversal in 22lixian 22lixian 6/7/17
Directory Traversal in 360class.jansenhm 360class.jansenhm 7/10/17
Directory Traversal in actionhero actionhero 5/8/17
Directory Traversal in byucslabsix byucslabsix 6/12/17
Directory Traversal in calmquist.static-server calmquist.static-server 6/7/17
Directory Traversal in caolilinode caolilinode 7/10/17
Directory Traversal in censorify.tanisjr censorify.tanisjr 6/7/17
Directory Traversal in chatbyvista chatbyvista 7/10/17
Directory Traversal in city-weather-abe city-weather-abe 6/7/17
Directory Traversal in citypredict.whauwiller citypredict.whauwiller 6/12/17
Directory Traversal in commentapp.stetsonwood commentapp.stetsonwood 7/10/17
Directory Traversal in cuciuci cuciuci 6/7/17
Directory Traversal in cxy cxy 8/2/17
Directory Traversal in cyber-js cyber-js 6/7/17
Directory Traversal in cypserver cypserver 7/10/17
Directory Traversal in dasafio dasafio 6/7/17
Directory Traversal in datachannel-client datachannel-client 6/7/17
Directory Traversal in dcdcdcdcdc dcdcdcdcdc 7/10/17
Directory Traversal in dcserver dcserver 6/7/17
Directory Traversal in desafio desafio 6/7/17
Directory Traversal in dgard8.lab6 dgard8.lab6 6/7/17
Directory Traversal in dmmcquay.lab6 dmmcquay.lab6 6/12/17
Directory Traversal in dylmomo dylmomo 6/7/17
Directory Traversal in earlybird earlybird 6/7/17
Directory Traversal in easyquick easyquick 6/7/17
Directory Traversal in elding elding 6/12/17
Directory Traversal in electron electron 1/25/18
Directory Traversal in enserver enserver 6/7/17
Directory Traversal in ewgaddis.lab6 ewgaddis.lab6 6/7/17
Directory Traversal in exxxxxxxxxxx exxxxxxxxxxx 6/7/17
Directory Traversal in fancy-server fancy-server 11/14/14
Directory Traversal in fast-http-cli fast-http-cli 6/7/17
Directory Traversal in fbr-client fbr-client 6/7/17
Directory Traversal in fsk-server fsk-server 6/7/17
Directory Traversal in fury-adapter-swagger fury-adapter-swagger 1/11/17
Directory Traversal in gaoxiaotingtingting gaoxiaotingtingting 6/7/17
Directory Traversal in gaoxuyan gaoxuyan 6/7/17
Directory Traversal in geddy geddy 7/27/15
Directory Traversal in general-file-server general-file-server 3/18/18
Directory Traversal in getcityapi.yoehoehne getcityapi.yoehoehne 6/7/17
Directory Traversal in ghod5servercs360 ghod5servercs360 8/2/17
Directory Traversal in goserv goserv 7/10/17
Directory Traversal in guaycuru guaycuru 5/1/17
Directory Traversal in hcbserver hcbserver 6/7/17
Directory Traversal in hechatroom hechatroom 8/2/17
Directory Traversal in hftp hftp 6/7/17
Directory Traversal in hostr hostr 12/20/16
Directory Traversal in http_static_simple http_static_simple 7/10/17
Directory Traversal in infraserver infraserver 6/7/17
Directory Traversal in intsol-package intsol-package 6/7/17
Directory Traversal in iter-http iter-http 6/7/17
Directory Traversal in iter-server iter-server 6/7/17
Directory Traversal in jansenstuffpleasework jansenstuffpleasework 6/7/17
Directory Traversal in jiazhipeng jiazhipeng 3/15/18
Directory Traversal in jikes jikes 6/12/17
Directory Traversal in jn_jj_server jn_jj_server 6/7/17
Directory Traversal in koa-static-cache koa-static-cache 6/28/17
Directory Traversal in lab6.brit95 lab6.brit95 6/7/17
Directory Traversal in lab6_agolotin lab6_agolotin 3/15/18
Directory Traversal in lab6drewfusbyu lab6drewfusbyu 7/10/17
Directory Traversal in lessindex lessindex 6/7/17
Directory Traversal in lihuini lihuini 8/2/17
Directory Traversal in list-n-stream list-n-stream 4/24/17
Directory Traversal in liuyaserver liuyaserver 6/7/17
Directory Traversal in liyujing liyujing 6/7/17
Directory Traversal in ljjnodeserve ljjnodeserve 10/17/17
Directory Traversal in looppake looppake 6/7/17
Directory Traversal in ltt ltt 6/7/17
Directory Traversal in ltt.js ltt.js 6/7/17
Directory Traversal in lzl123 lzl123 8/2/17
Directory Traversal in meryl meryl 3/15/18
Directory Traversal in mfrs mfrs 6/7/17
Directory Traversal in mfrserver mfrserver 6/7/17
Directory Traversal in mockserve mockserve 6/7/17
Directory Traversal in myprolyz myprolyz 6/7/17
Directory Traversal in myserver.alexcthomas18 myserver.alexcthomas18 6/7/17
Directory Traversal in next next 1/31/18
Directory Traversal in next next 6/12/17
Directory Traversal in nhouston nhouston 11/13/14
Directory Traversal in node-server-forfront node-server-forfront 6/7/17
Directory Traversal in node-simple-router node-simple-router 6/12/17
Directory Traversal in nodeaaaaa nodeaaaaa 6/7/17
Directory Traversal in nodejs.jseidl nodejs.jseidl 10/9/17
Directory Traversal in nodejs_liamgb nodejs_liamgb 3/15/18
Directory Traversal in nodejsccc nodejsccc 3/15/18
Directory Traversal in nodeload-nmickuli nodeload-nmickuli 6/7/17
Directory Traversal in nodeserver-jta nodeserver-jta 10/17/17
Directory Traversal in nopach nopach 10/9/17
Directory Traversal in open-device open-device 6/7/17
Directory Traversal in paopao613 paopao613 3/15/18
Directory Traversal in peiserver peiserver 6/7/17
Directory Traversal in picard picard 6/7/17
Directory Traversal in pooledwebsocket pooledwebsocket 4/25/17
Directory Traversal in pytservce pytservce 6/7/17
Directory Traversal in qinserve qinserve 6/7/17
Directory Traversal in quickserver quickserver 6/7/17
Directory Traversal in reecerver reecerver 6/7/17
Directory Traversal in ritp ritp 6/7/17
Directory Traversal in rjpserver rjpserver 3/15/18
Directory Traversal in rtcmulticonnection-client rtcmulticonnection-client 6/7/17
Directory Traversal in run-this-place run-this-place 6/7/17
Directory Traversal in scott-blanch-weather-app scott-blanch-weather-app 6/12/17
Directory Traversal in section2.madisonjbrooks12 section2.madisonjbrooks12 7/10/17
Directory Traversal in sencisho sencisho 5/1/17
Directory Traversal in send send 9/11/14
Directory Traversal in serve serve 6/12/17
Directory Traversal in serve46 serve46 7/10/17
Directory Traversal in serverabc serverabc 6/7/17
Directory Traversal in servergmf servergmf 8/2/17
Directory Traversal in serverhuwenhui serverhuwenhui 6/7/17
Directory Traversal in serverliujiayi1 serverliujiayi1 6/7/17
Directory Traversal in serverlyj333 serverlyj333 3/15/18
Directory Traversal in serverlyr serverlyr 6/7/17
Directory Traversal in serversyysyy serversyysyy 3/15/18
Directory Traversal in serverwg serverwg 6/7/17
Directory Traversal in serverwzl serverwzl 6/7/17
Directory Traversal in serverxxx serverxxx 7/10/17
Directory Traversal in serveryaozeyan serveryaozeyan 6/7/17
Directory Traversal in serveryztyzt serveryztyzt 6/7/17
Directory Traversal in serverzyqzyq serverzyqzyq 3/15/18
Directory Traversal in serverzyy serverzyy 6/7/17
Directory Traversal in severzlt severzlt 10/17/17
Directory Traversal in sgqserve sgqserve 6/7/17
Directory Traversal in shenliru shenliru 7/10/17
Directory Traversal in shit-server shit-server 6/7/17
Directory Traversal in simple-npm-registry simple-npm-registry 7/10/17
Directory Traversal in sly07 sly07 6/7/17
Directory Traversal in srverqq srverqq 8/2/17
Directory Traversal in sspa sspa 6/7/17
Directory Traversal in st st 2/5/14
Directory Traversal in starfruit starfruit 3/15/18
Directory Traversal in static-html-server static-html-server 6/7/17
Directory Traversal in stevenc4.server stevenc4.server 3/15/18
Directory Traversal in susu-sum susu-sum 7/10/17
Directory Traversal in tencent-server tencent-server 6/7/17
Directory Traversal in tiny-http tiny-http 6/7/17
Directory Traversal in tinyserver tinyserver 10/9/17
Directory Traversal in tinyserver2 tinyserver2 6/7/17
Directory Traversal in tmadserver tmadserver 3/15/18
Directory Traversal in tmock tmock 6/7/17
Directory Traversal in uekw1511server uekw1511server 6/7/17
Directory Traversal in unicorn-list unicorn-list 6/7/17
Directory Traversal in utahcityfinder utahcityfinder 6/7/17
Directory Traversal in uv-tj-demo uv-tj-demo 6/7/17
Directory Traversal in wangguojing123 wangguojing123 6/7/17
Directory Traversal in wangshuai wangshuai 10/9/17
Directory Traversal in weather.swlyons weather.swlyons 6/7/17
Directory Traversal in web-debug web-debug 6/28/17
Directory Traversal in webrepl webrepl 3/15/18
Directory Traversal in welcomyzt welcomyzt 7/10/17
Directory Traversal in wenluhong1 wenluhong1 6/7/17
Directory Traversal in wffserve wffserve 6/12/17
Directory Traversal in whispercast whispercast 6/7/17
Directory Traversal in wind-mvc wind-mvc 6/7/17
Directory Traversal in wintiwebdev wintiwebdev 6/7/17
Directory Traversal in xbhxbh xbhxbh 10/9/17
Directory Traversal in xiongrui-httpserver xiongrui-httpserver 6/7/17
Directory Traversal in xtalk xtalk 6/7/17
Directory Traversal in xxf11 xxf11 8/2/17
Directory Traversal in yjmyjmyjm yjmyjmyjm 7/10/17
Directory Traversal in yttivy yttivy 6/7/17
Directory Traversal in yyooopack yyooopack 6/7/17
Directory Traversal in yzt yzt 6/7/17
Directory Traversal in zhaolei1111 zhaolei1111 3/15/18
Directory Traversal in zjjserver zjjserver 6/7/17
Directory Traversal in zs123 zs123 3/15/18
Directory Traversal in zwserver zwserver 6/7/17
Hidden Directories Always Served inert 12/15/14
Symlink Arbitrary File Overwrite tar 11/2/15
Symlink attack due to predictable tmp folder names in npm npm 2/13/17
Tmp files readable by other users sync-exec 4/14/17

Sensitive Data Exposure (214)

Title Package Date Published
Weak Randomization of BridgeSecret in cordova-android cordova-android 6/21/17
Authentication Bypass in jsonwebtoken jsonwebtoken 3/31/15
CORS Token Disclosure in crumb crumb 7/31/14
Downloads Resources over HTTP ikst 7/5/17
Downloads Resources over HTTP gfe-sass 7/5/17
Downloads Resources over HTTP windows-build-tools 1/6/17
Downloads Resources over HTTP mystem-fix 12/31/16
Downloads Resources over HTTP react-native-baidu-voice-synthesizer 12/31/16
Downloads Resources over HTTP windows-latestchromedriver 12/31/16
Downloads Resources over HTTP npm-test-sqlite3-trunk 12/31/16
Downloads Resources over HTTP alto-saxophone 12/31/16
Downloads Resources over HTTP pm2-kafka 12/31/16
Downloads Resources over HTTP haxeshim 12/31/16
Downloads Resources over HTTP windows-seleniumjar 12/31/16
Downloads Resources over HTTP openframe-ascii-image 12/31/16
Downloads Resources over HTTP windows-iedriver 12/31/16
Downloads Resources over HTTP haxe3 12/31/16
Downloads Resources over HTTP windows-selenium-chromedriver 12/31/16
Downloads Resources over HTTP fis-sass-all 12/31/16
Downloads Resources over HTTP pk-app-wonderbox 12/31/16
Downloads Resources over HTTP healthcenter 12/31/16
Downloads Resources over HTTP arcanist 12/31/16
Downloads Resources over HTTP massif 12/31/16
Downloads Resources over HTTP roslib-socketio 12/31/16
Downloads Resources over HTTP adamvr-geoip-lite 12/31/16
Downloads Resources over HTTP selenium-standalone-painful 12/31/16
Downloads Resources over HTTP serc.js 12/31/16
Downloads Resources over HTTP google-closure-tools-latest 12/31/16
Downloads Resources over HTTP rs-brightcove 12/31/16
Downloads Resources over HTTP libsbmlsim 12/31/16
Downloads Resources over HTTP limbus-buildgen 12/31/16
Downloads Resources over HTTP ipip-coffee 12/31/16
Downloads Resources over HTTP cloudpub-redis 12/31/16
Downloads Resources over HTTP mystem-wrapper 12/31/16
Downloads Resources over HTTP windows-seleniumjar-mirror 12/31/16
Downloads Resources over HTTP soci 12/31/16
Downloads Resources over HTTP libsbml 12/31/16
Downloads Resources over HTTP selenium-portal 12/31/16
Downloads Resources over HTTP tomita-parser 12/31/16
Downloads Resources over HTTP herbivore 12/31/16
Downloads Resources over HTTP mystem 12/31/16
Downloads Resources over HTTP wixtoolset 12/31/16
Downloads Resources over HTTP tomita 12/31/16
Downloads Resources over HTTP phantomjs-cheniu 12/31/16
Downloads Resources over HTTP fis-parser-sass-bin 12/31/16
Downloads Resources over HTTP poco 12/31/16
Downloads Resources over HTTP native-opencv 12/31/16
Downloads Resources over HTTP co-cli-installer 12/31/16
Downloads Resources over HTTP qbs 12/31/16
Downloads Resources over HTTP clang-extra 12/31/16
Downloads Resources over HTTP sfml 12/31/16
Downloads Resources over HTTP xd-testing 12/31/16
Downloads Resources over HTTP prebuild-lwip 12/31/16
Downloads Resources over HTTP webdriver-launcher 12/31/16
Downloads Resources over HTTP ntfserver 12/31/16
Downloads Resources over HTTP frames-compiler 12/31/16
Downloads Resources over HTTP marionette-socket-host 12/31/16
Downloads Resources over HTTP node-air-sdk 12/31/16
Downloads Resources over HTTP resourcehacker 12/31/16
Downloads Resources over HTTP grunt-images 12/31/16
Downloads Resources over HTTP slimerjs-edge 12/31/16
Downloads Resources over HTTP jstestdriver 12/31/16
Downloads Resources over HTTP cmake 12/31/16
Downloads Resources over HTTP node-bsdiff-android 12/31/16
Downloads Resources over HTTP node-thulac 12/31/16
Downloads Resources over HTTP redis-srvr 12/31/16
Downloads Resources over HTTP js-given 12/31/16
Downloads Resources over HTTP haxe-dev 12/31/16
Downloads Resources over HTTP grunt-ccompiler 12/31/16
Downloads Resources over HTTP broccoli-closure 12/31/16
Downloads Resources over HTTP scalajs-standalone-bin 12/31/16
Downloads Resources over HTTP dwebp-bin 12/31/16
Downloads Resources over HTTP apk-parser2 12/31/16
Downloads Resources over HTTP jvminstall 12/31/16
Downloads Resources over HTTP install-g-test 12/31/16
Downloads Resources over HTTP nw-with-arm 12/31/16
Downloads Resources over HTTP selenium-wrapper 12/31/16
Downloads Resources over HTTP scala-bin 12/31/16
Downloads Resources over HTTP mystem3 12/31/16
Downloads Resources over HTTP headless-browser-lite 12/31/16
Downloads Resources over HTTP selenium-chromedriver 12/31/16
Downloads Resources over HTTP macaca-chromedriver-zxa 12/31/16
Downloads Resources over HTTP nodeschnaps 12/31/16
Downloads Resources over HTTP fibjs 12/31/16
Downloads Resources over HTTP atom-node-module-installer 12/31/16
Downloads Resources over HTTP pennyworth 12/31/16
Downloads Resources over HTTP node-browser 12/31/16
Downloads Resources over HTTP box2d-native 12/31/16
Downloads Resources over HTTP openframe-image 12/31/16
Downloads Resources over HTTP curses 12/31/16
Downloads Resources over HTTP httpsync 12/31/16
Downloads Resources over HTTP bionode-sra 12/31/16
Downloads Resources over HTTP dalek-browser-ie-canary 12/31/16
Downloads Resources over HTTP strider-sauce 12/31/16
Downloads Resources over HTTP unicode-json 12/31/16
Downloads Resources over HTTP chromedriver126 12/31/16
Downloads Resources over HTTP robot-js 12/31/16
Downloads Resources over HTTP openframe-glslviewer 12/31/16
Downloads Resources over HTTP grunt-webdriver-qunit 12/31/16
Downloads Resources over HTTP dalek-browser-ie 12/31/16
Downloads Resources over HTTP dalek-browser-chrome 12/31/16
Downloads Resources over HTTP air-sdk 12/31/16
Downloads Resources over HTTP haxe 12/31/16
Downloads Resources over HTTP webdrvr 12/31/16
Downloads Resources over HTTP webrtc-native 12/31/16
Downloads Resources over HTTP sauce-connect 12/31/16
Downloads Resources over HTTP arrayfire-js 12/31/16
Downloads Resources over HTTP cobalt-cli 12/31/16
Downloads Resources over HTTP imageoptim 12/31/16
Downloads Resources over HTTP jdf-sass 12/31/16
Downloads Resources over HTTP ipip 12/21/16
Downloads Resources over HTTP ibapi 12/21/16
Downloads Resources over HTTP jser-stat 12/21/16
Downloads Resources over HTTP prince 12/21/16
Downloads Resources over HTTP cue-sdk-node 12/21/16
Downloads Resources over HTTP selenium-binaries 12/18/16
Downloads Resources over HTTP nw 12/18/16
Downloads Resources over HTTP wasdk 12/18/16
Downloads Resources over HTTP macaca-chromedriver 12/18/16
Downloads Resources over HTTP libxl 12/18/16
Downloads Resources over HTTP dalek-browser-chrome-canary 12/18/16
Downloads Resources over HTTP closure-util 12/18/16
Downloads Resources over HTTP closurecompiler 12/18/16
Downloads Resources over HTTP steroids 12/18/16
Downloads Resources over HTTP nodewebkit 12/18/16
Downloads Resources over HTTP chromedriver 12/18/16
Downloads Resources over HTTP unicode 12/18/16
Downloads Resources over HTTP ibm_db 12/18/16
Downloads Resources over HTTP fuseki 12/15/16
Downloads Resources over HTTP kindlegen 12/15/16
Downloads Resources over HTTP apk-parser3 12/15/16
Downloads Resources over HTTP baryton-saxophone 12/15/16
Downloads Resources over HTTP mongodb-instance 12/15/16
Downloads Resources over HTTP bkjs-wand 12/15/16
Downloads Resources over HTTP pngcrush-installer 12/15/16
Downloads Resources over HTTP embedza 12/15/16
Downloads Resources over HTTP geoip-lite-country 12/15/16
Downloads Resources over HTTP product-monitor 12/15/16
Downloads Resources over HTTP install-nw 12/15/16
Downloads Resources over HTTP operadriver 12/15/16
Downloads Resources over HTTP apk-parser 12/15/16
Downloads Resources over HTTP go-ipfs-dep 12/15/16
Downloads Resources over HTTP iedriver 12/15/16
Downloads Resources over HTTP galenframework-cli 12/5/16
Downloads Resources over HTTP selenium-download 12/5/16
Downloads Resources over HTTP aerospike 12/5/16
Downloads Resources over HTTP appium-chromedriver 12/5/16
Downloads resources over HTTP hubl-server 6/5/17
Exfiltrates Discord login tokens to pastebin discordi.js 10/9/17
Forgeable Public/Private Tokens jws 7/26/16
Forgeable public/private tokens in jwt-simple jwt-simple 10/30/16
Github Token Leak aegir 10/13/17
Hidden Directories Leakage in inert inert 12/15/14
Information Disclosure in ghost ghost 5/30/17
Information Disclosure in nforce nforce 5/8/17
Information Disclosure in rethinkdb rethinkdb 3/13/17
Information Exposure converse.js 2/21/18
Information Exposure in brunch brunch 5/8/17
Information Exposure in cordova-plugin-ios-keychain cordova-plugin-ios-keychain 3/21/18
Information Exposure in kibana kibana 1/4/18
Information Exposure in serve serve 3/18/18
Insecure Entropy Source - Math.random() node-uuid 3/28/16
Insecure Hashing Algorithm in contwidgetor contwidgetor 6/28/17
Insecure Randomness in crypto-browserify crypto-browserify 12/25/17
Insecure Randomness in socket.io socket.io 2/13/17
Insecure Randomness in uuid uuid 2/13/17
Insecure Randomness in ws ws 2/7/17
Insecure Token Validation in node-jose node-jose 1/10/18
Invalid Curve Attack node-jose 3/13/17
Man-in-the-Middle (MitM) tiny-json-http 3/14/18
Man-in-the-Middle (MitM) in electron electron 10/9/17
Man-in-the-Middle (MitM) in hotel hotel 5/30/17
Non-Constant Time String Comparison csrf-lite 4/22/16
Non-Constant Time String Comparison in cookie-signature cookie-signature 8/28/16
Private Data Disclosure express-restify-mongoose 4/19/16
Random Token based off Math.random() react-native-meteor-oauth 4/14/17
Remote Memory Disclosure bittorrent-dht 1/4/16
Remote Memory Disclosure ws 1/4/16
Remote Memory Exposure request 4/14/17
Remote Memory Exposure in mongoose mongoose 1/23/16
Remote Memory Exposure in request request 3/22/16
Remote Memory Exposure in sequelize sequelize 3/31/16
Resources Downloaded over Insecure Protocol gatsby-cli 2/28/18
Resources Downloaded over Insecure Protocol in cordova-android cordova-android 2/12/18
Resources Downloaded over Insecure Protocol in edp-package edp-package 6/28/17
Resources Downloaded over Insecure Protocol in fuseki fuseki 1/3/17
Resources Downloaded over Insecure Protocol in geoip-lite-country geoip-lite-country 1/3/17
Resources Downloaded over Insecure Protocol in iedriver iedriver 1/3/17
Resources Downloaded over Insecure Protocol in install-nw install-nw 1/3/17
Resources Downloaded over Insecure Protocol in mongodb-instance mongodb-instance 1/3/17
Resources Downloaded over Insecure Protocol in nodux-core nodux-core 4/24/17
Resources downloaded over Insecure Protocol in ec2-price ec2-price 5/1/17
Resources downloaded over insecure protocol in craft-ai-icons craft-ai-icons 6/7/17
Resources downloaded over insecure protocol in given-html-report given-html-report 6/7/17
Resources downloaded over insecure protocol in igniteui igniteui 10/30/16
Resources downloaded over insecure protocol in rocketmake-nuget rocketmake-nuget 6/7/17
Root Path Disclosure send 11/2/15
Root Path Disclosure in serve-static serve-static 1/19/15
Sensitive Information Exposure in airbrake airbrake 10/9/16
Timing Attack due to unsafe HMAC comparison in node-forge node-forge 12/26/16
Timing Attack in generator-jhipster generator-jhipster 3/28/17
Timing Attack via Non-constant Time Comparison in fernet fernet 11/22/16
Uninitialized Memory Exposure in bl bl 9/18/16
Uninitialized Memory Exposure in concat-stream concat-stream 3/9/17
Uninitialized Memory Exposure in floody floody 6/21/17
Uninitialized Memory Exposure in http-proxy-agent http-proxy-agent 4/9/18
Uninitialized Memory Exposure in https-proxy-agent https-proxy-agent 4/8/18
Uninitialized Memory Exposure in ip ip 6/4/17
Uninitialized Memory Exposure in life_star life_star 11/9/16
Uninitialized Memory Exposure in mysql mysql 8/8/17
Uninitialized Memory Exposure in openwhisk openwhisk 7/18/17
Uninitialized Memory Exposure in tunnel-agent tunnel-agent 7/5/17
Unsigned Request Headers in http-signature http-signature 2/13/17
npm Token Leak npm 4/18/16

Denial of Service (147)

Title Package Date Published
Denial of Service ecstatic 12/13/17
Denial of Service ws 11/8/17
Denial of Service nes 4/14/17
Denial of Service uws 10/17/16
Denial of Service mqtt-packet 1/15/16
Denial of Service (DDoS) in botkit botkit 12/25/17
Denial of Service (DoS) in connect connect 2/13/17
Denial of Service (DoS) in ejs ejs 12/6/16
Denial of Service (DoS) in electron electron 10/9/17
Denial of Service (DoS) in engine.io engine.io 11/14/16
Denial of Service (DoS) in ghost ghost 5/30/17
Denial of Service (DoS) in jquery jquery 12/26/16
Denial of Service (DoS) in js-quantities js-quantities 8/2/17
Denial of Service (DoS) in kibana kibana 1/4/18
Denial of Service (DoS) in mqtt mqtt 1/3/18
Denial of Service (DoS) in mqtt mqtt 8/17/16
Denial of Service (DoS) in ng-dialog ng-dialog 3/13/17
Denial of Service (DoS) in node-uuid node-uuid 11/22/16
Denial of Service (DoS) in podium podium 12/20/16
Denial of Service (DoS) in ractive ractive 12/25/17
Denial of Service (DoS) in sails sails 1/30/17
Denial of Service (DoS) in share share 4/3/17
Denial of Service (DoS) in websocket-driver websocket-driver 1/30/17
Denial of Service (DoS) in yar yar 6/16/14
Denial of Service (DoS) via Infinite Loop in mongoose mongoose 12/13/16
Denial of Service (Memory Exhaustion) in qs qs 8/5/14
Denial of Service - Illegal access crash from if-modified-since header ecstatic 12/23/15
Denial of Service and Content Injection i18n-node-angular 1/25/16
Denial of Service via malformed accept-encoding header hapi 4/5/17
Denial of service - Potential socket exhaustion hapi 12/23/15
DoS due to excessively large websocket message ws 6/24/16
Exceeding Stack Call Limit DoS jquery 4/14/17
Fastify denial-of-service vulnerability with large JSON payloads fastify 1/25/18
File Descriptor Leak Can Cause DoS Vulnerability hapi 2/14/14
Heap-based Buffer Overflow in libyaml libyaml 2/3/14
Large gzip Denial of Service superagent 9/26/17
ReDoS brace-expansion 4/25/17
ReDoS in ssri ssri 2/14/18
ReDoS via long UserAgent header ua-parser 8/29/17
ReDoS via long UserAgent header useragent 4/14/17
ReDoS via long string of semicolons tough-cookie 7/22/16
Regular Expression Denial Of Service uri-js 4/14/17
Regular Expression Denial of Service moment 11/27/17
Regular Expression Denial of Service method-override 9/27/17
Regular Expression Denial of Service fresh 9/26/17
Regular Expression Denial of Service forwarded 9/26/17
Regular Expression Denial of Service slug 9/25/17
Regular Expression Denial of Service string 9/25/17
Regular Expression Denial of Service timespan 9/25/17
Regular Expression Denial of Service parsejson 9/20/17
Regular Expression Denial of Service tough-cookie 9/20/17
Regular Expression Denial of Service content 9/12/17
Regular Expression Denial of Service no-case 9/8/17
Regular Expression Denial of Service charset 9/8/17
Regular Expression Denial of Service decamelize 4/14/17
Regular Expression Denial of Service minimatch 6/20/16
Regular Expression Denial of Service negotiator 6/16/16
Regular Expression Denial of Service riot-compiler 3/21/16
Regular Expression Denial of Service moment 1/26/16
Regular Expression Denial of Service hawk 1/19/16
Regular Expression Denial of Service is-my-json-valid 1/17/16
Regular Expression Denial of Service jshamcrest 1/5/16
Regular Expression Denial of Service jadedown 1/5/16
Regular Expression Denial of Service milliseconds 11/20/15
Regular Expression Denial of Service ansi2html 10/24/15
Regular Expression Denial of Service uglify-js 10/24/15
Regular Expression Denial of Service bleach 10/24/15
Regular Expression Denial of Service ms 10/24/15
Regular Expression Denial of Service marked 1/22/15
Regular Expression Denial of Service (DoS) in marked marked 1/30/14
Regular Expression Denial of Service (DoS) in millisecond millisecond 11/25/15
Regular Expression Denial of Service (DoS) in semver semver 4/3/15
Regular Expression Denial of Service (DoS) in uc.micro uc.micro 10/5/16
Regular Expression Denial of Service (DoS) in validator validator 11/12/14
Regular Expression Denial of Service (ReDoS) path-complete-extname 3/7/18
Regular Expression Denial of Service (ReDoS) clean-css 3/6/18
Regular Expression Denial of Service (ReDoS) diff 3/5/18
Regular Expression Denial of Service (ReDoS) useragent 3/5/18
Regular Expression Denial of Service (ReDoS) ua-parser-js 3/5/18
Regular Expression Denial of Service (ReDoS) aws-lambda-multipart-parser 3/5/18
Regular Expression Denial of Service (ReDoS) phpjs 3/4/18
Regular Expression Denial of Service (ReDoS) nwmatcher 3/4/18
Regular Expression Denial of Service (ReDoS) content 3/4/18
Regular Expression Denial of Service (ReDoS) uas-parser 3/4/18
Regular Expression Denial of Service (ReDoS) protobufjs 3/4/18
Regular Expression Denial of Service (ReDoS) emailjs-mime-codec 2/28/18
Regular Expression Denial of Service (ReDoS) highcharts 2/28/18
Regular Expression Denial of Service (ReDoS) wicket 2/26/18
Regular Expression Denial of Service (ReDoS) marked 2/26/18
Regular Expression Denial of Service (ReDoS) bson 2/26/18
Regular Expression Denial of Service (ReDoS) node-json-db 2/25/18
Regular Expression Denial of Service (ReDoS) node-forge 2/25/18
Regular Expression Denial of Service (ReDoS) mongoose-beautiful-unique-validation 2/25/18
Regular Expression Denial of Service (ReDoS) github-url-to-object 2/25/18
Regular Expression Denial of Service (ReDoS) git-username 2/25/18
Regular Expression Denial of Service (ReDoS) compromise 2/25/18
Regular Expression Denial of Service (ReDoS) checkit 2/25/18
Regular Expression Denial of Service (ReDoS) truncate 2/24/18
Regular Expression Denial of Service (ReDoS) skeemas 2/24/18
Regular Expression Denial of Service (ReDoS) sanitize 2/24/18
Regular Expression Denial of Service (ReDoS) email-existence 2/24/18
Regular Expression Denial of Service (ReDoS) datatype-expansion 2/24/18
Regular Expression Denial of Service (ReDoS) astronomia 2/24/18
Regular Expression Denial of Service (ReDoS) address-rfc2822 2/24/18
Regular Expression Denial of Service (ReDoS) xlsx 2/21/18
Regular Expression Denial of Service (ReDoS) vue 2/21/18
Regular Expression Denial of Service (ReDoS) valid-email 2/21/18
Regular Expression Denial of Service (ReDoS) shaka-player 2/21/18
Regular Expression Denial of Service (ReDoS) moddle-xml 2/21/18
Regular Expression Denial of Service (ReDoS) markdown-js 2/21/18
Regular Expression Denial of Service (ReDoS) harb 2/21/18
Regular Expression Denial of Service (ReDoS) node-pg-migrate 2/19/18
Regular Expression Denial of Service (ReDoS) html-dom-parser 2/19/18
Regular Expression Denial of Service (ReDoS) gettext-parser 2/19/18
Regular Expression Denial of Service (ReDoS) deckardcain 2/19/18
Regular Expression Denial of Service (ReDoS) abaaso 2/19/18
Regular Expression Denial of Service (ReDoS) braces 2/18/18
Regular Expression Denial of Service (ReDoS) validator 2/17/18
Regular Expression Denial of Service (ReDoS) postcss-inline-base64 2/17/18
Regular Expression Denial of Service (ReDoS) jasmine-core 2/17/18
Regular Expression Denial of Service (ReDoS) cejs 2/17/18
Regular Expression Denial of Service (ReDoS) valid-data-url 2/14/18
Regular Expression Denial of Service (ReDoS) q-io 2/14/18
Regular Expression Denial of Service (ReDoS) nicest 2/14/18
Regular Expression Denial of Service (ReDoS) mimer 2/14/18
Regular Expression Denial of Service (ReDoS) jquery.csssr.validation 2/14/18
Regular Expression Denial of Service (ReDoS) is-my-json-valid 2/14/18
Regular Expression Denial of Service (ReDoS) htmllint 2/14/18
Regular Expression Denial of Service (ReDoS) dirty-json 2/14/18
Regular Expression Denial of Service (ReDoS) citeproc 2/14/18
Regular Expression Denial of Service (ReDoS) in amqp-match amqp-match 5/15/17
Regular Expression Denial of Service (ReDoS) in content-type-parser content-type-parser 12/9/17
Regular Expression Denial of Service (ReDoS) in debug debug 9/25/17
Regular Expression Denial of Service (ReDoS) in dns-sync dns-sync 9/10/17
Regular Expression Denial of Service (ReDoS) in ducktype ducktype 4/15/18
Regular Expression Denial of Service (ReDoS) in eslint eslint 3/22/18
Regular Expression Denial of Service (ReDoS) in http-proxy http-proxy 2/13/17
Regular Expression Denial of Service (ReDoS) in is-url is-url 4/15/18
Regular Expression Denial of Service (ReDoS) in marked marked 9/21/17
Regular Expression Denial of Service (ReDoS) in mime mime 9/26/17
Regular Expression Denial of Service (ReDoS) in mobile-detect mobile-detect 12/9/17
Regular Expression Denial of Service (ReDoS) in ms ms 5/14/17
Regular Expression Denial of Service (ReDoS) in plist plist 4/15/18
Regular Expression Denial of Service (ReDoS) in simpl-schema simpl-schema 4/15/18
Regular Expression Denial of Service (ReDoS) in sshpk sshpk 4/9/18
Regular Expression Denial of Service (ReDoS) in uikit uikit 5/8/17
Regular Expression Denial of Service (ReDoS) in whatwg-mimetype whatwg-mimetype 12/9/17

Cross Site Scripting (XSS) (131)

Title Package Date Published
Content & Code Injection (XSS) in nunjucks nunjucks 9/9/16
Cross Site Scripting gitbook 4/14/17
Cross Site Scripting sanitize-html 4/11/17
Cross Site Scripting backbone 5/23/16
Cross Site Scripting dojo 5/23/16
Cross-Application Scripting in cordova-android cordova-android 6/21/17
Cross-Site Scripting (XSS) simplehttpserver 3/5/18
Cross-Site Scripting (XSS) in bootstrap bootstrap 1/19/18
Cross-site Scripting (XSS) zeroclipboard 3/14/18
Cross-site Scripting (XSS) mrk.js 3/5/18
Cross-site Scripting (XSS) anywhere 3/5/18
Cross-site Scripting (XSS) simditor 2/28/18
Cross-site Scripting (XSS) knockout 2/28/18
Cross-site Scripting (XSS) crud-file-server 2/20/18
Cross-site Scripting (XSS) angular 2/18/18
Cross-site Scripting (XSS) dijit 2/13/18
Cross-site Scripting (XSS) in actionhero actionhero 5/8/17
Cross-site Scripting (XSS) in angular angular 1/23/17
Cross-site Scripting (XSS) in angular-gettext angular-gettext 1/23/17
Cross-site Scripting (XSS) in backbone backbone 11/5/15
Cross-site Scripting (XSS) in blocks blocks 1/19/18
Cross-site Scripting (XSS) in boom boom 10/5/16
Cross-site Scripting (XSS) in bootstrap bootstrap 4/10/17
Cross-site Scripting (XSS) in bootstrap-markdown bootstrap-markdown 5/30/17
Cross-site Scripting (XSS) in bracket-template bracket-template 4/15/18
Cross-site Scripting (XSS) in bui bui 3/21/18
Cross-site Scripting (XSS) in cheerio cheerio 10/20/16
Cross-site Scripting (XSS) in ckeditor-dev ckeditor-dev 9/18/16
Cross-site Scripting (XSS) in clusterize.js clusterize.js 12/25/16
Cross-site Scripting (XSS) in datatables datatables 5/8/17
Cross-site Scripting (XSS) in datatables datatables 9/18/15
Cross-site Scripting (XSS) in dojo dojo 11/5/15
Cross-site Scripting (XSS) in dompurify dompurify 4/24/17
Cross-site Scripting (XSS) in easyxdm easyxdm 5/30/17
Cross-site Scripting (XSS) in ejs ejs 12/6/16
Cross-site Scripting (XSS) in electron electron 10/9/17
Cross-site Scripting (XSS) in express express 9/11/14
Cross-site Scripting (XSS) in express-graphql express-graphql 6/21/17
Cross-site Scripting (XSS) in favico.js favico.js 5/8/17
Cross-site Scripting (XSS) in foundation-sites foundation-sites 3/13/17
Cross-site Scripting (XSS) in fullpage.js fullpage.js 5/8/17
Cross-site Scripting (XSS) in ghost ghost 5/30/17
Cross-site Scripting (XSS) in glance glance 4/17/18
Cross-site Scripting (XSS) in handlebars handlebars 11/5/15
Cross-site Scripting (XSS) in hapi hapi 11/22/16
Cross-site Scripting (XSS) in hoek hoek 11/9/16
Cross-site Scripting (XSS) in html-janitor html-janitor 2/11/18
Cross-site Scripting (XSS) in i18next i18next 2/13/17
Cross-site Scripting (XSS) in jquery jquery 10/20/16
Cross-site Scripting (XSS) in jquery-colorbox jquery-colorbox 12/25/17
Cross-site Scripting (XSS) in jquery-migrate jquery-migrate 12/26/16
Cross-site Scripting (XSS) in jquery-mobile jquery-mobile 12/26/16
Cross-site Scripting (XSS) in jquery-ui jquery-ui 2/13/17
Cross-site Scripting (XSS) in js-xss js-xss 1/19/18
Cross-site Scripting (XSS) in jspdf jspdf 3/28/17
Cross-site Scripting (XSS) in jstree jstree 6/21/17
Cross-site Scripting (XSS) in keystone keystone 11/5/17
Cross-site Scripting (XSS) in kibana kibana 1/4/18
Cross-site Scripting (XSS) in kibana kibana 12/25/17
Cross-site Scripting (XSS) in knockout knockout 3/13/17
Cross-site Scripting (XSS) in lets-chat lets-chat 3/6/17
Cross-site Scripting (XSS) in mediaelement mediaelement 5/8/17
Cross-site Scripting (XSS) in metascraper metascraper 4/1/18
Cross-site Scripting (XSS) in morris.js morris.js 4/16/17
Cross-site Scripting (XSS) in mustache mustache 11/5/15
Cross-site Scripting (XSS) in next next 6/13/17
Cross-site Scripting (XSS) in nodebb nodebb 4/3/17
Cross-site Scripting (XSS) in octotree octotree 5/30/17
Cross-site Scripting (XSS) in pivottable pivottable 8/17/16
Cross-site Scripting (XSS) in plotly.js plotly.js 2/28/17
Cross-site Scripting (XSS) in plotly.js plotly.js 10/16/16
Cross-site Scripting (XSS) in polyfill-service polyfill-service 5/8/17
Cross-site Scripting (XSS) in public public 4/17/18
Cross-site Scripting (XSS) in pure pure 12/25/17
Cross-site Scripting (XSS) in ql.io-engine ql.io-engine 5/8/17
Cross-site Scripting (XSS) in react react 1/18/17
Cross-site Scripting (XSS) in rendr rendr 5/8/17
Cross-site Scripting (XSS) in rendr-handlebars rendr-handlebars 5/30/17
Cross-site Scripting (XSS) in restify restify 2/13/17
Cross-site Scripting (XSS) in rethinkdb rethinkdb 3/13/17
Cross-site Scripting (XSS) in reveal.js reveal.js 3/13/17
Cross-site Scripting (XSS) in riot riot 5/8/17
Cross-site Scripting (XSS) in select2 select2 3/13/17
Cross-site Scripting (XSS) in semantic-ui semantic-ui 6/21/17
Cross-site Scripting (XSS) in shiba shiba 1/22/18
Cross-site Scripting (XSS) in shout shout 10/31/16
Cross-site Scripting (XSS) in showdown-xss-filter showdown-xss-filter 1/19/18
Cross-site Scripting (XSS) in simple-server simple-server 3/18/18
Cross-site Scripting (XSS) in socket.io socket.io 2/13/17
Cross-site Scripting (XSS) in squire-rte squire-rte 3/13/17
Cross-site Scripting (XSS) in swagger-ui swagger-ui 3/13/17
Cross-site Scripting (XSS) in textangular textangular 2/13/17
Cross-site Scripting (XSS) in thelounge thelounge 3/6/17
Cross-site Scripting (XSS) in tinymce tinymce 1/9/17
Cross-site Scripting (XSS) in tinymce tinymce 10/27/16
Cross-site Scripting (XSS) in validator validator 1/30/17
Cross-site Scripting (XSS) in vega vega 3/13/17
Cross-site Scripting (XSS) in vue vue 12/25/17
Cross-site Scripting (XSS) in weyland weyland 1/19/18
Cross-site Scripting (XSS) in wysihtml wysihtml 3/13/17
Cross-site Scripting (XSS) in yms yms 3/6/17
Cross-site Scripting (XSS) in yui yui 2/13/17
Cross-site Scripting (XSS) in zeroclipboard zeroclipboard 3/13/17
Cross-site Scripting (XSS) via Bootstrapped data URL in brisket brisket 9/20/16
Cross-site Scripting (XSS) via Class Injection in markdown-it markdown-it 2/13/17
Cross-site Scripting (XSS) via Data URIs in markdown-it markdown-it 9/26/16
Cross-site Scripting (XSS) via Data URIs in marked marked 1/30/17
Cross-site Scripting (XSS) via Data Uri in remarkable remarkable 2/13/17
Cross-site Scripting due to improper file and directory names escaping in serve-index serve-index 3/13/15
DOM-based XSS gmail-js 7/21/16
Improper Escaping of Bound Arrays sequelize 10/31/16
Lack of HTML Escaping forms 4/11/17
Multiple XSS Filter Bypasses in validator validator 7/5/13
Partial Sanitization in sanitize-html sanitize-html 11/5/15
Potential Cross-site Scripting (XSS) in ember ember 11/5/15
Reflected Cross-Site Scripting redis-commander 1/23/18
Sanitization bypass using HTML Entities marked 4/18/16
XSS - Sanitization not applied recursively sanitize-html 8/1/16
XSS Filter Bypass via Encoded URL in validator validator 10/26/14
XSS in Consumes/Produces Parameter swagger-ui 7/20/16
XSS in Hover Over Label Names Morris.js 4/14/17
XSS in Pillbox fuelux 7/25/16
XSS in client rendered block templates rendr 7/25/16
XSS in dialog closeText jquery-ui 7/21/16
XSS in drag and drop node jqtree 7/25/16
XSS in itemTitle parameter bootstrap-tagsinput 7/20/16
XSS in primary functions emojione 7/25/16
XSS via Angular Expression ag-grid 3/15/17
XSS via improper selector detection jquery 3/21/17
XSS via tooltips in c3 c3 8/17/16
methodOverride Middleware Reflected Cross-site Scripting (XSS) in connect connect 6/30/13

Injection Attack (95)

Title Package Date Published
Arbitrary Code Execution gifsicle 2/20/18
Arbitrary Code Execution in cordova-android cordova-android 6/21/17
Arbitrary Code Execution in mathjs mathjs 1/28/18
Arbitrary Code Execution in mathjs mathjs 11/28/17
Arbitrary Code Execution in nodebb nodebb 4/3/17
Arbitrary Code Execution in quill quill 2/28/17
Arbitrary Code Execution in sandbox sandbox 11/7/17
Arbitrary Code Execution in static-eval static-eval 10/18/17
Arbitrary Code Injection mobile-icon-resizer 1/15/18
Arbitrary Code Injection in growl growl 5/1/17
Arbitrary Code Injection in kmc kmc 5/1/17
Arbitrary Code Injection in m-log m-log 5/1/17
Arbitrary Code Injection in m2m-supervisor m2m-supervisor 5/1/17
Arbitrary Code Injection in microservicebus.node microservicebus.node 5/1/17
Arbitrary Code Injection in mixin-pro mixin-pro 4/30/17
Arbitrary Code Injection in mobile-icon-resizer mobile-icon-resizer 4/30/17
Arbitrary Code Injection in mock2easy mock2easy 5/1/17
Arbitrary Code Injection in modjs modjs 5/1/17
Arbitrary Code Injection in modulify modulify 5/1/17
Arbitrary Code Injection in mol-proto mol-proto 4/8/18
Arbitrary Code Injection in mongo-edit mongo-edit 5/1/17
Arbitrary Code Injection in mongo-parse mongo-parse 5/1/17
Arbitrary Code Injection in mongoosemask mongoosemask 5/1/17
Arbitrary Code Injection in mongoosify mongoosify 5/1/17
Arbitrary Code Injection in mongui mongui 5/1/17
Arbitrary Code Injection in nameless-cli nameless-cli 5/1/17
Arbitrary Code Injection in nd-validator nd-validator 5/1/17
Arbitrary Code Injection in pouchdb pouchdb 10/16/16
Arbitrary Code Injection in protojs protojs 5/1/17
Arbitrary Code Injection in reduce-css-calc reduce-css-calc 10/16/16
Arbitrary Command Execution pullit 2/13/18
Arbitrary Command Execution in clamscan clamscan 1/18/17
Arbitrary Command Execution in windows-cpu windows-cpu 5/19/17
Arbitrary Command Injection in dns-sync dns-sync 11/11/14
Arbitrary Command Injection in whereis whereis 4/1/18
Arbitrary JavaScript Code Injection in bassmaster bassmaster 9/26/14
Arbitrary Script Injection in angular angular 1/23/17
Arbitrary execution in cordova-ios cordova-ios 6/21/17
CRLF Injection in cordova-plugin-file-transfer cordova-plugin-file-transfer 6/21/17
CSS Injection in plotly.js plotly.js 10/16/16
CSV Injection in keystone keystone 11/5/17
Chromium Remote Code Execution electron 9/28/17
Code Execution Through IIFE serialize-to-js 2/10/17
Code Execution due to Deserialization in js-yaml js-yaml 6/23/13
Code Execution through IIFE node-serialize 2/9/17
Code Injection in crossbow-lang crossbow-lang 9/17/16
Code Injection in dustjs-linkedin dustjs-linkedin 9/13/16
Command Injection fs-git 8/29/17
Command Injection pidusage 6/5/17
Command Injection dns-sync 4/11/17
Command Injection due to untrusted input in printer printer 3/5/14
Command Injection in email.coffee in hubot-scripts hubot-scripts 5/15/13
Command Injection in ffprobe in codem-transcode codem-transcode 7/6/13
Command Injection in gm.compare function gm 10/26/15
Command Injection in shelljs shelljs 2/13/17
Command Injection in ungit ungit 1/21/15
Content Injection in remarkable remarkable 11/13/14
Content Injection via TileJSON Name mapbox.js 1/12/16
Content Injection via TileJSON attribute mapbox.js 10/24/15
HTML Injection in ag-grid ag-grid 3/16/17
HTML Injection in shout shout 2/13/17
LDAP Injection in ldapauth ldapauth 9/18/15
LDAP Injection in ldapauth-fork ldapauth-fork 9/18/15
Potential Command Injection shell-quote 6/21/16
Potential Command Injection in libnotify libnotify 5/15/13
Potential Script Injection in syntax-error syntax-error 7/14/14
Quoteless Attributes in Templates can lead to Content Injection mustache 12/14/15
Quoteless Attributes in Templates can lead to Content Injection handlebars 12/14/15
Remote Code Execution electron 1/23/18
Remote Code Execution pg 8/12/17
Remote Code Execution in ejs ejs 11/28/16
SQL Injection due to unescaped object keys mysql 12/28/15
SQL Injection due to unescaped object keys in mysql mysql 1/5/16
SQL Injection in Order in sequelize sequelize 1/18/15
SQL Injection in knex knex 12/20/16
SQL Injection in loopback-connector-mssql loopback-connector-mssql 1/4/17
SQL Injection in loopback-connector-mysql loopback-connector-mysql 1/4/17
SQL Injection in loopback-connector-oracle loopback-connector-oracle 1/4/17
SQL Injection in loopback-connector-postgresql loopback-connector-postgresql 1/4/17
SQL Injection in order/limit in sequelize sequelize 3/31/16
SQL Injection in pouchdb pouchdb 3/13/17
SQL Injection in sequelize sequelize 2/13/17
SQL Injection in waterline-sequel waterline-sequel 10/30/16
Sandbox Breakout safe-eval 8/30/17
Shell Command Injection in git-ls-remote git-ls-remote 9/25/16
Shell Command Injection in traceroute traceroute 1/23/18
Template Injection jsrender 3/30/16
Template Injection in jsviews jsviews 1/19/18
Unauthenticated Remote Command Injection in ep_imageconvert ep_imageconvert 5/5/13
Unsafe eval() summit 4/14/17
VBScript Content Injection marked 1/22/15
VBScript Content Injection in marked marked 1/30/14
XML External Entity (XXE) Injection in mxgraph mxgraph 3/21/18
XML Injection in express-saml2 express-saml2 1/22/18
XML Injection in samlify samlify 1/22/18

Malicious Package (60)

Title Package Date Published
Exfiltrates data on installation cofee-script 10/5/17
Exfiltrates data on installation coffescript 10/5/17
Exfiltrates data on installation jquey 10/5/17
Exfiltrates data on installation coffe-script 10/5/17
Exfiltrates data on installation cofeescript 10/5/17
Malicious Module npm-script-demo 9/26/17
Malicious Package in anarchy anarchy 9/17/17
Malicious Package in babelcli babelcli 8/2/17
Malicious Package in botbait botbait 9/17/17
Malicious Package in cross-env.js cross-env.js 8/2/17
Malicious Package in crossenv crossenv 8/2/17
Malicious Package in d3.js d3.js 8/2/17
Malicious Package in deasyncp deasyncp 9/17/17
Malicious Package in discordi.js discordi.js 10/19/17
Malicious Package in fabric-js fabric-js 8/2/17
Malicious Package in ffmepg ffmepg 8/2/17
Malicious Package in gruntcli gruntcli 8/2/17
Malicious Package in harmlesspackage harmlesspackage 9/17/17
Malicious Package in http-proxy.js http-proxy.js 8/2/17
Malicious Package in ikst ikst 9/17/17
Malicious Package in jquery.js jquery.js 8/2/17
Malicious Package in mariadb mariadb 8/2/17
Malicious Package in maybemaliciouspackage maybemaliciouspackage 9/17/17
Malicious Package in mktmpio mktmpio 9/17/17
Malicious Package in mongose mongose 8/2/17
Malicious Package in mssql-node mssql-node 8/2/17
Malicious Package in mssql.js mssql.js 8/2/17
Malicious Package in mysqljs mysqljs 8/2/17
Malicious Package in node-fabric node-fabric 8/2/17
Malicious Package in node-opencv node-opencv 8/2/17
Malicious Package in node-opensl node-opensl 8/2/17
Malicious Package in node-openssl node-openssl 8/2/17
Malicious Package in node-sqlite node-sqlite 8/2/17
Malicious Package in node-tkinter node-tkinter 8/2/17
Malicious Package in nodecaffe nodecaffe 8/2/17
Malicious Package in nodefabric nodefabric 8/2/17
Malicious Package in nodeffmpeg nodeffmpeg 8/2/17
Malicious Package in nodemailer-js nodemailer-js 8/2/17
Malicious Package in nodemailer.js nodemailer.js 8/2/17
Malicious Package in nodemssql nodemssql 8/2/17
Malicious Package in noderequest noderequest 8/2/17
Malicious Package in nodesass nodesass 8/2/17
Malicious Package in nodesqlite nodesqlite 8/2/17
Malicious Package in npm-exploit npm-exploit 9/17/17
Malicious Package in npm_scripts_test_metrics npm_scripts_test_metrics 9/17/17
Malicious Package in opencv.js opencv.js 8/2/17
Malicious Package in openssl.js openssl.js 8/2/17
Malicious Package in pandora-doomsday pandora-doomsday 9/17/17
Malicious Package in proxy.js proxy.js 8/2/17
Malicious Package in sdfjghlkfjdshlkjdhsfg sdfjghlkfjdshlkjdhsfg 9/17/17
Malicious Package in shadowsock shadowsock 8/2/17
Malicious Package in shrugging-logging shrugging-logging 9/17/17
Malicious Package in smb smb 8/2/17
Malicious Package in sqlite.js sqlite.js 8/2/17
Malicious Package in sqliter sqliter 8/2/17
Malicious Package in sqlserver sqlserver 8/2/17
Malicious Package in subtitles-lib subtitles-lib 9/17/17
Malicious Package in test-module-a test-module-a 9/17/17
Malicious Package in tkinter tkinter 8/2/17
Silently Runs Cryptocoin Miner hooka-tools 10/24/17

Logic Issues (26)

Title Package Date Published
Improper Input Validation in insight-api insight-api 3/26/18
Improper minification of non-boolean comparisons in uglify-js uglify-js 8/24/15
Insecure Comparison secure-compare 10/24/15
Insecure Credential Comparison safe-compare 2/13/18
Insecure Credential Comparison in safe-compare safe-compare 4/17/18
Insufficient Error Handling http-proxy 4/11/17
Invalid input to route validation rules call 7/5/16
Out of Memory Crash in js-quantities js-quantities 8/2/17
Potentially loose security restrictions in hapi hapi 1/5/16
Privilege Escalation in cordova-plugin-inappbrowser cordova-plugin-inappbrowser 11/8/17
Protection Bypass in angular angular 1/23/17
Prototype Override Protection Bypass in qs qs 3/1/17
Prototype Pollution assign-deep 2/15/18
Prototype Pollution defaults-deep 2/15/18
Prototype Pollution merge-deep 2/15/18
Prototype Pollution mixin-deep 2/15/18
Prototype Pollution lodash 2/13/18
Prototype Pollution hoek 2/13/18
Prototype Pollution in deap deap 4/17/18
Prototype Pollution in merge-objects merge-objects 4/17/18
Prototype Pollution in merge-options merge-options 4/17/18
Prototype Pollution in merge-recursive merge-recursive 4/17/18
Prototype pollution attack hoek 2/15/18
SSL Validation Defaults to False electron-packager 4/22/16
Validation Bypass in paypal-ipn paypal-ipn 12/2/14
Verification Bypass jsonwebtoken 3/31/15

Broken Access Control (20)

Title Package Date Published
API Admin Auth Weakness in tomato tomato 3/7/13
Access Restriction Bypass in npm npm 3/21/18
Authentication Bypass loopback 3/5/18
Authentication Bypass console-io 4/18/16
Authentication Bypass in Try Mode hapi-auth-jwt2 1/27/16
Authentication Bypass in crumb crumb 6/21/17
Authentication Bypass in ghost ghost 5/30/17
Authentication Bypass in jsjws jsjws 10/20/16
Authentication Bypass in keycloak-auth-utils keycloak-auth-utils 1/31/18
Authentication Weakness keystone 12/4/15
Authentication bypass passport-azure-ad 12/5/16
Authentication bypass via incorrect XML canonicalization and DOM traversal saml2-js 2/27/18
Authentication credentails logged in clear text grunt-gh-pages 3/16/16
Authorization Bypass in cordova-ios cordova-ios 6/21/17
Identity Spoofing libp2p-secio 1/15/18
Mishandled Logout Function in generator-jhipster generator-jhipster 3/28/17
Privilege Escalation in auth0-js auth0-js 12/7/17
Spoofing attack due to unvalidated KDC node-krb5 8/4/16
Unauthorized SSL Connection due to lack of cert authentication in mysql mysql 1/4/17
User Impersonation in passport-wsfed-saml2 passport-wsfed-saml2 1/3/18

Security Misconfiguration (8)

Title Package Date Published
Broken CORS in sails sails 10/19/16
Incorrect handling of CORS preflight request headers hapi 10/20/15
Insecure Default Configuration airbrake 3/28/16
Insecure Defaults Allow MITM Over TLS engine.io-client 4/26/16
Insecure Defaults Leads to Potential MITM ezseed-transmission 7/29/16
Insecure Defaults in cordova-plugin-file-transfer cordova-plugin-file-transfer 11/8/17
Insecure Defaults in dompurify dompurify 4/24/17
Insecure Defaults in faye faye 3/28/17

Cross-Site Request Forgery (CSRF) (8)

Title Package Date Published
Cross-Site Request Forgery (CSRF) in eslint_d eslint_d 5/8/17
Cross-Site Request Forgery (CSRF) in keystone keystone 12/25/17
Cross-Site Request Forgery in jquery-ujs jquery-ujs 6/23/15
Cross-site Request Forgery (CSRF) auth0-js 3/7/18
Cross-site Request Forgery (CSRF) pym.js 2/20/18
Cross-site Request Forgery (CSRF) in auth0-lock auth0-lock 4/9/18
No CSRF Validation droppy 3/28/16
Non-Constant Time String Comparison in csrf-lite csrf-lite 6/21/16