Security Analysis for:
https://nitropack.io/

Snyk’s security scan found the following vulnerabilities affecting your website. Ready to fix your vulnerabilities? Automatically find, fix, and monitor vulnerabilities for free with Snyk.


Fix for free

Full report

See on WebPageTest

Scan time

8/27/2021
12:22:07 PM

Webpage Security Score

E

A+ is the best score you can get.
Learn more about this score.
Fix JavaScript vulnerabilities in your project with Snyk (or try the free & open source CLI) Test and protect my website

JavaScript Libraries with vulnerabilities

Great job! No known versions of vulnerable JavaScript libraries were detected in this website.


Monitor my web application's project dependencies

Security headers

HTTP security headers enable better browser security policies.


Successfully detected the following security headers:
Recently-discovered vulnerabilities on the Snyk database:

Date disclosed Vulnerable library Vulnerable version detected Vulnerability
2020/06/11
  • H
angular
<1.8.0 Cross-site Scripting (XSS)
2020/06/07
  • M
angular
<1.8.0 Cross-site Scripting (XSS)
2020/05/19
  • M
jquery
<1.9.0 Cross-site Scripting (XSS)
2020/05/11
  • M
buefy
<0.8.18 Cross-site Scripting (XSS)
2020/04/29
  • M
jquery
>=1.2.0 <3.5.0 Cross-site Scripting (XSS)
2020/04/28
  • M
lodash
<4.17.16 Prototype Pollution
2020/04/13
  • M
jquery
>=1.0.3 <3.5.0 Cross-site Scripting (XSS)
2019/07/02
  • H
lodash
<4.17.12 Prototype Pollution
2019/02/15
  • H
lodash
<3.4.1,>=4.0.0 <4.3.1 Cross-site Scripting (XSS)

New vulnerabilities are continuously found for jQuery, lodash, Angular and other libraries.
Monitor these libraries to protect your web application.

Stay up to date on CVEs by connecting your project to Snyk to receive automated notifications & fixes.
The following security headers are missing from the website:
low severity

X Content Type Options

The only defined value, "nosniff", prevents Internet Explorer from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions

medium severity

X Frame Options

Clickjacking protection: deny - no rendering within a frame, sameorigin - no rendering if origin mismatch, allow-from - allow from specified location, allowall - non-standard, allow from any location

high severity

Content Security Policy

A computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context

low severity

X XSS Protection

A Cross-site scripting filter