Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Show:
Report a new vulnerability
Vulnerability Affects Type Published
  • H
Directory Traversal 		total.js * npm 20 Feb, 2019
  • M
Improper Access Control 		thrift >=0.9.2 <0.11.0 npm 17 Feb, 2019
  • M
Cross-site Scripting (XSS) 		bootstrap <3.4.1,>=4.0.0 <4.3.1 npm 15 Feb, 2019
  • H
Remote Code Execution (RCE) 		office-converter * npm 14 Feb, 2019
  • H
Arbitrary Code Execution 		static-eval <2.0.1 npm 14 Feb, 2019
  • H
Prototype Pollution 		handlebars <4.0.13 npm 14 Feb, 2019
  • H
Remote Code Execution (RCE) 		node-os-utils * npm 14 Feb, 2019
  • M
Denial of Service (DoS) 		url-relative * npm 14 Feb, 2019
  • L
Denial of Service (DoS) 		ircdkit * npm 13 Feb, 2019
  • H
Information Exposure 		pem <1.13.2 npm 13 Feb, 2019
  • H
Access Restriction Bypass 		browserify-hmr * npm 13 Feb, 2019
  • H
Malicious Package 		boogeyman * npm 13 Feb, 2019
  • M
Directory Traversal 		@vivaxy/here <3.2.2 npm 13 Feb, 2019
  • H
Improper Key Verification 		ipns >=0.1.1 <0.1.3 npm 13 Feb, 2019
  • M
Cross-site Scripting (XSS) 		mobius1-selectr >=2.0.0 npm 12 Feb, 2019
  • M
Cross-site Scripting (XSS) 		node-red-dashboard <=2.13.2 npm 11 Feb, 2019
  • H
Malicious Package 		stream-combine =2.0.2 npm 10 Feb, 2019
  • M
Regular Expression Denial of Service (ReDoS) 		lodash <4.17.11 npm 03 Feb, 2019
  • H
Directory Traversal 		static-resource-server * npm 01 Feb, 2019
  • L
Prototype Pollution 		node.extend <1.1.7,>=2.0.0 <2.0.1 npm 01 Feb, 2019
  • L
Prototype Pollution 		lodash <4.17.11 npm 01 Feb, 2019
  • M
Cross-site Scripting (XSS) 		html-pages * npm 01 Feb, 2019
  • M
Regular Expression Denial of Service (ReDoS) 		marked >=0.5.0 <0.6.1 npm 30 Jan, 2019
  • M
Regular Expression Denial of Service (ReDoS) 		remove-markdown * npm 29 Jan, 2019
  • M
Cross-site Scripting (XSS) 		angucomplete-alt * npm 25 Jan, 2019
  • H
Arbitrary File Write via Archive Extraction (Zip Slip) 		bower <1.8.8 npm 25 Jan, 2019
  • H
Arbitrary File Write via Archive Extraction (Zip Slip) 		decompress-zip <0.2.2,>=0.3.0 <0.3.2 npm 24 Jan, 2019
  • M
Server-Side Request Forgery (SSRF) 		terriajs-server <2.7.4 npm 20 Jan, 2019
  • H
SQL Injection 		loopback-connector-mongodb <3.6.0 npm 20 Jan, 2019
  • H
Improper Authorization 		loopback >=2.0.0 <2.40.0,>=3.0.0 <3.22.0 npm 20 Jan, 2019
Subscribe to RSS feed