Vulnerability Vulnerable versions Snyk patch Published
  • M
Regular Expression Denial of Service (ReDoS)
>1.7.0 Not available 21 Apr, 2022
  • H
Cross-site Scripting (XSS)
<1.8.0 Not available 11 Jun, 2020
  • M
Cross-site Scripting (XSS)
<1.8.0 Not available 07 Jun, 2020
  • H
Prototype Pollution
>=1.4.0-beta.6 <1.7.9 Not available 19 Nov, 2019
  • M
Denial of Service (DoS)
<1.6.3 Not available 04 Oct, 2019
  • M
Cross-site Scripting (XSS)
<1.6.5 Not available 04 Oct, 2019
  • M
Cross-site Scripting (XSS)
<1.6.0-rc.0 Not available 04 Oct, 2019
  • M
Cross-site Scripting (XSS)
<1.6.9 Not available 19 Feb, 2018
  • M
Cross-site Scripting (XSS)
<1.6.7 Not available 25 Dec, 2017
  • M
JSONP Callback Attack
<1.6.1 Not available 13 Feb, 2017
  • M
Content Security Policy (CSP) Bypass
>=1.5.0 <1.5.9 Not available 23 Jan, 2017
  • M
Arbitrary Script Injection
>=1.0.0 <1.2.30 Not available 23 Jan, 2017
  • M
Cross-site Scripting (XSS)
>=1.3.0 <1.5.0-rc.2 Not available 23 Jan, 2017
  • M
Cross-site Scripting (XSS)
<1.5.0-rc.0 Not available 23 Jan, 2017
  • M
Cross-site Scripting (XSS)
<1.4.10 Not available 23 Jan, 2017
  • H
Cross-site Scripting (XSS)
<1.5.0-beta.2 Not available 23 Jan, 2017
  • M
Clickjacking
>=1.3.1 <1.5.0-beta.0 Not available 23 Jan, 2017
  • H
Cross-site Scripting (XSS)
>=1.0.0 <1.5.0-beta.0 Not available 23 Jan, 2017
  • H
Arbitrary Code Execution
<1.4.0-beta.6 Not available 23 Jan, 2017
  • M
Arbitrary Command Execution
<1.3.2 Not available 23 Jan, 2017
  • H
Unsafe Object Deserialization
>=1.2.19 <1.2.27 Not available 23 Jan, 2017
  • M
Cross-site Scripting (XSS)
<1.3.0-rc.5 Not available 23 Jan, 2017
  • L
Arbitrary Code Execution
<1.3.0 Not available 23 Jan, 2017
  • H
Protection Bypass
<1.2.2 Not available 23 Jan, 2017
  • H
Arbitrary Script Injection
<1.1.5 Not available 23 Jan, 2017
  • M
Cross-site Scripting (XSS)
>=1.0.0 <1.2.0 Not available 23 Jan, 2017
  • M
Cross-site Scripting (XSS)
<1.2.0 Not available 23 Jan, 2017