Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • M
Command Injection
ng-packagr <10.1.1 npm 25 Sep, 2020
  • M
Remote Code Execution (RCE)
gity * npm 25 Sep, 2020
  • H
Cross-site Scripting (XSS)
snekserve * npm 25 Sep, 2020
  • M
Remote Code Execution (RCE)
git-lib * npm 25 Sep, 2020
  • H
Arbitrary File Read
hnzserver * npm 25 Sep, 2020
  • H
Arbitrary File Read
http_server * npm 25 Sep, 2020
  • M
Cross-site Scripting (XSS)
joplin <1.1.4 npm 25 Sep, 2020
  • M
Remote Code Execution (RCE)
commit-msg * npm 25 Sep, 2020
  • H
Cross-site Scripting (XSS)
react-native-webview * npm 23 Sep, 2020
  • M
Arbitrary Command Execution
@knutkirkhorn/free-space <1.3.0 npm 18 Sep, 2020
  • M
Command Injection
node-idevice * npm 17 Sep, 2020
  • H
Remote Code Execution (RCE)
heroku-exec-util * npm 16 Sep, 2020
  • H
Improper Authentication
authmagic-timerange-stateless-core * npm 16 Sep, 2020
  • H
Regular Expression Denial of Service (ReDoS)
ua-parser-js <0.7.22 npm 16 Sep, 2020
  • H
Command Injection
alfred-workflow-nodejs * npm 15 Sep, 2020
  • H
Malicious Package
nagibabel * npm 15 Sep, 2020
  • M
Information Exposure
renovate >=19.180.0 <23.25.1 npm 15 Sep, 2020
  • L
Cross-site Scripting (XSS)
flsaba * npm 14 Sep, 2020
  • H
Prototype pollution
keyd * npm 14 Sep, 2020
  • H
Prototype pollution
objtools * npm 14 Sep, 2020
  • H
Remote Code Execution (RCE)
notevil * npm 14 Sep, 2020
  • M
Denial of Service (DoS)
passport-azure-ad <4.3.0 npm 14 Sep, 2020
  • M
Cross-site Scripting (XSS)
trezor-connect <8.1.12 npm 13 Sep, 2020
  • H
Cross-site Scripting (XSS)
joplin <1.1.1 npm 13 Sep, 2020
  • M
Denial of Service
node-fetch <2.6.1,>=3.0.0-beta.1 <3.0.0-beta.9 npm 11 Sep, 2020
  • M
Prototype Pollution
json-logic-js * npm 11 Sep, 2020
  • H
Denial of Service (DoS)
bcoin >=1.0.0-pre <1.0.2 npm 11 Sep, 2020
  • M
Cross-site Scripting (XSS)
zulip <5.4.3 npm 11 Sep, 2020
  • M
Improper Input Validation
personnummer <3.1.0 npm 10 Sep, 2020
  • M
Denial of Service (DoS)
hermes-engine <0.7.0 npm 10 Sep, 2020