|
Package | Vulnerability | Category |
|
hapi-auth-jwt2 | Authentication Bypass | ③ |
moment | Regular Expression Denial of Service | ④ |
i18n-node-angular | Denial of Service | ④ |
i18n-node-angular | Content Injection | ① |
hawk | Regular Expression Denial of Service | ④ |
is-my-json-valid | Regular Expression Denial of Service | ④ |
mqtt-packet | Denial of Service | ④ |
mapbox.js | Content Injection | ① |
jshamcrest | Regular Expression Denial of Service | ④ |
jadedown | Regular Expression Denial of Service | ④ |
bittorrent-dht | Remote Memory Disclosure | ⑤ |
ws | Remote Memory Disclosure | ③ |
mysql | SQL Injection | ① |
hapi | Route level CORS config | ② |
ecstatic | Denial of Service | ⑤ |
hapi | Denial of Service | ① |
mustache | Content Injection | ① |
handlebars | Content Injection | ① |
keystone | Authentication Weakness | ③ |
milliseconds | Regular Expression Denial of Service | ④ |
tar | Symlink Arbitrary File Overwrite | ⑤ |
send | Root Path Disclosure | ① |
gm | Command Injection | ① |
ansi2html | Regular Expression Denial of Service | ④ |
uglify-js | Regular Expression Denial of Service | ④ |
secure-compare | Insecure Comparison | ② |
mapbox.js | Content Injection via TileJSON attribute | ① |
bleach | Regular Expression Denial of Service | ④ |
ms | Regular Expression Denial of Service | ④ |
hapi | Incorrect handling of CORS preflight request headers | ③ |
ldapauth | LDAP Injection | ① |
datatables | Cross-Site Scripting | ③ |
ldapauth-fork | LDAP Injection | ① |
ulgify-js | Incorrect non-boolean comparisons | ② |
ungit | Command injection | ① |
geddy | Directory traversal | ① |
semver | Regular Expression Denial of Service | ④ |
jsonwebtoken | Verification Bypass | ② |
marked | Regular Expression Denial of Service | ④ |
marked | VBScript Content Injection | ① |
sequelize | SQL Injection in Order | ① |
serve-static | Open Redirect | ① |
serve-index | XSS | ③ |
inert | Hidden Directories Always Served | ① |
fancy-server | Directory Traversal | ① |
dns-sync | Command Injection | ① |
bassmaster | JavaScript Execution in Bassmaster | ① |
crumb | CORS Token Disclosure | ① |
express | No Charset In Content-Type Header | ③ |
hapi | File Descriptor Leak Can Cause DoS Vulnerability | ④ |
hapi | Rosetta-flash Jsonp Vulnerability | ③ |
libyaml | Heap-based Buffer Overflow When Parsing YAML Tags | ⑤ |
marked | Multiple Content Injection Vulnerabilities | ① |
nhouston | Directory Traversal | ① |
paypal-ipn | Validation Bypass | ② |
printer | Potential Command Injection on Untrusted Input | ① |
qs | Denial-of-Service Extended Event Loop Blocking | ④ |
qs | Denial-of-Service Memory Exhaustion | ④ |
remarkable | Content Injection | ③ |
send | Directory Traversal | ① |
st | Directory Traversal | ① |
syntax-error | Potential For Script Injection | ① |
validator | isURL Regular Expression Denial of Service | ④ |
validator | XSS Filter Bypass via Encoded URL | ③ |
yar | Denial-of-Service | ④ |
js-yaml | Deserialization Code Execution | ② |
hubot-scripts | Scripts Potential Command Injection in Email.coffee | ① |
tomato | API Admin Auth Weakness | ② |
codem-transcode | Potential Command Injection in Ffprobe Functionality | ① |
ep_imageconvert | Unauthenticated Remote Command Injection | ① |
libnotify | Command Injection in Libnotify.notify | ① |
connect | Middleware Reflected Cross-Site Scripting | ③ |
validator | XSS Filter Bypasses | ③ |
|