|
| Package | Vulnerability | Category |
|
| hapi-auth-jwt2 | Authentication Bypass | ③ |
| moment | Regular Expression Denial of Service | ④ |
| i18n-node-angular | Denial of Service | ④ |
| i18n-node-angular | Content Injection | ① |
| hawk | Regular Expression Denial of Service | ④ |
| is-my-json-valid | Regular Expression Denial of Service | ④ |
| mqtt-packet | Denial of Service | ④ |
| mapbox.js | Content Injection | ① |
| jshamcrest | Regular Expression Denial of Service | ④ |
| jadedown | Regular Expression Denial of Service | ④ |
| bittorrent-dht | Remote Memory Disclosure | ⑤ |
| ws | Remote Memory Disclosure | ③ |
| mysql | SQL Injection | ① |
| hapi | Route level CORS config | ② |
| ecstatic | Denial of Service | ⑤ |
| hapi | Denial of Service | ① |
| mustache | Content Injection | ① |
| handlebars | Content Injection | ① |
| keystone | Authentication Weakness | ③ |
| milliseconds | Regular Expression Denial of Service | ④ |
| tar | Symlink Arbitrary File Overwrite | ⑤ |
| send | Root Path Disclosure | ① |
| gm | Command Injection | ① |
| ansi2html | Regular Expression Denial of Service | ④ |
| uglify-js | Regular Expression Denial of Service | ④ |
| secure-compare | Insecure Comparison | ② |
| mapbox.js | Content Injection via TileJSON attribute | ① |
| bleach | Regular Expression Denial of Service | ④ |
| ms | Regular Expression Denial of Service | ④ |
| hapi | Incorrect handling of CORS preflight request headers | ③ |
| ldapauth | LDAP Injection | ① |
| datatables | Cross-Site Scripting | ③ |
| ldapauth-fork | LDAP Injection | ① |
| ulgify-js | Incorrect non-boolean comparisons | ② |
| ungit | Command injection | ① |
| geddy | Directory traversal | ① |
| semver | Regular Expression Denial of Service | ④ |
| jsonwebtoken | Verification Bypass | ② |
| marked | Regular Expression Denial of Service | ④ |
| marked | VBScript Content Injection | ① |
| sequelize | SQL Injection in Order | ① |
| serve-static | Open Redirect | ① |
| serve-index | XSS | ③ |
| inert | Hidden Directories Always Served | ① |
| fancy-server | Directory Traversal | ① |
| dns-sync | Command Injection | ① |
| bassmaster | JavaScript Execution in Bassmaster | ① |
| crumb | CORS Token Disclosure | ① |
| express | No Charset In Content-Type Header | ③ |
| hapi | File Descriptor Leak Can Cause DoS Vulnerability | ④ |
| hapi | Rosetta-flash Jsonp Vulnerability | ③ |
| libyaml | Heap-based Buffer Overflow When Parsing YAML Tags | ⑤ |
| marked | Multiple Content Injection Vulnerabilities | ① |
| nhouston | Directory Traversal | ① |
| paypal-ipn | Validation Bypass | ② |
| printer | Potential Command Injection on Untrusted Input | ① |
| qs | Denial-of-Service Extended Event Loop Blocking | ④ |
| qs | Denial-of-Service Memory Exhaustion | ④ |
| remarkable | Content Injection | ③ |
| send | Directory Traversal | ① |
| st | Directory Traversal | ① |
| syntax-error | Potential For Script Injection | ① |
| validator | isURL Regular Expression Denial of Service | ④ |
| validator | XSS Filter Bypass via Encoded URL | ③ |
| yar | Denial-of-Service | ④ |
| js-yaml | Deserialization Code Execution | ② |
| hubot-scripts | Scripts Potential Command Injection in Email.coffee | ① |
| tomato | API Admin Auth Weakness | ② |
| codem-transcode | Potential Command Injection in Ffprobe Functionality | ① |
| ep_imageconvert | Unauthenticated Remote Command Injection | ① |
| libnotify | Command Injection in Libnotify.notify | ① |
| connect | Middleware Reflected Cross-Site Scripting | ③ |
| validator | XSS Filter Bypasses | ③ |
|
