Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • H
Malicious Package
only-test-not-install * npm 15 Jul, 2019
  • H
Malicious Package
qingting * npm 15 Jul, 2019
  • H
Malicious Package
retcodelog * npm 15 Jul, 2019
  • H
Malicious Package
river-mock * npm 15 Jul, 2019
  • H
Malicious Package
secure_identity_login_module * npm 15 Jul, 2019
  • H
Malicious Package
tiar * npm 15 Jul, 2019
  • M
Directory Traversal
zero <1.0.6 npm 15 Jul, 2019
  • M
Cross-site Scripting (XSS)
jquery.json-viewer <1.3.0 npm 15 Jul, 2019
  • M
Man-in-the-Middle (MitM)
yarn <1.17.3 npm 15 Jul, 2019
  • H
Path Traversal
http-file-server * npm 10 Jul, 2019
  • M
Reverse Tabnabbing
quill * npm 08 Jul, 2019
  • H
Cross-site Scripting (XSS)
eco * npm 08 Jul, 2019
  • M
Information Exposure
kibana >=5.0.0 <5.0.2 npm 05 Jul, 2019
  • M
Cross-site Request Forgery (CSRF)
kibana <4.1.3,>=4.2.0 <4.2.1 npm 05 Jul, 2019
  • M
Cross-site Scripting (XSS)
oidc-provider <6.0.3 npm 05 Jul, 2019
  • M
Cross-site Scripting (XSS)
kibana >=4.1.0 <4.1.11,>=4.5.0 <4.5.4 npm 04 Jul, 2019
  • M
Regular Expression Denial of Service (ReDoS)
marked <0.4.0 npm 04 Jul, 2019
  • M
Arbitrary Code Execution
domokeeper * npm 04 Jul, 2019
  • M
Cross-site Scripting (XSS)
mathjax <2.7.4 npm 04 Jul, 2019
  • M
Cross-site Scripting (XSS)
kibana >=4.3.0 <4.6.2 npm 03 Jul, 2019
  • M
Open Redirect
kibana <4.6.2,>=5.0.0 <5.0.1 npm 03 Jul, 2019
  • H
Prototype Pollution
lodash <4.17.12 npm 02 Jul, 2019
  • M
Regular Expression Denial of Service (ReDoS)
marked >=0.4.0 <0.7.0 npm 02 Jul, 2019
  • H
Cross-site Scripting (XSS)
mxgraph <4.0.0 npm 01 Jul, 2019
  • M
Cross-site Scripting (XSS)
takeapeek * npm 01 Jul, 2019
  • M
Open Redirect
apostrophe <2.92.0 npm 27 Jun, 2019
  • H
Arbitrary Code Execution
require-node >=1.0.0 <1.3.4,>2.0.0 <2.0.4 npm 27 Jun, 2019
  • H
Prototype Pollution
deeply <3.1.0 npm 26 Jun, 2019
  • M
Cross-site Scripting (XSS)
graylog-web-interface <2.4.6 npm 26 Jun, 2019
  • H
Malicious Package
rpc-websocket >=0.7.6 npm 26 Jun, 2019