Remote Code Execution (RCE)
|
office-converter
*
|
npm
|
14 Feb, 2019
|
Arbitrary Code Execution
|
static-eval
*
|
npm
|
14 Feb, 2019
|
Prototype Pollution
|
handlebars
<4.0.13
|
npm
|
14 Feb, 2019
|
Remote Code Execution (RCE)
|
node-os-utils
*
|
npm
|
14 Feb, 2019
|
Denial of Service (DoS)
|
url-relative
*
|
npm
|
14 Feb, 2019
|
Denial of Service (DoS)
|
ircdkit
*
|
npm
|
13 Feb, 2019
|
Information Exposure
|
pem
<1.13.2
|
npm
|
13 Feb, 2019
|
Access Restriction Bypass
|
browserify-hmr
*
|
npm
|
13 Feb, 2019
|
Malicious Package
|
boogeyman
*
|
npm
|
13 Feb, 2019
|
Directory Traversal
|
@vivaxy/here
<3.2.2
|
npm
|
13 Feb, 2019
|
Improper Key Verification
|
ipns
>=0.1.1 <0.1.3
|
npm
|
13 Feb, 2019
|
Cross-site Scripting (XSS)
|
node-red-dashboard
<=2.13.2
|
npm
|
11 Feb, 2019
|
Malicious Package
|
stream-combine
=2.0.2
|
npm
|
10 Feb, 2019
|
Regular Expression Denial of Service (ReDoS)
|
lodash
<4.17.11
|
npm
|
03 Feb, 2019
|
Directory Traversal
|
static-resource-server
*
|
npm
|
01 Feb, 2019
|
Prototype Pollution
|
node.extend
<1.1.7,>=2.0.0 <2.0.1
|
npm
|
01 Feb, 2019
|
Prototype Pollution
|
lodash
<4.17.11
|
npm
|
01 Feb, 2019
|
Cross-site Scripting (XSS)
|
html-pages
*
|
npm
|
01 Feb, 2019
|
Regular Expression Denial of Service (ReDoS)
|
marked
>=0.5.0
|
npm
|
30 Jan, 2019
|
Regular Expression Denial of Service (ReDoS)
|
remove-markdown
*
|
npm
|
29 Jan, 2019
|
Cross-site Scripting (XSS)
|
angucomplete-alt
*
|
npm
|
25 Jan, 2019
|
Arbitrary File Write via Archive Extraction (Zip Slip)
|
bower
<1.8.8
|
npm
|
25 Jan, 2019
|
Arbitrary File Write via Archive Extraction (Zip Slip)
|
decompress-zip
<0.2.2,>=0.3.0 <0.3.2
|
npm
|
24 Jan, 2019
|
Server-Side Request Forgery (SSRF)
|
terriajs-server
<2.7.4
|
npm
|
20 Jan, 2019
|
SQL Injection
|
loopback-connector-mongodb
<3.6.0
|
npm
|
20 Jan, 2019
|
Improper Authorization
|
loopback
>=2.0.0 <2.40.0,>=3.0.0 <3.22.0
|
npm
|
20 Jan, 2019
|
Cross-site Scripting (XSS)
|
jquery.terminal
<1.21.0
|
npm
|
20 Jan, 2019
|
Cross-site Scripting (XSS)
|
bootstrap-vue
*
|
npm
|
20 Jan, 2019
|
Directory Traversal
|
http-live-simulator
<1.0.7
|
npm
|
20 Jan, 2019
|
Malicious Package
|
portionfatty12
*
|
npm
|
15 Jan, 2019
|