Vulnerability DB

Detailed information and remediation guidance for known vulnerabilities.
Find out if you have vulnerabilities that put you at risk Test your code
Vulnerability Affects Type Published
  • M
Arbitrary Command Execution
@knutkirkhorn/free-space <1.3.0 npm 18 Sep, 2020
  • M
Command Injection
node-idevice * npm 17 Sep, 2020
  • H
Remote Code Execution (RCE)
heroku-exec-util * npm 16 Sep, 2020
  • H
Improper Authentication
authmagic-timerange-stateless-core * npm 16 Sep, 2020
  • H
Regular Expression Denial of Service (ReDoS)
ua-parser-js <0.7.22 npm 16 Sep, 2020
  • H
Command Injection
alfred-workflow-nodejs * npm 15 Sep, 2020
  • H
Malicious Package
nagibabel * npm 15 Sep, 2020
  • M
Information Exposure
renovate >=19.180.0 <23.25.1 npm 15 Sep, 2020
  • L
Cross-site Scripting (XSS)
flsaba * npm 14 Sep, 2020
  • H
Prototype pollution
keyd * npm 14 Sep, 2020
  • H
Prototype pollution
objtools * npm 14 Sep, 2020
  • H
Remote Code Execution (RCE)
notevil * npm 14 Sep, 2020
  • M
Denial of Service (DoS)
passport-azure-ad <4.3.0 npm 14 Sep, 2020
  • M
Cross-site Scripting (XSS)
trezor-connect <8.1.12 npm 13 Sep, 2020
  • H
Cross-site Scripting (XSS)
joplin <1.1.1 npm 13 Sep, 2020
  • M
Denial of Service
node-fetch <2.6.1,>=3.0.0-beta.1 <3.0.0-beta.9 npm 11 Sep, 2020
  • M
Prototype Pollution
json-logic-js * npm 11 Sep, 2020
  • H
Denial of Service (DoS)
bcoin >=1.0.0-pre <1.0.2 npm 11 Sep, 2020
  • M
Cross-site Scripting (XSS)
zulip <5.4.3 npm 11 Sep, 2020
  • M
Improper Input Validation
personnummer <3.1.0 npm 10 Sep, 2020
  • M
Denial of Service (DoS)
hermes-engine <0.7.0 npm 10 Sep, 2020
  • M
Out-of-Bounds
hermes-engine <0.7.0 npm 10 Sep, 2020
  • M
Denial of Service (DoS)
hermes-engine <0.7.0 npm 10 Sep, 2020
  • M
Authentication Bypass
node-lemonldap-ng-handler <0.5.2 npm 10 Sep, 2020
  • M
Cross-site Scripting (XSS)
bitcore-node <8.22.2 npm 10 Sep, 2020
  • M
Improper Authorization
parse-server * npm 10 Sep, 2020
  • H
Arbitrary Code Execution
sanitize-html <2.0.0-beta npm 07 Sep, 2020
  • H
Server-side Request Forgery (SSRF)
@uppy/companion <1.9.3 npm 06 Sep, 2020
  • H
Prototype Pollution
extend-merge <1.0.6 npm 06 Sep, 2020
  • H
Directory Traversal
static-server-gx * npm 03 Sep, 2020