Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-9qh2-6fxg-9m4g
  • npm/opencc
Out of bounds read in OpenCC
  • See details.
2022-09-30T13:10:06Z No fix available
GHSA-mc23-976p-j42x
  • npm/xterm
  • npm/xterm
  • npm/xterm
Low severity vulnerability that affects xterm
  • See details.
2022-09-30T08:12:50Z Fix available
GHSA-4rxr-27mm-mxq9
  • npm/@next-auth/upstash-redis-adapter
Upstash Adapter missing token verification
  • See details.
2022-09-30T05:31:32Z Fix available
GHSA-4phg-hpqm-c3j4
  • npm/strapi
  • npm/@strapi/strapi
Strapi mishandles hidden attributes within admin API responses
  • See details.
2022-09-30T05:17:55Z Fix available
GHSA-grjp-4jmr-mjcw
  • npm/express-xss-sanitizer
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
  • See details.
2022-09-30T04:42:55Z Fix available
GHSA-cf4h-3jhx-xvhq
  • npm/underscore
Arbitrary Code Execution in underscore
  • See details.
2022-09-30T02:23:38Z Fix available
GHSA-r48r-j8fx-mq2c
  • npm/matrix-js-sdk
matrix-js-sdk subject to user spoofing via Olm/Megolm protocol confusion
  • See details.
2022-09-30T00:41:24Z Fix available
GHSA-6263-x97c-c4gg
  • npm/matrix-js-sdk
matrix-js-sdk subject to impersonated messages due to permissive key forwarding
  • See details.
2022-09-30T00:40:35Z Fix available
GHSA-hvv8-5v86-r45x
  • npm/matrix-js-sdk
Improper beacon events in matrix-js-sdk can result in availability issues
  • See details.
2022-09-29T14:36:38Z Fix available
GHSA-c429-5p7v-vgjp
  • npm/@hapi/hoek
  • npm/@hapi/hoek
hoek subject to prototype pollution via the clone function.
  • See details.
2022-09-29T14:13:31Z Fix available
GHSA-36jr-mh4h-2g58
  • npm/d3-color
d3-color vulnerable to ReDoS
  • See details.
2022-09-29T14:12:55Z Fix available
GHSA-q3f4-9h4p-vgr3
  • npm/@lionello/secp256k1-js
secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
  • See details.
2022-09-29T10:09:03Z Fix available
GHSA-mrgp-mrhc-5jrq
  • npm/vm2
vm2 vulnerable to Sandbox Escape resulting in Remote Code Execution on host
  • See details.
2022-09-28T13:09:01Z Fix available
GHSA-9jjv-524m-jm98
  • npm/@netlify/ipx
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation
  • See details.
2022-09-28T03:32:53Z Fix available
GHSA-42hx-vrxx-5r6v
  • npm/jodit
Jodit Editor vulnerable to Cross-site Scripting
  • See details.
2022-09-27T22:48:53Z No fix available
GHSA-vv7x-7w4m-q72f
  • npm/fhir-works-on-aws-authz-smart
fhir-works-on-aws-authz-smart handles permissions improperly
  • See details.
2022-09-27T06:12:12Z Fix available