Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-92pp-h63x-v22m
  • npm/@hono/node-server
 @hono/node-server: Middleware bypass via repeated slashes in serveStatic 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-g4v2-qx3q-4p64
  • npm/parse-server
 Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields` 2 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mmpq-5hcv-hf2v
  • npm/parse-server
 Parse Server has a login timing side-channel reveals user existence 2 days ago
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-fcm4-4pj2-m5hf
  • npm/@budibase/server
 Budibase: Unauthenticated Remote Code Execution via Webhook Trigger and Bash Automation Step 6 days ago
  • Fix available
  • Severity - 9.0 (Critical)
GHSA-2wfh-rcwf-wh23
  • npm/@budibase/server
 Budibase: Path traversal in plugin file upload enables arbitrary directory deletion and file write 6 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-vr5f-2r24-w5hc
  • npm/parse-server
 Parse Server: File upload Content-Type override via extension mismatch 6 days ago
  • Fix available
  • Severity - 2.1 (Low)
GHSA-gjw9-34gf-rp6m
  • npm/@budibase/server
 Budibase: Command Injection in Bash Automation Step 6 days ago
  • Fix available
  • Severity - 8.7 (High)
GHSA-cxj8-ggf2-p57c
  • npm/signalk-server
 Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow 6 days ago
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-gfmv-vh34-h2x5
  • npm/signalk-server
 Signal K Server: Unauthenticated Source Priorities Manipulation 6 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-x8hc-fqv3-7gwf
  • npm/signalk-server
 Signal K Server: Privilege Escalation by Admin Role Injection via /enableSecurity 6 days ago
  • Fix available
  • Severity - 9.4 (Critical)
MAL-2026-2483
  • npm/strapi-plugin-server
 Malicious code in strapi-plugin-server (npm) 6 days ago
  • No fix available
GHSA-qh3j-mrg8-f234
  • npm/signalk-server
 Signal K Server: Arbitrary Prototype Read via `from` Field Bypass 03 Apr
  • Fix available
  • Severity - 2.1 (Low)
GHSA-hpm8-9qx6-jvwv
  • npm/parse-server
 Parser Server's streaming file download bypasses afterFind file trigger authorization 01 Apr
  • Fix available
  • Severity - 8.2 (High)
MAL-2026-2328
  • npm/mcp-server-todo
 Malicious code in mcp-server-todo (npm) 01 Apr
  • No fix available
GHSA-mmg8-87c5-jrc2
  • npm/parse-server
 Parse Server has a LiveQuery protected-field guard bypass via array-like logical operator value 01 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-f6j3-w9v3-cq22
  • npm/parse-server
 Parse Server has a session field immutability bypass via falsy-value guard 01 Apr
  • Fix available
  • Severity - 5.3 (Medium)
Load more...