pkg_name,vuln_name,vuln_level,vuln_versions,snyk_patch,publish_date
eslint,Regular Expression Denial of Service (ReDoS),L,>=1.4.0 <4.18.2,Not available,2018-03-22
mocha,Regular Expression Denial of Service (ReDoS),H,<6.0.0,Not available,2020-03-29
react,Cross-site Scripting (XSS),H,>=0.0.1 <0.14.0,Not available,2017-01-18
react,Cross-site Scripting (XSS),M,">=0.5.0 <0.5.2,>=0.4.0 <0.4.2",Not available,2017-01-18
lodash,Prototype Pollution,H,<4.17.17,Not available,2020-08-21
lodash,Prototype Pollution,H,<4.17.20,Not available,2020-08-16
lodash,Prototype Pollution,M,<4.17.16,Available,2020-04-28
lodash,Prototype Pollution,H,<4.17.12,Available,2019-07-02
lodash,Regular Expression Denial of Service (ReDoS),M,<4.17.11,Not available,2019-04-05
lodash,Prototype Pollution,H,<4.17.11,Not available,2019-02-01
lodash,Prototype Pollution,M,<4.17.5,Available,2018-02-14
react-dom,Cross-site Scripting (XSS),M,">=16.0.0 <16.0.1,>=16.1.0 <16.1.2,>=16.2.0 <16.2.1,>=16.3.0 <16.3.3,>=16.4.0 <16.4.2",Not available,2020-04-06
express,Cross-site Scripting (XSS),M,"<3.11.0,>=4.0.0 <4.5.0",Not available,2014-09-12
webpack-dev-server,Information Exposure,H,<3.1.11,Not available,2018-09-26
node-sass,Denial of Service (DoS),M,>=3.3.0 <4.13.1,Not available,2020-01-19
node-sass,Out-of-bounds Read,H,<3.6.0,Not available,2020-01-08
node-sass,Out-of-bounds Read,M,<3.6.3,Not available,2020-01-08
node-sass,Uncontrolled Recursion,H,<4.4.0,Not available,2020-01-08
node-sass,Out-of-bounds Read,H,<4.4.0,Not available,2020-01-08
node-sass,Uncontrolled Recursion,M,<3.6.1,Not available,2020-01-08
node-sass,Improper Input Validation,H,<4.4.0,Not available,2020-01-08
node-sass,Improper Input Validation,H,<4.4.0,Not available,2020-01-08
node-sass,Uncontrolled Recursion,H,<4.4.0,Not available,2020-01-08
node-sass,Out-of-bounds Read,H,<4.4.0,Not available,2020-01-08
node-sass,NULL Pointer Dereference,H,<3.6.0,Not available,2020-01-08
node-sass,Denial of Service (DoS),M,<3.6.0,Not available,2020-01-08
node-sass,Denial of Service (DoS),M,<3.6.0,Not available,2020-01-08
node-sass,Denial of Service (DoS),M,<4.11.0,Not available,2020-01-08
node-sass,Out-of-bounds Read,M,<4.3.0,Not available,2020-01-08
node-sass,Out-of-bounds Read,H,<4.4.0,Not available,2020-01-08
node-sass,Denial of Service (DoS),H,<4.4.0,Not available,2020-01-08
node-sass,Out-of-bounds Read,M,<3.6.0,Not available,2020-01-08
node-sass,NULL Pointer Dereference,M,<3.6.3,Not available,2020-01-08
node-sass,NULL Pointer Dereference,M,<3.6.0,Not available,2020-01-08
node-sass,Out-of-bounds Read,H,<3.6.0,Not available,2020-01-08
node-sass,Out-of-Bounds,M,<3.6.0,Not available,2020-01-08
node-sass,Use After Free,H,*,Not available,2020-01-08
node-sass,Out-of-bounds Read,M,*,Not available,2020-01-08
node-sass,NULL Pointer Dereference,H,<4.11.0,Not available,2019-11-25
node-sass,Resource Exhaustion,M,<4.11.0,Not available,2019-11-25
node-sass,Uncontrolled Recursion,H,<4.8.0,Not available,2019-11-25
node-sass,NULL Pointer Dereference,M,<3.5.5,Not available,2019-11-25
node-sass,Out-of-bounds Read,H,<4.11.0,Not available,2019-11-25
request,Remote Memory Exposure,M,>2.2.5 <2.68.0,Available,2016-03-22
vue,Cross-site Scripting (XSS),M,<2.5.17,Not available,2020-04-06
vue,Regular Expression Denial of Service (ReDoS),L,<2.5.14,Not available,2018-02-22
vue,Cross-site Scripting (XSS),M,<2.4.3,Not available,2017-12-25
vue,Cross-site Scripting (XSS),M,<2.3.0-beta.1,Not available,2017-12-25
axios,Server-Side Request Forgery (SSRF),M,*,Not available,2020-11-08
axios,Denial of Service (DoS),M,<0.18.1,Available,2019-04-24
moment,Regular Expression Denial of Service (ReDoS),L,<2.19.3,Available,2017-11-28
moment,Regular Expression Denial of Service (ReDoS),M,<2.15.2,Available,2016-10-24
moment,Regular Expression Denial of Service (ReDoS),M,<2.11.2,Available,2016-02-01
grunt,Arbitrary Code Execution,H,<1.3.0,Not available,2020-08-20
debug,Regular Expression Denial of Service (ReDoS),L,">=1.0.0 <2.6.9,>=3.0.0 <3.1.0",Available,2017-09-26
semver,Regular Expression Denial of Service (ReDoS),M,<4.3.2,Available,2015-04-03
uuid,Insecure Randomness,M,<1.3.1,Not available,2017-02-13
jquery,Cross-site Scripting (XSS),M,<1.9.0,Not available,2020-05-19
jquery,Cross-site Scripting (XSS),M,>=1.2.0 <3.5.0,Not available,2020-04-29
jquery,Cross-site Scripting (XSS),M,>=1.0.3 <3.5.0,Not available,2020-04-13
jquery,Prototype Pollution,M,<3.4.0,Not available,2019-03-27
jquery,Denial of Service (DoS),L,>=3.0.0-rc1 <3.0.0,Not available,2016-12-26
jquery,Cross-site Scripting (XSS),M,"<1.12.2,>=1.12.3 <2.2.2,>=2.2.3 <3.0.0",Not available,2016-11-27
jquery,Cross-site Scripting (XSS),M,<1.6.3,Not available,2016-10-20
jquery,Cross-site Scripting (XSS),M,>=1.7.1 <1.9.0,Not available,2016-10-20
jquery,Cross-site Scripting (XSS),M,>=1.4.2 <1.6.2,Not available,2016-10-20
minimist,Prototype Pollution,M,"<0.2.1,>=1.0.0 <1.2.3",Not available,2020-03-11
jasmine-core,Regular Expression Denial of Service (ReDoS),L,<3.1.0,Not available,2018-02-18
uglify-js,Regular Expression Denial of Service (ReDoS),M,<2.6.0,Available,2015-11-06
uglify-js,Improper minification of non-boolean comparisons,H,>=2.2.0 <2.4.24,Available,2015-08-24
semantic-release,Information Disclosure,H,<17.2.3,Not available,2020-11-19
node-fetch,Denial of Service,M,"<2.6.1,>=3.0.0-beta.1 <3.0.0-beta.9",Not available,2020-09-11
codecov,Command Injection,M,<3.7.1,Not available,2020-07-21
codecov,Command Injection,M,<3.6.5,Not available,2020-02-16
codecov,Command Injection,M,<3.6.2,Not available,2020-01-24
cheerio,Cross-site Scripting (XSS),M,<=0.8.3,Not available,2016-10-20
webpack-bundle-analyzer,Cross-site Scripting (XSS),M,<3.3.2,Not available,2019-04-15
js-yaml,Arbitrary Code Execution,H,<3.13.1,Not available,2019-04-07
js-yaml,Denial of Service (DoS),M,<1.5.0,Not available,2019-04-05
js-yaml,Denial of Service (DoS),M,>=3.0.0 <3.13.0,Not available,2019-03-24
js-yaml,Code Execution due to Deserialization,M,<2.0.5,Not available,2013-06-23
bootstrap,Cross-site Scripting (XSS),M,"<3.4.1,>=4.0.0 <4.3.1",Not available,2019-02-15
bootstrap,Cross-site Scripting (XSS),M,<3.4.0,Not available,2019-01-10
bootstrap,Cross-site Scripting (XSS),M,<3.4.0,Not available,2019-01-10
bootstrap,Cross-site Scripting (XSS),M,"<3.4.0,>=4.0.0 <4.1.2",Not available,2018-06-12
bootstrap,Cross-site Scripting (XSS),M,>=4.0.0 <4.1.2,Not available,2018-06-12
bootstrap,Cross-site Scripting (XSS),M,"<3.4.0,>=4.0.0-alpha <4.0.0-beta.2",Not available,2018-01-19
bootstrap,Cross-site Scripting (XSS),M,<2.1.0,Not available,2017-04-10
standard-version,Command Injection,H,<8.0.1,Not available,2020-07-12
handlebars,Prototype Pollution,M,<4.6.0,Not available,2020-04-28
handlebars,Prototype Pollution,H,">=4.0.0 <4.5.3,<3.0.8",Not available,2019-11-20
handlebars,Arbitrary Code Execution,H,">=4.0.0 <4.5.3,<3.0.8",Not available,2019-11-15
handlebars,Denial of Service (DoS),H,>=4.0.0 <4.4.5,Not available,2019-11-05
handlebars,Prototype Pollution,H,">=4.0.0 <4.3.0,<3.8.0",Not available,2019-09-25
handlebars,Prototype Pollution,H,">=3.0.0 <3.0.7,>=4.1.0 <4.1.2,>=4.0.0 <4.0.14",Not available,2019-04-14
handlebars,Prototype Pollution,H,"<4.0.14,>=4.1.0 <4.1.2",Not available,2019-02-14
handlebars,Cross-site Scripting (XSS),M,<4.0.0,Available,2015-12-14
handlebars,Cross-site Scripting (XSS),M,<=1.0.0-beta.3,Available,2015-11-06
ws,Denial of Service (DoS),H,"<1.1.5,>=2.0.0 <3.3.1",Not available,2017-11-09
ws,Insecure Randomness,M,<1.1.2,Available,2017-02-07
ws,Denial of Service (DoS),H,<1.1.1,Available,2016-06-26
ws,Remote Memory Exposure,M,< 1.0.1,Available,2016-01-05
stylelint,Regular Expression Denial of Service (ReDoS),M,<11.0.0,Not available,2019-08-25
ejs,Cross-site Scripting (XSS),M,<2.5.5,Not available,2016-12-06
ejs,Denial of Service (DoS),M,<2.5.5,Not available,2016-12-06
ejs,Arbitrary Code Execution,H,<2.5.3,Available,2016-11-28
mongoose,Information Exposure,M,"<4.13.21,>=5.0.0 <5.7.5",Not available,2019-10-10
mongoose,Denial of Service (DoS),H,>=4.0.0 <4.1.10,Not available,2016-12-13
mongoose,Remote Memory Exposure,M,">=3.5.5 <3.8.39,>=4.0.0 <4.3.6",Available,2016-01-23
jsonwebtoken,Authentication Bypass,H,<4.2.2,Available,2015-03-31
superagent,Information Exposure,M,<3.8.1,Not available,2018-07-31
superagent,Denial of Service (DoS),L,<3.7.0,Not available,2017-09-27
socket.io,Insecure Randomness,M,<0.9.7,Not available,2017-02-13
socket.io,Cross-site Scripting (XSS),M,<0.9.6,Not available,2017-02-13
marked,Regular Expression Denial of Service (ReDoS  ),M,<1.1.1,Not available,2020-07-27
marked,Regular Expression Denial of Service (ReDoS),M,<0.4.0,Not available,2019-07-04
marked,Regular Expression Denial of Service (ReDoS),M,>=0.4.0 <0.7.0,Not available,2019-07-02
marked,Regular Expression Denial of Service (ReDoS),M,>=0.1.3 <0.6.2,Not available,2019-04-07
marked,Regular Expression Denial of Service (ReDoS),M,>=0.5.0 <0.6.1,Not available,2019-01-30
marked,Regular Expression Denial of Service (ReDoS),H,<0.3.18,Not available,2018-02-27
marked,Cross-site Scripting (XSS),H,<0.3.9,Not available,2017-12-25
marked,Cross-site Scripting (XSS),M,<0.3.9,Not available,2017-12-25
marked,Regular Expression Denial of Service (ReDoS),H,<0.3.9,Available,2017-09-21
marked,Cross-site Scripting (XSS),H,<0.3.7,Available,2017-01-30
marked,Cross-site Scripting (XSS),H,>=0.3.1 <0.3.6,Available,2016-04-20
marked,VBScript Content Injection,M,<0.3.3,Available,2014-01-30
marked,Regular Expression Denial of Service (ReDoS),H,<0.3.4,Available,2014-01-30
marked,Multiple Content Injection Vulnerabilities,M,<=0.3.0,Not available,2014-01-30
mongodb,Denial of Service (DoS),H,<3.1.13,Not available,2019-10-18
puppeteer,Use After Free,H,<1.13.0,Not available,2019-03-31
qs,Prototype Override Protection Bypass,H,"<6.0.4,>=6.1.0 <6.1.2,>=6.2.0 <6.2.3,>=6.3.0 <6.3.2",Available,2017-03-01
qs,Denial of Service (DoS),M,<1.0.0,Available,2014-08-06
qs,Denial of Service (DoS),H,<1.0.0,Available,2014-08-06
morgan,Arbitrary Code Injection,M,<1.9.1,Not available,2018-11-12
react-dev-utils,Arbitrary Code Execution,H,">=1.0.0 <1.0.4,>=2.0.0 <2.0.2,>=3.0.0 <3.1.2,>=4.0.0 <4.2.2,>=5.0.0 <5.0.2",Not available,2019-01-02
highlight.js,Prototype Pollution,M,">=7.2.0 <9.18.2,>=10.0.0 <10.1.2",Not available,2020-11-25
mysql,Uninitialized Memory Exposure,L,<2.14.0,Not available,2017-08-08
mysql,Unauthorized SSL Connection due to lack of cert authentication,M,<2.3.0 >=2.0.0,Not available,2017-01-04
mysql,SQL Injection,H,>=2.0.0-alpha <2.0.0-alpha8,Not available,2016-01-05
ng-packagr,Command Injection,M,<10.1.1,Not available,2020-09-25
ajv,Prototype Pollution,H,<6.12.3,Not available,2020-07-16
open,Arbitrary Code Injection,H,<6.0.0,Not available,2019-03-31
open,Arbitrary Command Injection,H,<6.0.0,Not available,2018-05-13
mime,Regular Expression Denial of Service (ReDoS),L,"<1.4.1,>=2.0.0 <2.0.3",Available,2017-09-27
npm,Insertion of Sensitive Information into Log File,M,<6.14.6,Not available,2020-07-08
npm,Arbitrary File Write,H,<6.13.3,Not available,2019-12-12
npm,Unauthorized File Access,L,<6.13.3,Not available,2019-12-12
npm,Arbitrary File Overwrite,H,<6.13.4,Not available,2019-12-12
npm,Access Restriction Bypass,M,<5.7.1,Not available,2018-03-21
npm,Symlink attack due to predictable tmp folder names,M,<1.3.3,Not available,2017-02-13
npm,npm Token Leak,M,"<2.15.1,>=3.0.0 <3.8.4",Not available,2016-04-20
esm,Regular Expression Denial of Service (ReDoS),M,<3.1.0,Not available,2019-01-03
minimatch,Regular Expression Denial of Service (ReDoS),H,<3.0.2,Not available,2016-06-20
minimatch,Regular Expression Denial of Service (ReDoS),H,<3.0.2,Available,2016-06-20
pg,Arbitrary Code Execution,H,"<2.11.2,>=3.0.0 <3.6.4,>=4.0.0 <4.5.7,>=5.0.0 <5.2.1,>=6.0.0 <6.0.5,>=6.1.0 <6.1.6,>=6.2.0 <6.2.5,>=6.3.0 <6.3.3,>=6.4.0 <6.4.2,>=7.0.0 <7.0.2,>=7.1.0 <7.1.2",Not available,2017-08-13
extend,Prototype Pollution,H,"<2.0.2,>=3.0.0 <3.0.2",Available,2018-07-23
angular,Cross-site Scripting (XSS),H,<1.8.0,Not available,2020-06-11
angular,Cross-site Scripting (XSS),M,<1.8.0,Not available,2020-06-07
angular,Prototype Pollution,H,>=1.4.0-beta.6 <1.7.9,Not available,2019-11-19
angular,Denial of Service (DoS),M,<1.6.3,Not available,2019-10-04
angular,Cross-site Scripting (XSS),M,<1.6.5,Not available,2019-10-04
angular,Cross-site Scripting (XSS),M,<1.6.0-rc.0,Not available,2019-10-04
angular,Cross-site Scripting (XSS),M,<1.6.9,Not available,2018-02-19
angular,Cross-site Scripting (XSS),M,<1.6.7,Not available,2017-12-25
angular,JSONP Callback Attack,M,<1.6.1,Not available,2017-02-13
angular,Content Security Policy (CSP) Bypass,M,>=1.5.0 <1.5.9,Not available,2017-01-23
angular,Arbitrary Script Injection,M,>=1.0.0 <1.2.30,Not available,2017-01-23
angular,Cross-site Scripting (XSS),M,>=1.3.0 <1.5.0-rc.2,Not available,2017-01-23
angular,Cross-site Scripting (XSS),M,<1.5.0-rc.0,Not available,2017-01-23
angular,Cross-site Scripting (XSS),M,<1.4.10,Not available,2017-01-23
angular,Cross-site Scripting (XSS),H,<1.5.0-beta.2,Not available,2017-01-23
angular,Clickjacking,M,>=1.3.1 <1.5.0-beta.0,Not available,2017-01-23
angular,Cross-site Scripting (XSS),H,>=1.0.0 <1.5.0-beta.0,Not available,2017-01-23
angular,Arbitrary Code Execution,H,<1.4.0-beta.6,Not available,2017-01-23
angular,Arbitrary Command Execution,M,<1.3.2,Not available,2017-01-23
angular,Unsafe Object Deserialization,H,>=1.2.19 <1.2.24,Not available,2017-01-23
angular,Cross-site Scripting (XSS),M,<1.3.0-rc.4,Not available,2017-01-23
angular,Arbitrary Code Execution,L,<1.3.0,Not available,2017-01-23
angular,Protection Bypass,H,<1.2.2,Not available,2017-01-23
angular,Arbitrary Script Injection,H,<1.1.5,Not available,2017-01-23
angular,Cross-site Scripting (XSS),M,>=1.0.0 <1.2.0,Not available,2017-01-23
angular,Cross-site Scripting (XSS),M,<1.2.0,Not available,2017-01-23
parcel-bundler,Information Exposure,L,<1.10.0,Not available,2018-09-26
markdown-it,Regular Expression Denial of Service (ReDoS),M,<10.0.0,Not available,2019-10-09
markdown-it,Cross-site Scripting (XSS),M,<4.3.1 >=4.0.0,Not available,2017-02-13
markdown-it,Cross-site Scripting (XSS),M,<4.1.0,Available,2016-09-27
node-uuid,Denial of Service (DoS),M,<1.3.1,Not available,2016-11-23
node-uuid,Insecure Randomness,M,<1.4.4,Available,2016-03-28
connect,Denial of Service (DoS),M,>=1.4.0 <2.0.0,Not available,2017-02-13
connect,Cross-site Scripting (XSS),M,<2.8.2,Not available,2013-06-30
crypto-js,Insecure Randomness,H,<3.2.1,Not available,2020-02-11
validator,Regular Expression Denial of Service (ReDoS),L,>=5.2.0 <9.4.1,Not available,2018-02-18
validator,Buffer Overflow,M,<5.0.0,Not available,2018-02-18
validator,Cross-site Scripting (XSS),M,>=3.0.0 <3.34.0,Not available,2017-01-30
validator,Regular Expression Denial of Service (ReDoS),H,>=0.1.0 <3.22.1,Not available,2014-11-12
validator,Cross-site Scripting (XSS),M,<2.0.0,Available,2014-10-27
validator,Cross-site Scripting (XSS),M,<1.1.1,Not available,2013-07-05
bower,Arbitrary File Write via Archive Extraction (Zip Slip),H,<1.8.8,Not available,2019-01-25
mustache,Content Injection due to quoteless attributes,M,<2.2.1,Available,2015-12-14
mustache,Cross-site Scripting (XSS),M,< 0.3.1,Not available,2015-11-06
serve-static,Open Redirect,L,"<1.6.5,>=1.7.0 <1.7.2",Available,2015-01-13
concat-stream,Uninitialized Memory Exposure,M,"<1.3.2,>=1.4.0 <1.4.11,>=1.5.0 <1.5.2",Not available,2017-03-09
nodemailer,Command Injection,H,<6.4.16,Not available,2020-11-12
event-stream,Malicious Package,H,=3.3.6,Not available,2018-11-26
prismjs,Cross-site Scripting (XSS),H,>=1.1.0 <1.21.0,Not available,2020-08-09
prismjs,Regular Expression Denial of Service (ReDoS),H,<1.5.0,Not available,2020-03-27
underscore.string,Regular Expression Denial of Service (ReDoS),H,>2.4.1 <3.3.5,Not available,2018-06-25
acorn,Regular Expression Denial of Service (ReDoS),H,">=5.5.0 <5.7.4,>=6.0.0 <6.4.1,>=7.0.0 <7.1.1",Not available,2020-03-07
lodash.merge,Prototype Pollution,H,<4.6.2,Not available,2019-02-01
lodash.merge,Prototype Pollution,M,<4.6.2,Not available,2018-02-14
electron,Use After Free,H,"<8.5.4,>=9.0.0 <10.1.6,>=11.0.0 <11.0.1",Not available,2020-11-19
electron,Heap-based Buffer Overflow,H,"<8.5.3,>=9.0.0-beta.1 <9.3.3,>=10.0.0-beta.1 <10.1.5",Not available,2020-10-21
electron,Improper Restriction of Rendered UI Layers or Frames,M,">=8.0.0-beta.0 <8.5.1,>=9.0.0-beta.0 <9.3.0,>=10.0.0-beta.0 <10.0.1,>=11.0.0-beta.0 <11.0.0-beta.1",Not available,2020-10-07
electron,Improper Access Control,M,">=8.0.0-beta.0 <8.5.2,>=9.0.0-beta.0 <9.3.1,>=10.0.0-beta.0 <10.1.2,>=11.0.0-beta.0 <11.0.0-beta.6",Not available,2020-10-07
electron,Use After Free,H,">=7.0.0 <7.3.3,>=8.0.0 <8.5.1,>=9.0.0 <9.2.2",Not available,2020-07-29
electron,Use After Free,H,">=7.0.0 <7.3.3,>=8.0.0 <8.5.1,>=9.0.0 <9.2.1",Not available,2020-07-29
electron,Type Confusion,H,>=9.0.0 <9.2.1,Not available,2020-07-29
electron,Arbitrary File Read,M,"<7.2.4,>=8.0.0 <8.2.4",Not available,2020-07-07
electron,Privilege Escalation,H,"<7.2.4,>=8.0.0 <8.2.4",Not available,2020-07-07
electron,Privilege Escalation,H,"<7.2.4,>=8.0.0 <8.2.4",Not available,2020-07-07
electron,Privilege Escalation,H,"<6.1.11,>=7.0.0 <7.2.4,>=8.0.0 <8.2.4",Not available,2020-07-07
electron,Use After Free,H,<8.3.1,Not available,2020-05-20
electron,Type Confusion,H,<7.3.1,Not available,2020-05-20
electron,Buffer Overflow,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-15
electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-15
electron,Improper Validation,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-15
electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-15
electron,Type Confusion,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-07
electron,Out-of-bounds Write,H,">=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-07
electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-04-29
electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-04-29
electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0",Not available,2020-04-17
electron,Use After Free,H,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0 <8.2.0",Not available,2020-04-15
electron,Use After Free,H,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.2.0",Not available,2020-04-15
electron,Buffer Underflow,M,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.2.0",Not available,2020-04-15
electron,Use After Free,M,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.2.1",Not available,2020-04-15
electron,Use After Free,H,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.0.0-beta.6",Not available,2020-04-15
electron,Use After Free,H,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.2.1",Not available,2020-04-15
electron,Site Isolation Bypass,H,"<7.2.2,>=8.0.0-beta.1 <8.2.1",Not available,2020-04-15
web3,Insecure Credential Storage,L,*,Not available,2019-04-28
sequelize,Denial of Service (DoS),M,<4.44.4,Not available,2020-01-23
sequelize,SQL Injection,H,">=4.0.0 <4.44.3,>=5.0.0 <5.15.1",Not available,2019-08-19
sequelize,SQL Injection,H,<3.35.1,Not available,2019-06-21
sequelize,SQL Injection,H,">=3.0.0 <3.35.1,>=4.0.0 <4.44.3,>=5.0.0 <5.8.11",Not available,2019-06-21
sequelize,SQL Injection,M,>=5.0.0 <5.3.0,Not available,2019-04-11
sequelize,Hash Injection,H,<4.12.0,Not available,2019-04-07
sequelize,SQL Injection,M,<3.12.1,Not available,2017-02-13
sequelize,SQL Injection,H,>=3.4.0 <3.23.6,Available,2016-07-18
sequelize,SQL Injection,M,>=0.2.2 <1.7.0-alpha3,Not available,2016-04-01
sequelize,SQL Injection,M,<2.1.4,Not available,2016-04-01
sequelize,Remote Memory Exposure,M,<3.17.2,Available,2016-04-01
sequelize,SQL Injection,H,>=0.2.2 <3.13.17,Available,2016-04-01
sequelize,SQL Injection,M,<3.20.0,Available,2016-04-01
sequelize,SQL Injection,H,<2.0.0-rc8,Available,2015-01-18
bunyan,Remote Code Execution (RCE),M,"<1.8.13,>=2.0.0 <2.0.3",Not available,2020-06-24
chromedriver,Resources Downloaded over Insecure Protocol,H,<2.25.2,Not available,2016-12-20
ip,Uninitialized Memory Exposure,M,<1.1.5,Not available,2017-06-04
clean-css,Regular Expression Denial of Service (ReDoS),L,<4.1.11,Not available,2018-03-07
codemirror,Regular Expression Denial of Service (ReDoS),M,<5.58.2,Not available,2020-10-30
codemirror,Regular Expression Denial of Service (ReDoS),L,<5.54.0,Not available,2020-05-28
http-proxy,Denial of Service (DoS),M,<1.18.1,Not available,2020-05-16
http-proxy,Regular Expression Denial of Service (ReDoS),M,<0.7.0,Not available,2017-02-13
serve,Directory Traversal,H,<11.0.0,Not available,2019-05-19
serve,Directory Traversal,H,<7.1.3,Not available,2018-08-21
serve,Information Exposure,H,<7.0.0,Not available,2018-06-03
serve,Information Exposure,H,<6.5.2,Not available,2018-03-18
serve,Directory Traversal,M,<6.4.9,Not available,2018-01-25
serve,Directory Traversal,H,"<5.2.0,>=5.2.1 <5.2.2",Not available,2017-06-12
hapi,Denial of Service (DoS),H,*,Not available,2020-02-17
hapi,Denial of Service (DoS),M,<16.1.1 >=15.0.0,Not available,2017-04-06
hapi,Cross-site Scripting (XSS),M,<0.16.0,Not available,2016-11-22
hapi,Potentially loose security restrictions,L,<11.1.4,Not available,2016-01-05
hapi,Denial of Service (DoS),H,<11.1.3,Not available,2015-12-24
hapi,CORS Bypass,L,<11.0.0,Not available,2015-11-06
hapi,Denial of Service (DoS),H,>=2.0.0 <2.2.0,Not available,2014-07-08
hapi,Rosetta-flash jsonp vulnerability,M,< 6.1.0,Available,2014-07-08
tar,Arbitrary File Overwrite,H,"<2.2.2,>=3.0.0 <4.4.2",Not available,2019-04-07
tar,Symlink File Overwrite,H,>0.0.1 <2.0.0,Available,2015-11-06
knex,SQL Injection,H,<0.19.5,Not available,2019-10-07
knex,SQL Injection,M,"<0.6.23,>=0.7.0 <0.7.6",Not available,2016-12-20
express-validator,Filter Bypass,M,>=4.2.1 <6.0.0,Not available,2019-05-28
diff,Regular Expression Denial of Service (ReDoS),H,>=3.0.0 <3.5.0,Not available,2018-03-06
nunjucks,Cross-site Scripting (XSS),H,<2.4.3,Not available,2016-09-09
preact,Deserialization of Untrusted Data,M,>=10.0.0-alpha.0 <10.0.0-beta.1,Not available,2019-04-23
merge,Prototype Pollution,H,<2.1.0,Not available,2020-11-16
merge,Prototype  Pollution,L,<1.2.1,Not available,2018-11-04
canvas,Denial of Service (DoS),M,<1.6.10,Not available,2019-04-07
ms,Regular Expression Denial of Service (ReDoS),L,>=0.7.1 <2.0.0,Available,2017-05-15
ms,Regular Expression Denial of Service (ReDoS),M,<0.7.1,Available,2015-11-06
bcrypt,Insecure Encryption,H,<5.0.0,Not available,2020-07-01
bcrypt,Cryptographic Issues,M,<5.0.0,Not available,2020-07-01
mysql2,Man in The Middle (MiTM),M,<1.0.0-rc.1,Not available,2019-11-28
xlsx,Regular Expression Denial of Service (ReDoS),L,<0.16.0,Not available,2020-07-17
xlsx,Regular Expression Denial of Service (ReDoS),L,<0.12.2,Not available,2018-02-22
svelte,Cross-site Scripting (XSS),M,<2.9.8,Not available,2020-04-06
backbone,Cross-site Scripting (XSS),M,<0.1.2,Not available,2016-06-22
backbone,Cross-site Scripting (XSS),M,<0.5.0,Available,2015-11-06
i18next,Prototype Pollution,M,<19.8.3,Not available,2020-07-19
i18next,Buffer Overflow,M,<19.5.5,Not available,2020-07-09
i18next,Cross-site Scripting (XSS),M,>=2.0.0 <3.4.4,Not available,2017-02-13
i18next,Cross-site Scripting (XSS),M,<1.10.3,Not available,2017-02-13
chart.js,Prototype Pollution,H,<2.9.4,Not available,2020-10-19
mqtt,Denial of Service (DoS),M,>=2.0.0 <2.15.0,Not available,2018-01-03
mqtt,Denial of Service (DoS),H,<1.0.0,Not available,2016-08-17
next,Arbitrary File Read,H,<5.1.0,Not available,2020-06-10
next,Path Traversal,M,<9.3.2,Not available,2020-03-30
next,Cross-site Scripting (XSS),M,>=7.0.0 <7.0.2,Not available,2018-10-15
next,Directory Traversal,H,<4.2.3,Not available,2018-01-31
next,Directory Traversal,H,<2.4.1,Not available,2017-11-17
next,Cross-site Scripting (XSS),M,<2.4.3,Not available,2017-06-13
next,Directory Traversal,H,"<2.4.1,>=3.0.0-beta1 <3.0.0-beta7",Not available,2017-06-12
boom,Cross-site Scripting (XSS),M,<0.3.0,Not available,2016-10-05
hoek,Prototype Pollution,M,"<4.2.1,>=5.0.0 <5.0.3",Available,2018-02-14
hoek,Cross-site Scripting (XSS),M,<0.7.3,Not available,2016-11-10
url-parse,Improper Input Validation,H,<1.4.5,Not available,2020-01-27
url-parse,Open Redirect,H,<1.4.3,Not available,2018-07-31
adm-zip,Arbitrary File Write via Archive Extraction (Zip Slip),H,<0.4.11,Not available,2018-05-31
restify,Cross-site Scripting (XSS),M,<4.1.0 >=2.0.0,Not available,2017-02-13
protobufjs,Regular Expression Denial of Service (ReDoS),H,"<5.0.3,>=6.0.0 <6.8.6",Not available,2018-03-05
rollup-plugin-serve,Directory Traversal,H,*,Not available,2020-06-20
elliptic,Cryptographic Issues,H,<6.5.3,Not available,2020-06-17
elliptic,Timing Attack,M,<6.5.2,Not available,2019-11-13
yarn,Improper Integrity Checks,H,<1.19,Not available,2020-02-26
yarn,Arbitrary File Overwrite,M,<1.22.0,Not available,2020-02-15
yarn,Arbitrary File Write,L,<1.21.1,Not available,2019-12-13
yarn,Man-in-the-Middle (MitM),H,<1.17.3,Not available,2019-07-15
googleapis,Improper Authorization,H,>=36.0.0 <39.1.0,Not available,2019-08-21
googleapis,Improper Authorization,M,>=36.0.0 <39.1.0,Not available,2019-07-16
method-override,Regular Expression Denial of Service (ReDoS),H,>1.0.2 <2.3.10,Not available,2017-09-28
deep-extend,Prototype Pollution,H,<0.5.1,Not available,2018-04-25
typeorm,Prototype Pollution,H,<0.2.25,Not available,2020-07-26
typeorm,SQL Injection,H,<0.1.15,Not available,2019-04-07
gm,Remote Shell Command Injection,M,<=1.20.0,Available,2015-11-06
object-path,Prototype Pollution,H,<0.11.5,Not available,2020-08-20
yargs-parser,Prototype Pollution,M,"<5.0.0-security.0,>5.0.0-security.0 <13.1.2,>=14.0.0 <15.0.1,>=16.0.0 <18.1.1",Not available,2020-03-16
vuetify,Cross-site Scripting (XSS),M,<2.1.9,Not available,2019-10-29
quill,Reverse Tabnabbing,M,<1.3.7,Not available,2019-08-27
quill,Reverse Tabnabbing,M,<1.3.7,Not available,2019-07-08
quill,Arbitrary Code Execution,M,>=1.0.0-beta.0 <1.0.4,Not available,2017-02-28
flat,Prototype Pollution,M,">=5.0.0 <5.0.2,>=4.0.0 <4.1.1,>=3.0.0 <3.0.1,>=2.0.0 <2.0.2,>=5.0.0 <5.0.2,<1.6.2",Not available,2020-07-30
pm2,Command Injection,M,<4.3.0,Not available,2019-10-25
pm2,Command Injection,M,<4.3.0,Not available,2019-10-25
serialize-javascript,Arbitrary Code Injection,H,<3.1.0,Not available,2020-06-01
serialize-javascript,Cross-site Scripting (XSS),H,<2.1.1,Not available,2019-12-05
node-forge,Prototype Pollution,H,<0.10.0,Not available,2020-09-01
node-forge,Regular Expression Denial of Service (ReDoS),M,<0.7.4,Not available,2018-02-26
node-forge,Timing Attack,M,<0.6.33,Not available,2016-12-26
atob,Uninitialized Memory Exposure,M,<2.1.0,Not available,2018-04-30
showdown,Reverse Tabnabbing,L,<1.9.1,Not available,2019-10-01
grpc,Prototype Pollution,H,<1.24.4,Not available,2020-11-11
csv-parse,Regular Expression Denial of Service (ReDoS),M,<4.4.6,Not available,2019-09-20
string,Regular Expression Denial of Service (ReDoS),M,*,Not available,2017-09-26
fastify,Denial of Service (DoS),M,<2.15.1,Not available,2020-07-30
fastify,Denial of Service (DoS),M,">=2.0.0 <2.15.1,>=3.0.0-alpha.1 <3.0.0-rc.5",Not available,2020-07-29
fastify,Prototype Pollution,H,<1.0.5,Not available,2020-02-28
fastify,Denial of Service (DoS),H,<0.38.0,Not available,2018-01-25
tough-cookie,Regular Expression Denial of Service (ReDoS),M,<2.3.3,Available,2017-09-21
tough-cookie,Regular Expression Denial of Service (ReDoS),H,>=0.9.7 <2.3.0,Available,2016-07-22
koa-body,Directory Traversal,H,<3.0.0,Not available,2018-05-16
jscover,Command Injection,M,*,Not available,2020-04-02
cryptr,Insufficient Entropy,M,<6.0.0,Not available,2019-02-26
docsify,Cross-site Scripting (XSS),H,<4.11.4,Not available,2020-06-26
lazysizes,Cross-site Scripting (XSS),M,<5.2.1-rc1,Not available,2020-04-21
hapi-auth-jwt2,Authentication Bypass in Try Mode,H,<5.1.2,Not available,2016-01-28
vue-moment,Outdated Static Dependency,M,<4.1.0,Not available,2019-12-23
google-closure-library,Insufficient Validation,M,<20200315.0.0,Not available,2020-03-26
google-closure-library,Cross-site Scripting (XSS),M,>=20190121.0.0 <20190301.0.0,Not available,2019-04-25
cached-path-relative,Prototype Pollution,H,<1.0.2,Not available,2018-11-08
webtorrent,Cross-site Scripting (XSS),L,<0.107.6,Not available,2019-08-29
webtorrent,DNS Rebinding,L,<0.105.2,Not available,2019-07-31
handsontable,Cross-site Scripting (XSS),M,<8.2.0,Not available,2020-11-13
semantic-ui,Cross-site Scripting (XSS),M,*,Not available,2019-05-14
semantic-ui,Cross-site Scripting (XSS),M,<2.2.8,Not available,2017-06-21
semantic-ui,Cross-site Scripting (XSS),M,<1.0.0,Not available,2017-06-21
plotly.js,Cross-site Scripting (XSS),M,"<1.10.4,>=1.11.0 <1.16.0",Not available,2019-07-28
plotly.js,Cross-site Scripting (XSS),M,>=1.0.0 <1.2.1,Not available,2017-02-28
plotly.js,Cross-site Scripting (XSS),M,>=1.10.4 <1.16.0,Not available,2016-10-17
plotly.js,CSS Injection,L,<1.16.0,Not available,2016-10-17
faye,Improper Access Control,H,"<1.0.4,>=1.1.0 <1.1.3,>=1.2.0 <1.2.5",Not available,2020-04-28
faye,Cross-Site Request Forgery (CSRF),H,<1.1.0,Not available,2020-04-23
faye,Insecure Defaults,M,<0.8.9 >=0.5.0,Not available,2017-03-28
react-svg,Cross-site Scripting (XSS),H,<2.2.18,Not available,2018-05-02
jsonpointer,Prototype Pollution,H,<4.1.0,Not available,2020-08-17
chownr,Time of Check Time of Use (TOCTOU),M,<1.1.0,Not available,2018-07-31
egg-scripts,Arbitrary Command Injection,H,<2.8.1,Not available,2018-08-27
stringstream,Uninitialized Memory Exposure,M,<0.0.6,Available,2018-05-13
vega,Cross-site Scripting (XSS),M,<2.4.0,Not available,2017-03-13
ag-grid,Cross-site Scripting (XSS),M,>=13.0.0 <14.0.0,Not available,2018-06-03
ag-grid,HTML Injection,M,>=3.3.0 <5.0.0-alpha.0,Not available,2017-03-16
syntax-error,Potential Script Injection,M,< 1.1.1,Not available,2014-07-15
squel,SQL Injection,M,*,Not available,2018-05-09
openpgp,Cryptographic Issues,M,<0.10.0,Not available,2020-05-18
openpgp,Invalid Curve Attack,H,<4.2.1,Not available,2019-08-22
openpgp,Improper Authentication,M,<4.2.0,Not available,2019-08-22
openpgp,Message Signature Bypass,M,<4.2.0,Not available,2019-08-22
gatsby-cli,Resources Downloaded over Insecure Protocol,M,<1.0.9,Not available,2018-03-01
express-basic-auth,Timing Attack,L,<1.1.7,Not available,2019-04-16
mariadb,Malicious Package,H,<= 1.0.2,Not available,2017-08-02
generate-password,Cryptographic Backdoor,M,<1.4.1,Not available,2019-01-10
kerberos,DLL Injection,H,<1.0.0,Not available,2020-05-12
mosca,Regular Expression Denial of Service (ReDoS),H,<2.8.2,Not available,2018-08-30
assign-deep,Prototype Pollution,H,">=1.0.0 <1.0.1,<0.4.8",Not available,2019-06-20
assign-deep,Prototype Pollution,M,<0.4.7,Not available,2018-02-16
botkit,Denial of Service (DoS),M,<0.4.4,Not available,2017-12-25
hawk,Regular Expression Denial of Service (ReDoS),L,"<3.1.3,>=4.0.0 <4.1.1",Available,2016-01-19
npmconf,Uninitialized Memory Exposure,H,<2.1.3,Not available,2018-05-13
remove-markdown,Regular Expression Denial of Service (ReDoS),M,*,Not available,2019-01-29
uikit,Regular Expression Denial of Service (ReDoS),M,>=2.0.0 <2.26.4,Not available,2017-05-08
svg2png,Cross-site Scripting (XSS),M,*,Not available,2020-04-19
simpl-schema,Prototype Pollution,H,<1.10.2,Not available,2020-10-07
simpl-schema,Regular Expression Denial of Service (ReDoS),H,<1.5.0,Not available,2018-04-15
c3,Cross-site Scripting (XSS),M,<0.4.11,Not available,2016-08-17
http-auth,Authentication Bypass,H,<3.2.4,Not available,2019-10-03
ag-grid-community,Cross-site Scripting (XSS),M,<14.0.0,Not available,2019-06-05
@ckeditor/ckeditor5-link,Cross-site Scripting (XSS),M,<10.0.1,Not available,2019-08-27