pkg_name,vuln_name,vuln_level,vuln_versions,snyk_patch,publish_date eslint,Regular Expression Denial of Service (ReDoS),L,>=1.4.0 <4.18.2,Not available,2018-03-22 mocha,Regular Expression Denial of Service (ReDoS),H,<6.0.0,Not available,2020-03-29 react,Cross-site Scripting (XSS),H,>=0.0.1 <0.14.0,Not available,2017-01-18 react,Cross-site Scripting (XSS),M,">=0.5.0 <0.5.2,>=0.4.0 <0.4.2",Not available,2017-01-18 lodash,Prototype Pollution,H,<4.17.17,Not available,2020-08-21 lodash,Prototype Pollution,H,<4.17.20,Not available,2020-08-16 lodash,Prototype Pollution,M,<4.17.16,Available,2020-04-28 lodash,Prototype Pollution,H,<4.17.12,Available,2019-07-02 lodash,Regular Expression Denial of Service (ReDoS),M,<4.17.11,Not available,2019-04-05 lodash,Prototype Pollution,H,<4.17.11,Not available,2019-02-01 lodash,Prototype Pollution,M,<4.17.5,Available,2018-02-14 react-dom,Cross-site Scripting (XSS),M,">=16.0.0 <16.0.1,>=16.1.0 <16.1.2,>=16.2.0 <16.2.1,>=16.3.0 <16.3.3,>=16.4.0 <16.4.2",Not available,2020-04-06 express,Cross-site Scripting (XSS),M,"<3.11.0,>=4.0.0 <4.5.0",Not available,2014-09-12 webpack-dev-server,Information Exposure,H,<3.1.11,Not available,2018-09-26 node-sass,Denial of Service (DoS),M,>=3.3.0 <4.13.1,Not available,2020-01-19 node-sass,Out-of-bounds Read,H,<3.6.0,Not available,2020-01-08 node-sass,Out-of-bounds Read,M,<3.6.3,Not available,2020-01-08 node-sass,Uncontrolled Recursion,H,<4.4.0,Not available,2020-01-08 node-sass,Out-of-bounds Read,H,<4.4.0,Not available,2020-01-08 node-sass,Uncontrolled Recursion,M,<3.6.1,Not available,2020-01-08 node-sass,Improper Input Validation,H,<4.4.0,Not available,2020-01-08 node-sass,Improper Input Validation,H,<4.4.0,Not available,2020-01-08 node-sass,Uncontrolled Recursion,H,<4.4.0,Not available,2020-01-08 node-sass,Out-of-bounds Read,H,<4.4.0,Not available,2020-01-08 node-sass,NULL Pointer Dereference,H,<3.6.0,Not available,2020-01-08 node-sass,Denial of Service (DoS),M,<3.6.0,Not available,2020-01-08 node-sass,Denial of Service (DoS),M,<3.6.0,Not available,2020-01-08 node-sass,Denial of Service (DoS),M,<4.11.0,Not available,2020-01-08 node-sass,Out-of-bounds Read,M,<4.3.0,Not available,2020-01-08 node-sass,Out-of-bounds Read,H,<4.4.0,Not available,2020-01-08 node-sass,Denial of Service (DoS),H,<4.4.0,Not available,2020-01-08 node-sass,Out-of-bounds Read,M,<3.6.0,Not available,2020-01-08 node-sass,NULL Pointer Dereference,M,<3.6.3,Not available,2020-01-08 node-sass,NULL Pointer Dereference,M,<3.6.0,Not available,2020-01-08 node-sass,Out-of-bounds Read,H,<3.6.0,Not available,2020-01-08 node-sass,Out-of-Bounds,M,<3.6.0,Not available,2020-01-08 node-sass,Use After Free,H,*,Not available,2020-01-08 node-sass,Out-of-bounds Read,M,*,Not available,2020-01-08 node-sass,NULL Pointer Dereference,H,<4.11.0,Not available,2019-11-25 node-sass,Resource Exhaustion,M,<4.11.0,Not available,2019-11-25 node-sass,Uncontrolled Recursion,H,<4.8.0,Not available,2019-11-25 node-sass,NULL Pointer Dereference,M,<3.5.5,Not available,2019-11-25 node-sass,Out-of-bounds Read,H,<4.11.0,Not available,2019-11-25 request,Remote Memory Exposure,M,>2.2.5 <2.68.0,Available,2016-03-22 vue,Cross-site Scripting (XSS),M,<2.5.17,Not available,2020-04-06 vue,Regular Expression Denial of Service (ReDoS),L,<2.5.14,Not available,2018-02-22 vue,Cross-site Scripting (XSS),M,<2.4.3,Not available,2017-12-25 vue,Cross-site Scripting (XSS),M,<2.3.0-beta.1,Not available,2017-12-25 axios,Server-Side Request Forgery (SSRF),M,*,Not available,2020-11-08 axios,Denial of Service (DoS),M,<0.18.1,Available,2019-04-24 moment,Regular Expression Denial of Service (ReDoS),L,<2.19.3,Available,2017-11-28 moment,Regular Expression Denial of Service (ReDoS),M,<2.15.2,Available,2016-10-24 moment,Regular Expression Denial of Service (ReDoS),M,<2.11.2,Available,2016-02-01 grunt,Arbitrary Code Execution,H,<1.3.0,Not available,2020-08-20 debug,Regular Expression Denial of Service (ReDoS),L,">=1.0.0 <2.6.9,>=3.0.0 <3.1.0",Available,2017-09-26 semver,Regular Expression Denial of Service (ReDoS),M,<4.3.2,Available,2015-04-03 uuid,Insecure Randomness,M,<1.3.1,Not available,2017-02-13 jquery,Cross-site Scripting (XSS),M,<1.9.0,Not available,2020-05-19 jquery,Cross-site Scripting (XSS),M,>=1.2.0 <3.5.0,Not available,2020-04-29 jquery,Cross-site Scripting (XSS),M,>=1.0.3 <3.5.0,Not available,2020-04-13 jquery,Prototype Pollution,M,<3.4.0,Not available,2019-03-27 jquery,Denial of Service (DoS),L,>=3.0.0-rc1 <3.0.0,Not available,2016-12-26 jquery,Cross-site Scripting (XSS),M,"<1.12.2,>=1.12.3 <2.2.2,>=2.2.3 <3.0.0",Not available,2016-11-27 jquery,Cross-site Scripting (XSS),M,<1.6.3,Not available,2016-10-20 jquery,Cross-site Scripting (XSS),M,>=1.7.1 <1.9.0,Not available,2016-10-20 jquery,Cross-site Scripting (XSS),M,>=1.4.2 <1.6.2,Not available,2016-10-20 minimist,Prototype Pollution,M,"<0.2.1,>=1.0.0 <1.2.3",Not available,2020-03-11 jasmine-core,Regular Expression Denial of Service (ReDoS),L,<3.1.0,Not available,2018-02-18 uglify-js,Regular Expression Denial of Service (ReDoS),M,<2.6.0,Available,2015-11-06 uglify-js,Improper minification of non-boolean comparisons,H,>=2.2.0 <2.4.24,Available,2015-08-24 semantic-release,Information Disclosure,H,<17.2.3,Not available,2020-11-19 node-fetch,Denial of Service,M,"<2.6.1,>=3.0.0-beta.1 <3.0.0-beta.9",Not available,2020-09-11 codecov,Command Injection,M,<3.7.1,Not available,2020-07-21 codecov,Command Injection,M,<3.6.5,Not available,2020-02-16 codecov,Command Injection,M,<3.6.2,Not available,2020-01-24 cheerio,Cross-site Scripting (XSS),M,<=0.8.3,Not available,2016-10-20 webpack-bundle-analyzer,Cross-site Scripting (XSS),M,<3.3.2,Not available,2019-04-15 js-yaml,Arbitrary Code Execution,H,<3.13.1,Not available,2019-04-07 js-yaml,Denial of Service (DoS),M,<1.5.0,Not available,2019-04-05 js-yaml,Denial of Service (DoS),M,>=3.0.0 <3.13.0,Not available,2019-03-24 js-yaml,Code Execution due to Deserialization,M,<2.0.5,Not available,2013-06-23 bootstrap,Cross-site Scripting (XSS),M,"<3.4.1,>=4.0.0 <4.3.1",Not available,2019-02-15 bootstrap,Cross-site Scripting (XSS),M,<3.4.0,Not available,2019-01-10 bootstrap,Cross-site Scripting (XSS),M,<3.4.0,Not available,2019-01-10 bootstrap,Cross-site Scripting (XSS),M,"<3.4.0,>=4.0.0 <4.1.2",Not available,2018-06-12 bootstrap,Cross-site Scripting (XSS),M,>=4.0.0 <4.1.2,Not available,2018-06-12 bootstrap,Cross-site Scripting (XSS),M,"<3.4.0,>=4.0.0-alpha <4.0.0-beta.2",Not available,2018-01-19 bootstrap,Cross-site Scripting (XSS),M,<2.1.0,Not available,2017-04-10 standard-version,Command Injection,H,<8.0.1,Not available,2020-07-12 handlebars,Prototype Pollution,M,<4.6.0,Not available,2020-04-28 handlebars,Prototype Pollution,H,">=4.0.0 <4.5.3,<3.0.8",Not available,2019-11-20 handlebars,Arbitrary Code Execution,H,">=4.0.0 <4.5.3,<3.0.8",Not available,2019-11-15 handlebars,Denial of Service (DoS),H,>=4.0.0 <4.4.5,Not available,2019-11-05 handlebars,Prototype Pollution,H,">=4.0.0 <4.3.0,<3.8.0",Not available,2019-09-25 handlebars,Prototype Pollution,H,">=3.0.0 <3.0.7,>=4.1.0 <4.1.2,>=4.0.0 <4.0.14",Not available,2019-04-14 handlebars,Prototype Pollution,H,"<4.0.14,>=4.1.0 <4.1.2",Not available,2019-02-14 handlebars,Cross-site Scripting (XSS),M,<4.0.0,Available,2015-12-14 handlebars,Cross-site Scripting (XSS),M,<=1.0.0-beta.3,Available,2015-11-06 ws,Denial of Service (DoS),H,"<1.1.5,>=2.0.0 <3.3.1",Not available,2017-11-09 ws,Insecure Randomness,M,<1.1.2,Available,2017-02-07 ws,Denial of Service (DoS),H,<1.1.1,Available,2016-06-26 ws,Remote Memory Exposure,M,< 1.0.1,Available,2016-01-05 stylelint,Regular Expression Denial of Service (ReDoS),M,<11.0.0,Not available,2019-08-25 ejs,Cross-site Scripting (XSS),M,<2.5.5,Not available,2016-12-06 ejs,Denial of Service (DoS),M,<2.5.5,Not available,2016-12-06 ejs,Arbitrary Code Execution,H,<2.5.3,Available,2016-11-28 mongoose,Information Exposure,M,"<4.13.21,>=5.0.0 <5.7.5",Not available,2019-10-10 mongoose,Denial of Service (DoS),H,>=4.0.0 <4.1.10,Not available,2016-12-13 mongoose,Remote Memory Exposure,M,">=3.5.5 <3.8.39,>=4.0.0 <4.3.6",Available,2016-01-23 jsonwebtoken,Authentication Bypass,H,<4.2.2,Available,2015-03-31 superagent,Information Exposure,M,<3.8.1,Not available,2018-07-31 superagent,Denial of Service (DoS),L,<3.7.0,Not available,2017-09-27 socket.io,Insecure Randomness,M,<0.9.7,Not available,2017-02-13 socket.io,Cross-site Scripting (XSS),M,<0.9.6,Not available,2017-02-13 marked,Regular Expression Denial of Service (ReDoS ),M,<1.1.1,Not available,2020-07-27 marked,Regular Expression Denial of Service (ReDoS),M,<0.4.0,Not available,2019-07-04 marked,Regular Expression Denial of Service (ReDoS),M,>=0.4.0 <0.7.0,Not available,2019-07-02 marked,Regular Expression Denial of Service (ReDoS),M,>=0.1.3 <0.6.2,Not available,2019-04-07 marked,Regular Expression Denial of Service (ReDoS),M,>=0.5.0 <0.6.1,Not available,2019-01-30 marked,Regular Expression Denial of Service (ReDoS),H,<0.3.18,Not available,2018-02-27 marked,Cross-site Scripting (XSS),H,<0.3.9,Not available,2017-12-25 marked,Cross-site Scripting (XSS),M,<0.3.9,Not available,2017-12-25 marked,Regular Expression Denial of Service (ReDoS),H,<0.3.9,Available,2017-09-21 marked,Cross-site Scripting (XSS),H,<0.3.7,Available,2017-01-30 marked,Cross-site Scripting (XSS),H,>=0.3.1 <0.3.6,Available,2016-04-20 marked,VBScript Content Injection,M,<0.3.3,Available,2014-01-30 marked,Regular Expression Denial of Service (ReDoS),H,<0.3.4,Available,2014-01-30 marked,Multiple Content Injection Vulnerabilities,M,<=0.3.0,Not available,2014-01-30 mongodb,Denial of Service (DoS),H,<3.1.13,Not available,2019-10-18 puppeteer,Use After Free,H,<1.13.0,Not available,2019-03-31 qs,Prototype Override Protection Bypass,H,"<6.0.4,>=6.1.0 <6.1.2,>=6.2.0 <6.2.3,>=6.3.0 <6.3.2",Available,2017-03-01 qs,Denial of Service (DoS),M,<1.0.0,Available,2014-08-06 qs,Denial of Service (DoS),H,<1.0.0,Available,2014-08-06 morgan,Arbitrary Code Injection,M,<1.9.1,Not available,2018-11-12 react-dev-utils,Arbitrary Code Execution,H,">=1.0.0 <1.0.4,>=2.0.0 <2.0.2,>=3.0.0 <3.1.2,>=4.0.0 <4.2.2,>=5.0.0 <5.0.2",Not available,2019-01-02 highlight.js,Prototype Pollution,M,">=7.2.0 <9.18.2,>=10.0.0 <10.1.2",Not available,2020-11-25 mysql,Uninitialized Memory Exposure,L,<2.14.0,Not available,2017-08-08 mysql,Unauthorized SSL Connection due to lack of cert authentication,M,<2.3.0 >=2.0.0,Not available,2017-01-04 mysql,SQL Injection,H,>=2.0.0-alpha <2.0.0-alpha8,Not available,2016-01-05 ng-packagr,Command Injection,M,<10.1.1,Not available,2020-09-25 ajv,Prototype Pollution,H,<6.12.3,Not available,2020-07-16 open,Arbitrary Code Injection,H,<6.0.0,Not available,2019-03-31 open,Arbitrary Command Injection,H,<6.0.0,Not available,2018-05-13 mime,Regular Expression Denial of Service (ReDoS),L,"<1.4.1,>=2.0.0 <2.0.3",Available,2017-09-27 npm,Insertion of Sensitive Information into Log File,M,<6.14.6,Not available,2020-07-08 npm,Arbitrary File Write,H,<6.13.3,Not available,2019-12-12 npm,Unauthorized File Access,L,<6.13.3,Not available,2019-12-12 npm,Arbitrary File Overwrite,H,<6.13.4,Not available,2019-12-12 npm,Access Restriction Bypass,M,<5.7.1,Not available,2018-03-21 npm,Symlink attack due to predictable tmp folder names,M,<1.3.3,Not available,2017-02-13 npm,npm Token Leak,M,"<2.15.1,>=3.0.0 <3.8.4",Not available,2016-04-20 esm,Regular Expression Denial of Service (ReDoS),M,<3.1.0,Not available,2019-01-03 minimatch,Regular Expression Denial of Service (ReDoS),H,<3.0.2,Not available,2016-06-20 minimatch,Regular Expression Denial of Service (ReDoS),H,<3.0.2,Available,2016-06-20 pg,Arbitrary Code Execution,H,"<2.11.2,>=3.0.0 <3.6.4,>=4.0.0 <4.5.7,>=5.0.0 <5.2.1,>=6.0.0 <6.0.5,>=6.1.0 <6.1.6,>=6.2.0 <6.2.5,>=6.3.0 <6.3.3,>=6.4.0 <6.4.2,>=7.0.0 <7.0.2,>=7.1.0 <7.1.2",Not available,2017-08-13 extend,Prototype Pollution,H,"<2.0.2,>=3.0.0 <3.0.2",Available,2018-07-23 angular,Cross-site Scripting (XSS),H,<1.8.0,Not available,2020-06-11 angular,Cross-site Scripting (XSS),M,<1.8.0,Not available,2020-06-07 angular,Prototype Pollution,H,>=1.4.0-beta.6 <1.7.9,Not available,2019-11-19 angular,Denial of Service (DoS),M,<1.6.3,Not available,2019-10-04 angular,Cross-site Scripting (XSS),M,<1.6.5,Not available,2019-10-04 angular,Cross-site Scripting (XSS),M,<1.6.0-rc.0,Not available,2019-10-04 angular,Cross-site Scripting (XSS),M,<1.6.9,Not available,2018-02-19 angular,Cross-site Scripting (XSS),M,<1.6.7,Not available,2017-12-25 angular,JSONP Callback Attack,M,<1.6.1,Not available,2017-02-13 angular,Content Security Policy (CSP) Bypass,M,>=1.5.0 <1.5.9,Not available,2017-01-23 angular,Arbitrary Script Injection,M,>=1.0.0 <1.2.30,Not available,2017-01-23 angular,Cross-site Scripting (XSS),M,>=1.3.0 <1.5.0-rc.2,Not available,2017-01-23 angular,Cross-site Scripting (XSS),M,<1.5.0-rc.0,Not available,2017-01-23 angular,Cross-site Scripting (XSS),M,<1.4.10,Not available,2017-01-23 angular,Cross-site Scripting (XSS),H,<1.5.0-beta.2,Not available,2017-01-23 angular,Clickjacking,M,>=1.3.1 <1.5.0-beta.0,Not available,2017-01-23 angular,Cross-site Scripting (XSS),H,>=1.0.0 <1.5.0-beta.0,Not available,2017-01-23 angular,Arbitrary Code Execution,H,<1.4.0-beta.6,Not available,2017-01-23 angular,Arbitrary Command Execution,M,<1.3.2,Not available,2017-01-23 angular,Unsafe Object Deserialization,H,>=1.2.19 <1.2.24,Not available,2017-01-23 angular,Cross-site Scripting (XSS),M,<1.3.0-rc.4,Not available,2017-01-23 angular,Arbitrary Code Execution,L,<1.3.0,Not available,2017-01-23 angular,Protection Bypass,H,<1.2.2,Not available,2017-01-23 angular,Arbitrary Script Injection,H,<1.1.5,Not available,2017-01-23 angular,Cross-site Scripting (XSS),M,>=1.0.0 <1.2.0,Not available,2017-01-23 angular,Cross-site Scripting (XSS),M,<1.2.0,Not available,2017-01-23 parcel-bundler,Information Exposure,L,<1.10.0,Not available,2018-09-26 markdown-it,Regular Expression Denial of Service (ReDoS),M,<10.0.0,Not available,2019-10-09 markdown-it,Cross-site Scripting (XSS),M,<4.3.1 >=4.0.0,Not available,2017-02-13 markdown-it,Cross-site Scripting (XSS),M,<4.1.0,Available,2016-09-27 node-uuid,Denial of Service (DoS),M,<1.3.1,Not available,2016-11-23 node-uuid,Insecure Randomness,M,<1.4.4,Available,2016-03-28 connect,Denial of Service (DoS),M,>=1.4.0 <2.0.0,Not available,2017-02-13 connect,Cross-site Scripting (XSS),M,<2.8.2,Not available,2013-06-30 crypto-js,Insecure Randomness,H,<3.2.1,Not available,2020-02-11 validator,Regular Expression Denial of Service (ReDoS),L,>=5.2.0 <9.4.1,Not available,2018-02-18 validator,Buffer Overflow,M,<5.0.0,Not available,2018-02-18 validator,Cross-site Scripting (XSS),M,>=3.0.0 <3.34.0,Not available,2017-01-30 validator,Regular Expression Denial of Service (ReDoS),H,>=0.1.0 <3.22.1,Not available,2014-11-12 validator,Cross-site Scripting (XSS),M,<2.0.0,Available,2014-10-27 validator,Cross-site Scripting (XSS),M,<1.1.1,Not available,2013-07-05 bower,Arbitrary File Write via Archive Extraction (Zip Slip),H,<1.8.8,Not available,2019-01-25 mustache,Content Injection due to quoteless attributes,M,<2.2.1,Available,2015-12-14 mustache,Cross-site Scripting (XSS),M,< 0.3.1,Not available,2015-11-06 serve-static,Open Redirect,L,"<1.6.5,>=1.7.0 <1.7.2",Available,2015-01-13 concat-stream,Uninitialized Memory Exposure,M,"<1.3.2,>=1.4.0 <1.4.11,>=1.5.0 <1.5.2",Not available,2017-03-09 nodemailer,Command Injection,H,<6.4.16,Not available,2020-11-12 event-stream,Malicious Package,H,=3.3.6,Not available,2018-11-26 prismjs,Cross-site Scripting (XSS),H,>=1.1.0 <1.21.0,Not available,2020-08-09 prismjs,Regular Expression Denial of Service (ReDoS),H,<1.5.0,Not available,2020-03-27 underscore.string,Regular Expression Denial of Service (ReDoS),H,>2.4.1 <3.3.5,Not available,2018-06-25 acorn,Regular Expression Denial of Service (ReDoS),H,">=5.5.0 <5.7.4,>=6.0.0 <6.4.1,>=7.0.0 <7.1.1",Not available,2020-03-07 lodash.merge,Prototype Pollution,H,<4.6.2,Not available,2019-02-01 lodash.merge,Prototype Pollution,M,<4.6.2,Not available,2018-02-14 electron,Use After Free,H,"<8.5.4,>=9.0.0 <10.1.6,>=11.0.0 <11.0.1",Not available,2020-11-19 electron,Heap-based Buffer Overflow,H,"<8.5.3,>=9.0.0-beta.1 <9.3.3,>=10.0.0-beta.1 <10.1.5",Not available,2020-10-21 electron,Improper Restriction of Rendered UI Layers or Frames,M,">=8.0.0-beta.0 <8.5.1,>=9.0.0-beta.0 <9.3.0,>=10.0.0-beta.0 <10.0.1,>=11.0.0-beta.0 <11.0.0-beta.1",Not available,2020-10-07 electron,Improper Access Control,M,">=8.0.0-beta.0 <8.5.2,>=9.0.0-beta.0 <9.3.1,>=10.0.0-beta.0 <10.1.2,>=11.0.0-beta.0 <11.0.0-beta.6",Not available,2020-10-07 electron,Use After Free,H,">=7.0.0 <7.3.3,>=8.0.0 <8.5.1,>=9.0.0 <9.2.2",Not available,2020-07-29 electron,Use After Free,H,">=7.0.0 <7.3.3,>=8.0.0 <8.5.1,>=9.0.0 <9.2.1",Not available,2020-07-29 electron,Type Confusion,H,>=9.0.0 <9.2.1,Not available,2020-07-29 electron,Arbitrary File Read,M,"<7.2.4,>=8.0.0 <8.2.4",Not available,2020-07-07 electron,Privilege Escalation,H,"<7.2.4,>=8.0.0 <8.2.4",Not available,2020-07-07 electron,Privilege Escalation,H,"<7.2.4,>=8.0.0 <8.2.4",Not available,2020-07-07 electron,Privilege Escalation,H,"<6.1.11,>=7.0.0 <7.2.4,>=8.0.0 <8.2.4",Not available,2020-07-07 electron,Use After Free,H,<8.3.1,Not available,2020-05-20 electron,Type Confusion,H,<7.3.1,Not available,2020-05-20 electron,Buffer Overflow,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-15 electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-15 electron,Improper Validation,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-15 electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-15 electron,Type Confusion,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-07 electron,Out-of-bounds Write,H,">=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-05-07 electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-04-29 electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0,>=8.0.0 <8.3.0",Not available,2020-04-29 electron,Use After Free,H,">=6.0.0 <6.1.12,>=7.0.0 <7.3.0",Not available,2020-04-17 electron,Use After Free,H,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0 <8.2.0",Not available,2020-04-15 electron,Use After Free,H,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.2.0",Not available,2020-04-15 electron,Buffer Underflow,M,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.2.0",Not available,2020-04-15 electron,Use After Free,M,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.2.1",Not available,2020-04-15 electron,Use After Free,H,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.0.0-beta.6",Not available,2020-04-15 electron,Use After Free,H,"<6.1.10,>=7.0.0 <7.2.2,>=8.0.0-beta.1 <8.2.1",Not available,2020-04-15 electron,Site Isolation Bypass,H,"<7.2.2,>=8.0.0-beta.1 <8.2.1",Not available,2020-04-15 web3,Insecure Credential Storage,L,*,Not available,2019-04-28 sequelize,Denial of Service (DoS),M,<4.44.4,Not available,2020-01-23 sequelize,SQL Injection,H,">=4.0.0 <4.44.3,>=5.0.0 <5.15.1",Not available,2019-08-19 sequelize,SQL Injection,H,<3.35.1,Not available,2019-06-21 sequelize,SQL Injection,H,">=3.0.0 <3.35.1,>=4.0.0 <4.44.3,>=5.0.0 <5.8.11",Not available,2019-06-21 sequelize,SQL Injection,M,>=5.0.0 <5.3.0,Not available,2019-04-11 sequelize,Hash Injection,H,<4.12.0,Not available,2019-04-07 sequelize,SQL Injection,M,<3.12.1,Not available,2017-02-13 sequelize,SQL Injection,H,>=3.4.0 <3.23.6,Available,2016-07-18 sequelize,SQL Injection,M,>=0.2.2 <1.7.0-alpha3,Not available,2016-04-01 sequelize,SQL Injection,M,<2.1.4,Not available,2016-04-01 sequelize,Remote Memory Exposure,M,<3.17.2,Available,2016-04-01 sequelize,SQL Injection,H,>=0.2.2 <3.13.17,Available,2016-04-01 sequelize,SQL Injection,M,<3.20.0,Available,2016-04-01 sequelize,SQL Injection,H,<2.0.0-rc8,Available,2015-01-18 bunyan,Remote Code Execution (RCE),M,"<1.8.13,>=2.0.0 <2.0.3",Not available,2020-06-24 chromedriver,Resources Downloaded over Insecure Protocol,H,<2.25.2,Not available,2016-12-20 ip,Uninitialized Memory Exposure,M,<1.1.5,Not available,2017-06-04 clean-css,Regular Expression Denial of Service (ReDoS),L,<4.1.11,Not available,2018-03-07 codemirror,Regular Expression Denial of Service (ReDoS),M,<5.58.2,Not available,2020-10-30 codemirror,Regular Expression Denial of Service (ReDoS),L,<5.54.0,Not available,2020-05-28 http-proxy,Denial of Service (DoS),M,<1.18.1,Not available,2020-05-16 http-proxy,Regular Expression Denial of Service (ReDoS),M,<0.7.0,Not available,2017-02-13 serve,Directory Traversal,H,<11.0.0,Not available,2019-05-19 serve,Directory Traversal,H,<7.1.3,Not available,2018-08-21 serve,Information Exposure,H,<7.0.0,Not available,2018-06-03 serve,Information Exposure,H,<6.5.2,Not available,2018-03-18 serve,Directory Traversal,M,<6.4.9,Not available,2018-01-25 serve,Directory Traversal,H,"<5.2.0,>=5.2.1 <5.2.2",Not available,2017-06-12 hapi,Denial of Service (DoS),H,*,Not available,2020-02-17 hapi,Denial of Service (DoS),M,<16.1.1 >=15.0.0,Not available,2017-04-06 hapi,Cross-site Scripting (XSS),M,<0.16.0,Not available,2016-11-22 hapi,Potentially loose security restrictions,L,<11.1.4,Not available,2016-01-05 hapi,Denial of Service (DoS),H,<11.1.3,Not available,2015-12-24 hapi,CORS Bypass,L,<11.0.0,Not available,2015-11-06 hapi,Denial of Service (DoS),H,>=2.0.0 <2.2.0,Not available,2014-07-08 hapi,Rosetta-flash jsonp vulnerability,M,< 6.1.0,Available,2014-07-08 tar,Arbitrary File Overwrite,H,"<2.2.2,>=3.0.0 <4.4.2",Not available,2019-04-07 tar,Symlink File Overwrite,H,>0.0.1 <2.0.0,Available,2015-11-06 knex,SQL Injection,H,<0.19.5,Not available,2019-10-07 knex,SQL Injection,M,"<0.6.23,>=0.7.0 <0.7.6",Not available,2016-12-20 express-validator,Filter Bypass,M,>=4.2.1 <6.0.0,Not available,2019-05-28 diff,Regular Expression Denial of Service (ReDoS),H,>=3.0.0 <3.5.0,Not available,2018-03-06 nunjucks,Cross-site Scripting (XSS),H,<2.4.3,Not available,2016-09-09 preact,Deserialization of Untrusted Data,M,>=10.0.0-alpha.0 <10.0.0-beta.1,Not available,2019-04-23 merge,Prototype Pollution,H,<2.1.0,Not available,2020-11-16 merge,Prototype Pollution,L,<1.2.1,Not available,2018-11-04 canvas,Denial of Service (DoS),M,<1.6.10,Not available,2019-04-07 ms,Regular Expression Denial of Service (ReDoS),L,>=0.7.1 <2.0.0,Available,2017-05-15 ms,Regular Expression Denial of Service (ReDoS),M,<0.7.1,Available,2015-11-06 bcrypt,Insecure Encryption,H,<5.0.0,Not available,2020-07-01 bcrypt,Cryptographic Issues,M,<5.0.0,Not available,2020-07-01 mysql2,Man in The Middle (MiTM),M,<1.0.0-rc.1,Not available,2019-11-28 xlsx,Regular Expression Denial of Service (ReDoS),L,<0.16.0,Not available,2020-07-17 xlsx,Regular Expression Denial of Service (ReDoS),L,<0.12.2,Not available,2018-02-22 svelte,Cross-site Scripting (XSS),M,<2.9.8,Not available,2020-04-06 backbone,Cross-site Scripting (XSS),M,<0.1.2,Not available,2016-06-22 backbone,Cross-site Scripting (XSS),M,<0.5.0,Available,2015-11-06 i18next,Prototype Pollution,M,<19.8.3,Not available,2020-07-19 i18next,Buffer Overflow,M,<19.5.5,Not available,2020-07-09 i18next,Cross-site Scripting (XSS),M,>=2.0.0 <3.4.4,Not available,2017-02-13 i18next,Cross-site Scripting (XSS),M,<1.10.3,Not available,2017-02-13 chart.js,Prototype Pollution,H,<2.9.4,Not available,2020-10-19 mqtt,Denial of Service (DoS),M,>=2.0.0 <2.15.0,Not available,2018-01-03 mqtt,Denial of Service (DoS),H,<1.0.0,Not available,2016-08-17 next,Arbitrary File Read,H,<5.1.0,Not available,2020-06-10 next,Path Traversal,M,<9.3.2,Not available,2020-03-30 next,Cross-site Scripting (XSS),M,>=7.0.0 <7.0.2,Not available,2018-10-15 next,Directory Traversal,H,<4.2.3,Not available,2018-01-31 next,Directory Traversal,H,<2.4.1,Not available,2017-11-17 next,Cross-site Scripting (XSS),M,<2.4.3,Not available,2017-06-13 next,Directory Traversal,H,"<2.4.1,>=3.0.0-beta1 <3.0.0-beta7",Not available,2017-06-12 boom,Cross-site Scripting (XSS),M,<0.3.0,Not available,2016-10-05 hoek,Prototype Pollution,M,"<4.2.1,>=5.0.0 <5.0.3",Available,2018-02-14 hoek,Cross-site Scripting (XSS),M,<0.7.3,Not available,2016-11-10 url-parse,Improper Input Validation,H,<1.4.5,Not available,2020-01-27 url-parse,Open Redirect,H,<1.4.3,Not available,2018-07-31 adm-zip,Arbitrary File Write via Archive Extraction (Zip Slip),H,<0.4.11,Not available,2018-05-31 restify,Cross-site Scripting (XSS),M,<4.1.0 >=2.0.0,Not available,2017-02-13 protobufjs,Regular Expression Denial of Service (ReDoS),H,"<5.0.3,>=6.0.0 <6.8.6",Not available,2018-03-05 rollup-plugin-serve,Directory Traversal,H,*,Not available,2020-06-20 elliptic,Cryptographic Issues,H,<6.5.3,Not available,2020-06-17 elliptic,Timing Attack,M,<6.5.2,Not available,2019-11-13 yarn,Improper Integrity Checks,H,<1.19,Not available,2020-02-26 yarn,Arbitrary File Overwrite,M,<1.22.0,Not available,2020-02-15 yarn,Arbitrary File Write,L,<1.21.1,Not available,2019-12-13 yarn,Man-in-the-Middle (MitM),H,<1.17.3,Not available,2019-07-15 googleapis,Improper Authorization,H,>=36.0.0 <39.1.0,Not available,2019-08-21 googleapis,Improper Authorization,M,>=36.0.0 <39.1.0,Not available,2019-07-16 method-override,Regular Expression Denial of Service (ReDoS),H,>1.0.2 <2.3.10,Not available,2017-09-28 deep-extend,Prototype Pollution,H,<0.5.1,Not available,2018-04-25 typeorm,Prototype Pollution,H,<0.2.25,Not available,2020-07-26 typeorm,SQL Injection,H,<0.1.15,Not available,2019-04-07 gm,Remote Shell Command Injection,M,<=1.20.0,Available,2015-11-06 object-path,Prototype Pollution,H,<0.11.5,Not available,2020-08-20 yargs-parser,Prototype Pollution,M,"<5.0.0-security.0,>5.0.0-security.0 <13.1.2,>=14.0.0 <15.0.1,>=16.0.0 <18.1.1",Not available,2020-03-16 vuetify,Cross-site Scripting (XSS),M,<2.1.9,Not available,2019-10-29 quill,Reverse Tabnabbing,M,<1.3.7,Not available,2019-08-27 quill,Reverse Tabnabbing,M,<1.3.7,Not available,2019-07-08 quill,Arbitrary Code Execution,M,>=1.0.0-beta.0 <1.0.4,Not available,2017-02-28 flat,Prototype Pollution,M,">=5.0.0 <5.0.2,>=4.0.0 <4.1.1,>=3.0.0 <3.0.1,>=2.0.0 <2.0.2,>=5.0.0 <5.0.2,<1.6.2",Not available,2020-07-30 pm2,Command Injection,M,<4.3.0,Not available,2019-10-25 pm2,Command Injection,M,<4.3.0,Not available,2019-10-25 serialize-javascript,Arbitrary Code Injection,H,<3.1.0,Not available,2020-06-01 serialize-javascript,Cross-site Scripting (XSS),H,<2.1.1,Not available,2019-12-05 node-forge,Prototype Pollution,H,<0.10.0,Not available,2020-09-01 node-forge,Regular Expression Denial of Service (ReDoS),M,<0.7.4,Not available,2018-02-26 node-forge,Timing Attack,M,<0.6.33,Not available,2016-12-26 atob,Uninitialized Memory Exposure,M,<2.1.0,Not available,2018-04-30 showdown,Reverse Tabnabbing,L,<1.9.1,Not available,2019-10-01 grpc,Prototype Pollution,H,<1.24.4,Not available,2020-11-11 csv-parse,Regular Expression Denial of Service (ReDoS),M,<4.4.6,Not available,2019-09-20 string,Regular Expression Denial of Service (ReDoS),M,*,Not available,2017-09-26 fastify,Denial of Service (DoS),M,<2.15.1,Not available,2020-07-30 fastify,Denial of Service (DoS),M,">=2.0.0 <2.15.1,>=3.0.0-alpha.1 <3.0.0-rc.5",Not available,2020-07-29 fastify,Prototype Pollution,H,<1.0.5,Not available,2020-02-28 fastify,Denial of Service (DoS),H,<0.38.0,Not available,2018-01-25 tough-cookie,Regular Expression Denial of Service (ReDoS),M,<2.3.3,Available,2017-09-21 tough-cookie,Regular Expression Denial of Service (ReDoS),H,>=0.9.7 <2.3.0,Available,2016-07-22 koa-body,Directory Traversal,H,<3.0.0,Not available,2018-05-16 jscover,Command Injection,M,*,Not available,2020-04-02 cryptr,Insufficient Entropy,M,<6.0.0,Not available,2019-02-26 docsify,Cross-site Scripting (XSS),H,<4.11.4,Not available,2020-06-26 lazysizes,Cross-site Scripting (XSS),M,<5.2.1-rc1,Not available,2020-04-21 hapi-auth-jwt2,Authentication Bypass in Try Mode,H,<5.1.2,Not available,2016-01-28 vue-moment,Outdated Static Dependency,M,<4.1.0,Not available,2019-12-23 google-closure-library,Insufficient Validation,M,<20200315.0.0,Not available,2020-03-26 google-closure-library,Cross-site Scripting (XSS),M,>=20190121.0.0 <20190301.0.0,Not available,2019-04-25 cached-path-relative,Prototype Pollution,H,<1.0.2,Not available,2018-11-08 webtorrent,Cross-site Scripting (XSS),L,<0.107.6,Not available,2019-08-29 webtorrent,DNS Rebinding,L,<0.105.2,Not available,2019-07-31 handsontable,Cross-site Scripting (XSS),M,<8.2.0,Not available,2020-11-13 semantic-ui,Cross-site Scripting (XSS),M,*,Not available,2019-05-14 semantic-ui,Cross-site Scripting (XSS),M,<2.2.8,Not available,2017-06-21 semantic-ui,Cross-site Scripting (XSS),M,<1.0.0,Not available,2017-06-21 plotly.js,Cross-site Scripting (XSS),M,"<1.10.4,>=1.11.0 <1.16.0",Not available,2019-07-28 plotly.js,Cross-site Scripting (XSS),M,>=1.0.0 <1.2.1,Not available,2017-02-28 plotly.js,Cross-site Scripting (XSS),M,>=1.10.4 <1.16.0,Not available,2016-10-17 plotly.js,CSS Injection,L,<1.16.0,Not available,2016-10-17 faye,Improper Access Control,H,"<1.0.4,>=1.1.0 <1.1.3,>=1.2.0 <1.2.5",Not available,2020-04-28 faye,Cross-Site Request Forgery (CSRF),H,<1.1.0,Not available,2020-04-23 faye,Insecure Defaults,M,<0.8.9 >=0.5.0,Not available,2017-03-28 react-svg,Cross-site Scripting (XSS),H,<2.2.18,Not available,2018-05-02 jsonpointer,Prototype Pollution,H,<4.1.0,Not available,2020-08-17 chownr,Time of Check Time of Use (TOCTOU),M,<1.1.0,Not available,2018-07-31 egg-scripts,Arbitrary Command Injection,H,<2.8.1,Not available,2018-08-27 stringstream,Uninitialized Memory Exposure,M,<0.0.6,Available,2018-05-13 vega,Cross-site Scripting (XSS),M,<2.4.0,Not available,2017-03-13 ag-grid,Cross-site Scripting (XSS),M,>=13.0.0 <14.0.0,Not available,2018-06-03 ag-grid,HTML Injection,M,>=3.3.0 <5.0.0-alpha.0,Not available,2017-03-16 syntax-error,Potential Script Injection,M,< 1.1.1,Not available,2014-07-15 squel,SQL Injection,M,*,Not available,2018-05-09 openpgp,Cryptographic Issues,M,<0.10.0,Not available,2020-05-18 openpgp,Invalid Curve Attack,H,<4.2.1,Not available,2019-08-22 openpgp,Improper Authentication,M,<4.2.0,Not available,2019-08-22 openpgp,Message Signature Bypass,M,<4.2.0,Not available,2019-08-22 gatsby-cli,Resources Downloaded over Insecure Protocol,M,<1.0.9,Not available,2018-03-01 express-basic-auth,Timing Attack,L,<1.1.7,Not available,2019-04-16 mariadb,Malicious Package,H,<= 1.0.2,Not available,2017-08-02 generate-password,Cryptographic Backdoor,M,<1.4.1,Not available,2019-01-10 kerberos,DLL Injection,H,<1.0.0,Not available,2020-05-12 mosca,Regular Expression Denial of Service (ReDoS),H,<2.8.2,Not available,2018-08-30 assign-deep,Prototype Pollution,H,">=1.0.0 <1.0.1,<0.4.8",Not available,2019-06-20 assign-deep,Prototype Pollution,M,<0.4.7,Not available,2018-02-16 botkit,Denial of Service (DoS),M,<0.4.4,Not available,2017-12-25 hawk,Regular Expression Denial of Service (ReDoS),L,"<3.1.3,>=4.0.0 <4.1.1",Available,2016-01-19 npmconf,Uninitialized Memory Exposure,H,<2.1.3,Not available,2018-05-13 remove-markdown,Regular Expression Denial of Service (ReDoS),M,*,Not available,2019-01-29 uikit,Regular Expression Denial of Service (ReDoS),M,>=2.0.0 <2.26.4,Not available,2017-05-08 svg2png,Cross-site Scripting (XSS),M,*,Not available,2020-04-19 simpl-schema,Prototype Pollution,H,<1.10.2,Not available,2020-10-07 simpl-schema,Regular Expression Denial of Service (ReDoS),H,<1.5.0,Not available,2018-04-15 c3,Cross-site Scripting (XSS),M,<0.4.11,Not available,2016-08-17 http-auth,Authentication Bypass,H,<3.2.4,Not available,2019-10-03 ag-grid-community,Cross-site Scripting (XSS),M,<14.0.0,Not available,2019-06-05 @ckeditor/ckeditor5-link,Cross-site Scripting (XSS),M,<10.0.1,Not available,2019-08-27