Known vulnerabilities
+Dependencies
+Last updated
++ critical +
++ high +
++ moderate +
++ low +
++ info +
+| Name | +Module | +Severity | +CVEs | +
|---|---|---|---|
| + Regular Expression Denial of Service + | ++ ssri + | +moderate | ++ CWE-400 + | +
| + Regular Expression Denial of Service + | ++ braces + | +low | ++ CWE-185 + | +
| + Denial of Service + | ++ js-yaml + | +moderate | ++ CWE-400 + | +
| + Arbitrary File Overwrite + | ++ tar + | +high | ++ CWE-59 + | +
| + Code Injection + | ++ js-yaml + | +high | ++ CWE-94 + | +
| + Prototype Pollution + | ++ set-value + | +high | ++ CWE-471 + , CVE-2019-10747 + | +
| + Prototype Pollution + | ++ mixin-deep + | +high | ++ CWE-471 + , CVE-2019-10746 + | +
| + Prototype Pollution + | ++ lodash + | +high | ++ CWE-471 + , CVE-2019-10744 + | +
| + Denial of Service + | ++ mem + | +low | ++ CWE-400 + | +
| + Prototype Pollution + | ++ minimist + | +low | ++ CWE-471 + | +
| + Prototype Pollution + | ++ dot-prop + | +high | ++ CWE-471 + , CVE-2020-8116 + | +
| + Cross-Site Scripting + | ++ serialize-javascript + | +moderate | ++ CWE-79 + , CVE-2019-16769 + | +
| + Denial of Service + | ++ http-proxy + | +high | ++ CWE-400 + | +
| + Validation Bypass + | ++ kind-of + | +low | ++ CWE-20 + | +
| + Prototype Pollution + | ++ yargs-parser + | +low | ++ CWE-471 + | +
| + Prototype Pollution + | ++ lodash + | +low | ++ CWE-471 + , CVE-2019-10744 + | +
| + Signature Malleability + | ++ elliptic + | +high | ++ CWE-310 + , CVE-2020-13822 + | +
| + Remote Code Execution + | ++ serialize-javascript + | +high | ++ CWE- + | +
| + Denial of Service + | ++ node-fetch + | +low | ++ CWE-400 + , CVE-2020-15168 + | +
| + Prototype Pollution in node-forge + | ++ node-forge + | +high | ++ CWE-20 + , CVE-2020-7720 + | +
| + Prototype Pollution + | ++ ini + | +low | ++ CWE-471 + | +
| + Server-Side Request Forgery + | ++ axios + | +high | ++ CWE-918 + , CVE-2020-28168 + | +
| + Prototype Pollution + | ++ immer + | +high | ++ CWE-1321 + , CVE-2020-28477 + | +
| + Use of a Broken or Risky Cryptographic Algorithm + | ++ elliptic + | +moderate | ++ CWE-327 + , CVE-2020-28498 + | +
| + Prototype Pollution + | ++ y18n + | +high | ++ CWE-1321 + , CVE-2020-7774 + | +
| + Prototype Pollution + | ++ merge + | +high | ++ CWE-915 + , CVE-2020-28499 + | +
| + Remote code execution when compiling templates + | ++ handlebars + | +critical | ++ CWE-94 + , CVE-2021-23369 + | +
| + Command Injection + | ++ lodash + | +high | ++ CWE-77 + , CVE-2021-23337 + | +
| + Regular Expression Denial of Service + | ++ hosted-git-info + | +moderate | ++ CWE-400 + , CVE-2021-23362 + | +
| + Path traversal + | ++ url-parse + | +high | ++ CWE-23 + , CVE-2021-27515 + | +
| + Regular Expression Denial of Service + | ++ ua-parser-js + | +high | ++ CWE-400 + , CVE-2021-27292 + | +
| + Prototype Pollution in property-expr + | ++ property-expr + | +high | ++ CWE-20 + , CVE-2020-7707 + | +
| + Regular Expression Denial of Service + | ++ postcss + | +moderate | ++ CWE-400 + , CVE-2021-23368 + | +
| + Regular Expression Denial of Service in trim + | ++ trim + | +high | ++ CWE-400 + , CVE-2020-7753 + | +
| + Regular Expression Denial of Service + | ++ websocket-extensions + | +moderate | ++ CWE-400 + , CVE-2020-7662 + | +
| + Memory Exposure + | ++ dns-packet + | +high | ++ CWE-908 + , CVE-2021-23386 + | +
| + Regular Expression Denial of Service + | ++ browserslist + | +moderate | ++ CWE-400 + , CVE-2021-23364 + | +
| + Regular Expression Denial of Service + | ++ ws + | +moderate | ++ CWE-400 + , CVE-2021-32640 + | +
| + Regular expression denial of service + | ++ glob-parent + | +moderate | ++ CWE-400 + , CVE-2020-28469 + | +
| + Prototype Pollution + | ++ merge-deep + | +moderate | ++ CWE-1321 + , CVE-2021-26707 + | +
| + Regular Expression Denial of Service + | ++ trim-newlines + | +high | ++ CWE-400 + , CVE-2021-33623 + | +
| + Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization + | ++ tar + | +high | ++ CWE-22 + , CVE-2021-32804 + | +
| + Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning + | ++ tar + | +high | ++ CWE-22 + , CVE-2021-32803 + | +
| + Regular Expression Denial of Service in path-parse + | ++ path-parse + | +moderate | ++ CWE-400 + , CVE-2021-23343 + | +
| + Open Redirect + | ++ url-parse + | +moderate | ++ CWE-601 + , CVE-2021-3664 + | +
| + Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links + | ++ tar + | +high | ++ CWE-22 + , CVE-2021-37701 + | +
| + Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links + | ++ tar + | +high | ++ CWE-22 + , CVE-2021-37712 + | +
| + Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization + | ++ tar + | +high | ++ CWE-22 + , CVE-2021-37713 + | +