Created
June 21, 2019 00:56
-
-
Save djsauble/fb452a215080cb1196ea0a1fc70b742d to your computer and use it in GitHub Desktop.
Running auditjs (OSS Index) against JuiceShop (commit 9259b8e9)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ auditjs | |
| No YAML parser loaded. Suggest adding js-yaml dependency to your package.json file. | |
| ------------------------------------------------------------ | |
| [1/1061] nodejs 9.9.0 [VULNERABLE] 8 known vulnerabilities affecting installed version | |
| [CVE-2018-7160] The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack ... | |
| The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. | |
| ID: 4b9ebd46-095f-484d-b6a5-611b13edfc43 | |
| Details: https://ossindex.sonatype.org/vuln/4b9ebd46-095f-484d-b6a5-611b13edfc43 | |
| [CVE-2018-7159] Improper Input Validation | |
| The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete. | |
| ID: 9cc431eb-6510-4ec8-ada8-47780fbf287c | |
| Details: https://ossindex.sonatype.org/vuln/9cc431eb-6510-4ec8-ada8-47780fbf287c | |
| [CVE-2018-7167] Improper Restriction of Operations within the Bounds of a Memory Buffer | |
| Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable. | |
| ID: 15d46dd6-9da0-4f85-9d7e-fa3068412a85 | |
| Details: https://ossindex.sonatype.org/vuln/15d46dd6-9da0-4f85-9d7e-fa3068412a85 | |
| [CVE-2018-7164] Uncontrolled Resource Consumption ("Resource Exhaustion") | |
| Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour. | |
| ID: 9ade1078-85ca-4898-afda-99eb181f5b9b | |
| Details: https://ossindex.sonatype.org/vuln/9ade1078-85ca-4898-afda-99eb181f5b9b | |
| [CVE-2018-7162] Improper Input Validation | |
| All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation. | |
| ID: 0cbec91a-e3f7-4464-92cc-9c1794bbb2f5 | |
| Details: https://ossindex.sonatype.org/vuln/0cbec91a-e3f7-4464-92cc-9c1794bbb2f5 | |
| [CVE-2018-7161] Improper Input Validation | |
| All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation. | |
| ID: 52b87802-a167-4001-9b5c-8d405a65a734 | |
| Details: https://ossindex.sonatype.org/vuln/52b87802-a167-4001-9b5c-8d405a65a734 | |
| [CVE-2018-1000168] Improper Input Validation, NULL Pointer Dereference | |
| nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. | |
| ID: 8a0c1adf-93c6-4986-96af-9b744b2eda07 | |
| Details: https://ossindex.sonatype.org/vuln/8a0c1adf-93c6-4986-96af-9b744b2eda07 | |
| CWE-770: Allocation of Resources Without Limits or Throttling | |
| The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy for that actor. | |
| ID: da7a1fb7-07c1-4066-a3b4-7c4d88823517 | |
| Details: https://ossindex.sonatype.org/vuln/da7a1fb7-07c1-4066-a3b4-7c4d88823517 | |
| ------------------------------------------------------------ | |
| [2/1061] body-parser 1.18.3 No known vulnerabilities against package/version... | |
| [3/1061] clarinet 0.12.3 No known vulnerabilities against package/version... | |
| [4/1061] request 2.88.0 No known vulnerabilities against package/version... | |
| [5/1061] colors 1.3.3 No known vulnerabilities against package/version... | |
| [6/1061] concurrently 4.1.0 No known vulnerabilities against package/version... | |
| [7/1061] semver 5.6.0 No known vulnerabilities against package/version... | |
| [8/1061] cookie-parser 1.4.4 No known vulnerabilities against package/version... | |
| [9/1061] cors 2.8.5 No known vulnerabilities against package/version... | |
| [10/1061] dottie 2.0.1 No known vulnerabilities against package/version... | |
| [11/1061] download 7.1.0 No known vulnerabilities against package/version... | |
| [12/1061] bytes 3.0.0 No known vulnerabilities against package/version... | |
| [13/1061] content-type 1.0.4 No known vulnerabilities against package/version... | |
| [14/1061] debug 2.6.9 No known vulnerabilities against package/version... | |
| [15/1061] ms 2.0.0 No known vulnerabilities against package/version... | |
| [16/1061] depd 1.1.2 No known vulnerabilities against package/version... | |
| [17/1061] http-errors 1.6.3 No known vulnerabilities against package/version... | |
| [18/1061] inherits 2.0.3 No known vulnerabilities against package/version... | |
| [19/1061] setprototypeof 1.1.0 No known vulnerabilities against package/version... | |
| [20/1061] statuses 1.5.0 No known vulnerabilities against package/version... | |
| [21/1061] iconv-lite 0.4.23 No known vulnerabilities against package/version... | |
| [22/1061] safer-buffer 2.1.2 No known vulnerabilities against package/version... | |
| [23/1061] on-finished 2.3.0 No known vulnerabilities against package/version... | |
| [24/1061] ee-first 1.1.1 No known vulnerabilities against package/version... | |
| [25/1061] qs 6.5.2 No known vulnerabilities against package/version... | |
| [26/1061] raw-body 2.3.3 No known vulnerabilities against package/version... | |
| [27/1061] unpipe 1.0.0 No known vulnerabilities against package/version... | |
| [28/1061] type-is 1.6.18 No known vulnerabilities against package/version... | |
| [29/1061] media-typer 0.3.0 No known vulnerabilities against package/version... | |
| [30/1061] mime-types 2.1.24 No known vulnerabilities against package/version... | |
| [31/1061] chai 4.2.0 No known vulnerabilities against package/version... | |
| [32/1061] assertion-error 1.1.0 No known vulnerabilities against package/version... | |
| [33/1061] check-error 1.0.2 No known vulnerabilities against package/version... | |
| [34/1061] deep-eql 3.0.1 No known vulnerabilities against package/version... | |
| [35/1061] type-detect 4.0.8 No known vulnerabilities against package/version... | |
| [36/1061] get-func-name 2.0.0 No known vulnerabilities against package/version... | |
| [37/1061] pathval 1.1.0 No known vulnerabilities against package/version... | |
| [38/1061] codeclimate-test-reporter 0.5.1 No known vulnerabilities against package/version... | |
| [39/1061] async 1.5.2 No known vulnerabilities against package/version... | |
| [40/1061] commander 2.9.0 No known vulnerabilities against package/version... | |
| [41/1061] graceful-readlink 1.0.1 No known vulnerabilities against package/version... | |
| [42/1061] lcov-parse 0.0.10 No known vulnerabilities against package/version... | |
| [43/1061] chalk 2.4.2 No known vulnerabilities against package/version... | |
| [44/1061] ansi-styles 3.2.1 No known vulnerabilities against package/version... | |
| [45/1061] color-convert 1.9.3 No known vulnerabilities against package/version... | |
| [46/1061] color-name 1.1.3 No known vulnerabilities against package/version... | |
| [47/1061] supports-color 5.5.0 No known vulnerabilities against package/version... | |
| [48/1061] has-flag 3.0.0 No known vulnerabilities against package/version... | |
| [49/1061] escape-string-regexp 1.0.5 No known vulnerabilities against package/version... | |
| [50/1061] date-fns 1.30.1 No known vulnerabilities against package/version... | |
| [51/1061] lodash 4.17.11 No known vulnerabilities against package/version... | |
| [52/1061] read-pkg 4.0.1 No known vulnerabilities against package/version... | |
| [53/1061] normalize-package-data 2.5.0 No known vulnerabilities against package/version... | |
| [54/1061] hosted-git-info 2.7.1 No known vulnerabilities against package/version... | |
| [55/1061] resolve 1.11.0 No known vulnerabilities against package/version... | |
| [56/1061] validate-npm-package-license 3.0.4 No known vulnerabilities against package/version... | |
| [57/1061] spdx-correct 3.1.0 No known vulnerabilities against package/version... | |
| [58/1061] spdx-expression-parse 3.0.0 No known vulnerabilities against package/version... | |
| [59/1061] spdx-license-ids 3.0.4 No known vulnerabilities against package/version... | |
| [60/1061] parse-json 4.0.0 No known vulnerabilities against package/version... | |
| [61/1061] error-ex 1.3.2 No known vulnerabilities against package/version... | |
| [62/1061] is-arrayish 0.2.1 No known vulnerabilities against package/version... | |
| [63/1061] json-parse-better-errors 1.0.2 No known vulnerabilities against package/version... | |
| [64/1061] pify 3.0.0 No known vulnerabilities against package/version... | |
| [65/1061] rxjs 6.5.2 No known vulnerabilities against package/version... | |
| [66/1061] tslib 1.10.0 No known vulnerabilities against package/version... | |
| [67/1061] spawn-command 0.0.2-1 No known vulnerabilities against package/version... | |
| [68/1061] supports-color 4.5.0 No known vulnerabilities against package/version... | |
| [69/1061] has-flag 2.0.0 No known vulnerabilities against package/version... | |
| [70/1061] tree-kill 1.2.1 No known vulnerabilities against package/version... | |
| [71/1061] yargs 12.0.5 No known vulnerabilities against package/version... | |
| [72/1061] cliui 4.1.0 No known vulnerabilities against package/version... | |
| [73/1061] string-width 2.1.1 No known vulnerabilities against package/version... | |
| [74/1061] strip-ansi 4.0.0 No known vulnerabilities against package/version... | |
| [75/1061] wrap-ansi 2.1.0 No known vulnerabilities against package/version... | |
| [76/1061] string-width 1.0.2 No known vulnerabilities against package/version... | |
| [77/1061] code-point-at 1.1.0 No known vulnerabilities against package/version... | |
| [78/1061] is-fullwidth-code-point 1.0.0 No known vulnerabilities against package/version... | |
| [79/1061] number-is-nan 1.0.1 No known vulnerabilities against package/version... | |
| [80/1061] strip-ansi 3.0.1 No known vulnerabilities against package/version... | |
| [81/1061] decamelize 1.2.0 No known vulnerabilities against package/version... | |
| [82/1061] find-up 3.0.0 No known vulnerabilities against package/version... | |
| [83/1061] locate-path 3.0.0 No known vulnerabilities against package/version... | |
| [84/1061] p-locate 3.0.0 No known vulnerabilities against package/version... | |
| [85/1061] p-limit 2.2.0 No known vulnerabilities against package/version... | |
| [86/1061] p-try 2.2.0 No known vulnerabilities against package/version... | |
| [87/1061] path-exists 3.0.0 No known vulnerabilities against package/version... | |
| [88/1061] get-caller-file 1.0.3 No known vulnerabilities against package/version... | |
| [89/1061] os-locale 3.1.0 No known vulnerabilities against package/version... | |
| [90/1061] execa 1.0.0 No known vulnerabilities against package/version... | |
| [91/1061] cross-spawn 6.0.5 No known vulnerabilities against package/version... | |
| [92/1061] get-stream 4.1.0 No known vulnerabilities against package/version... | |
| [93/1061] pump 3.0.0 No known vulnerabilities against package/version... | |
| [94/1061] end-of-stream 1.4.1 No known vulnerabilities against package/version... | |
| [95/1061] once 1.4.0 No known vulnerabilities against package/version... | |
| [96/1061] is-stream 1.1.0 No known vulnerabilities against package/version... | |
| [97/1061] npm-run-path 2.0.2 No known vulnerabilities against package/version... | |
| [98/1061] path-key 2.0.1 No known vulnerabilities against package/version... | |
| [99/1061] p-finally 1.0.0 No known vulnerabilities against package/version... | |
| [100/1061] signal-exit 3.0.2 No known vulnerabilities against package/version... | |
| [101/1061] strip-eof 1.0.0 No known vulnerabilities against package/version... | |
| [102/1061] lcid 2.0.0 No known vulnerabilities against package/version... | |
| [103/1061] invert-kv 2.0.0 No known vulnerabilities against package/version... | |
| [104/1061] mem 4.3.0 No known vulnerabilities against package/version... | |
| [105/1061] map-age-cleaner 0.1.3 No known vulnerabilities against package/version... | |
| [106/1061] p-defer 1.0.0 No known vulnerabilities against package/version... | |
| [107/1061] mimic-fn 2.1.0 No known vulnerabilities against package/version... | |
| [108/1061] p-is-promise 2.1.0 No known vulnerabilities against package/version... | |
| [109/1061] require-directory 2.1.1 No known vulnerabilities against package/version... | |
| [110/1061] require-main-filename 1.0.1 No known vulnerabilities against package/version... | |
| [111/1061] set-blocking 2.0.0 No known vulnerabilities against package/version... | |
| [112/1061] which-module 2.0.0 No known vulnerabilities against package/version... | |
| [113/1061] y18n 4.0.0 No known vulnerabilities against package/version... | |
| [114/1061] yargs-parser 11.1.1 No known vulnerabilities against package/version... | |
| [115/1061] config 2.0.2 No known vulnerabilities against package/version... | |
| [116/1061] json5 1.0.1 No known vulnerabilities against package/version... | |
| [117/1061] minimist 1.2.0 No known vulnerabilities against package/version... | |
| [118/1061] cookie 0.3.1 No known vulnerabilities against package/version... | |
| [119/1061] cookie-signature 1.0.6 No known vulnerabilities against package/version... | |
| [120/1061] object-assign 4.1.1 No known vulnerabilities against package/version... | |
| [121/1061] vary 1.1.2 No known vulnerabilities against package/version... | |
| [122/1061] archive-type 4.0.0 No known vulnerabilities against package/version... | |
| [123/1061] file-type 4.4.0 No known vulnerabilities against package/version... | |
| [124/1061] caw 2.0.1 No known vulnerabilities against package/version... | |
| [125/1061] get-proxy 2.1.0 No known vulnerabilities against package/version... | |
| [126/1061] npm-conf 1.1.3 No known vulnerabilities against package/version... | |
| [127/1061] config-chain 1.1.12 No known vulnerabilities against package/version... | |
| [128/1061] ini 1.3.5 No known vulnerabilities against package/version... | |
| [129/1061] proto-list 1.2.4 No known vulnerabilities against package/version... | |
| [130/1061] isurl 1.0.0 No known vulnerabilities against package/version... | |
| [131/1061] has-to-string-tag-x 1.4.1 No known vulnerabilities against package/version... | |
| [132/1061] express 4.16.4 No known vulnerabilities against package/version... | |
| [133/1061] express-jwt 0.1.3 No known vulnerabilities against package/version... | |
| [134/1061] file-stream-rotator 0.4.1 No known vulnerabilities against package/version... | |
| [135/1061] has-symbol-support-x 1.4.2 No known vulnerabilities against package/version... | |
| [136/1061] is-object 1.0.1 No known vulnerabilities against package/version... | |
| [137/1061] tunnel-agent 0.6.0 No known vulnerabilities against package/version... | |
| [138/1061] url-to-options 1.0.1 No known vulnerabilities against package/version... | |
| [139/1061] content-disposition 0.5.3 No known vulnerabilities against package/version... | |
| [140/1061] safe-buffer 5.1.2 No known vulnerabilities against package/version... | |
| [141/1061] decompress 4.2.0 No known vulnerabilities against package/version... | |
| [142/1061] decompress-tar 4.1.1 No known vulnerabilities against package/version... | |
| [143/1061] file-type 5.2.0 No known vulnerabilities against package/version... | |
| [144/1061] tar-stream 1.6.2 No known vulnerabilities against package/version... | |
| [145/1061] decompress-tarbz2 4.1.1 No known vulnerabilities against package/version... | |
| [146/1061] file-type 6.2.0 No known vulnerabilities against package/version... | |
| [147/1061] seek-bzip 1.0.5 No known vulnerabilities against package/version... | |
| [148/1061] commander 2.8.1 No known vulnerabilities against package/version... | |
| [149/1061] unbzip2-stream 1.3.3 No known vulnerabilities against package/version... | |
| [150/1061] buffer 5.2.1 No known vulnerabilities against package/version... | |
| [151/1061] base64-js 1.3.0 No known vulnerabilities against package/version... | |
| [152/1061] ieee754 1.1.13 No known vulnerabilities against package/version... | |
| [153/1061] through 2.3.8 No known vulnerabilities against package/version... | |
| [154/1061] decompress-targz 4.1.1 No known vulnerabilities against package/version... | |
| [155/1061] decompress-unzip 4.0.1 No known vulnerabilities against package/version... | |
| [156/1061] file-type 3.9.0 No known vulnerabilities against package/version... | |
| [157/1061] get-stream 2.3.1 No known vulnerabilities against package/version... | |
| [158/1061] pinkie-promise 2.0.1 No known vulnerabilities against package/version... | |
| [159/1061] pify 2.3.0 No known vulnerabilities against package/version... | |
| [160/1061] yauzl 2.10.0 No known vulnerabilities against package/version... | |
| [161/1061] buffer-crc32 0.2.13 No known vulnerabilities against package/version... | |
| [162/1061] fd-slicer 1.1.0 No known vulnerabilities against package/version... | |
| [163/1061] pend 1.2.0 No known vulnerabilities against package/version... | |
| [164/1061] graceful-fs 4.1.15 No known vulnerabilities against package/version... | |
| [165/1061] make-dir 1.3.0 No known vulnerabilities against package/version... | |
| [166/1061] strip-dirs 2.1.0 No known vulnerabilities against package/version... | |
| [167/1061] is-natural-number 4.0.1 No known vulnerabilities against package/version... | |
| [168/1061] get-stream 3.0.0 No known vulnerabilities against package/version... | |
| [169/1061] ext-name 5.0.0 No known vulnerabilities against package/version... | |
| [170/1061] ext-list 2.2.2 No known vulnerabilities against package/version... | |
| [171/1061] mime-db 1.40.0 No known vulnerabilities against package/version... | |
| [172/1061] sort-keys-length 1.0.1 No known vulnerabilities against package/version... | |
| [173/1061] sort-keys 1.1.2 No known vulnerabilities against package/version... | |
| [174/1061] is-plain-obj 1.1.0 No known vulnerabilities against package/version... | |
| [175/1061] file-type 8.1.0 No known vulnerabilities against package/version... | |
| [176/1061] filenamify 2.1.0 No known vulnerabilities against package/version... | |
| [177/1061] filename-reserved-regex 2.0.0 No known vulnerabilities against package/version... | |
| [178/1061] strip-outer 1.0.1 No known vulnerabilities against package/version... | |
| [179/1061] trim-repeated 1.0.0 No known vulnerabilities against package/version... | |
| [180/1061] got 8.3.2 No known vulnerabilities against package/version... | |
| [181/1061] @sindresorhus/is 0.7.0 No known vulnerabilities against package/version... | |
| [182/1061] cacheable-request 2.1.4 No known vulnerabilities against package/version... | |
| [183/1061] lowercase-keys 1.0.0 No known vulnerabilities against package/version... | |
| [184/1061] clone-response 1.0.2 No known vulnerabilities against package/version... | |
| [185/1061] mimic-response 1.0.1 No known vulnerabilities against package/version... | |
| [186/1061] http-cache-semantics 3.8.1 No known vulnerabilities against package/version... | |
| [187/1061] keyv 3.0.0 No known vulnerabilities against package/version... | |
| [188/1061] json-buffer 3.0.0 No known vulnerabilities against package/version... | |
| [189/1061] normalize-url 2.0.1 No known vulnerabilities against package/version... | |
| [190/1061] sort-keys 2.0.0 No known vulnerabilities against package/version... | |
| [191/1061] prepend-http 2.0.0 No known vulnerabilities against package/version... | |
| [192/1061] query-string 5.1.1 No known vulnerabilities against package/version... | |
| [193/1061] decode-uri-component 0.2.0 No known vulnerabilities against package/version... | |
| [194/1061] strict-uri-encode 1.1.0 No known vulnerabilities against package/version... | |
| [195/1061] responselike 1.0.2 No known vulnerabilities against package/version... | |
| [196/1061] lowercase-keys 1.0.1 No known vulnerabilities against package/version... | |
| [197/1061] decompress-response 3.3.0 No known vulnerabilities against package/version... | |
| [198/1061] duplexer3 0.1.4 No known vulnerabilities against package/version... | |
| [199/1061] into-stream 3.1.0 No known vulnerabilities against package/version... | |
| [200/1061] from2 2.3.0 No known vulnerabilities against package/version... | |
| [201/1061] readable-stream 2.3.6 No known vulnerabilities against package/version... | |
| [202/1061] p-is-promise 1.1.0 No known vulnerabilities against package/version... | |
| [203/1061] is-retry-allowed 1.1.0 No known vulnerabilities against package/version... | |
| [204/1061] p-cancelable 0.4.1 No known vulnerabilities against package/version... | |
| [205/1061] p-timeout 2.0.1 No known vulnerabilities against package/version... | |
| [206/1061] timed-out 4.0.1 No known vulnerabilities against package/version... | |
| [207/1061] url-parse-lax 3.0.0 No known vulnerabilities against package/version... | |
| [208/1061] p-event 2.3.1 No known vulnerabilities against package/version... | |
| [209/1061] epilogue-js 0.7.3 No known vulnerabilities against package/version... | |
| [210/1061] bluebird 3.5.5 No known vulnerabilities against package/version... | |
| [211/1061] inflection 1.12.0 No known vulnerabilities against package/version... | |
| [212/1061] errorhandler 1.5.1 No known vulnerabilities against package/version... | |
| [213/1061] accepts 1.3.7 No known vulnerabilities against package/version... | |
| [214/1061] negotiator 0.6.2 No known vulnerabilities against package/version... | |
| [215/1061] escape-html 1.0.3 No known vulnerabilities against package/version... | |
| [216/1061] array-flatten 1.1.1 No known vulnerabilities against package/version... | |
| [217/1061] encodeurl 1.0.2 No known vulnerabilities against package/version... | |
| [218/1061] etag 1.8.1 No known vulnerabilities against package/version... | |
| [219/1061] content-disposition 0.5.2 No known vulnerabilities against package/version... | |
| [220/1061] statuses 1.4.0 No known vulnerabilities against package/version... | |
| [221/1061] finalhandler 1.1.1 No known vulnerabilities against package/version... | |
| [222/1061] parseurl 1.3.3 No known vulnerabilities against package/version... | |
| [223/1061] fresh 0.5.2 No known vulnerabilities against package/version... | |
| [224/1061] merge-descriptors 1.0.1 No known vulnerabilities against package/version... | |
| [225/1061] methods 1.1.2 No known vulnerabilities against package/version... | |
| [226/1061] path-to-regexp 0.1.7 No known vulnerabilities against package/version... | |
| [227/1061] proxy-addr 2.0.5 No known vulnerabilities against package/version... | |
| [228/1061] forwarded 0.1.2 No known vulnerabilities against package/version... | |
| [229/1061] ipaddr.js 1.9.0 No known vulnerabilities against package/version... | |
| [230/1061] range-parser 1.2.1 No known vulnerabilities against package/version... | |
| [231/1061] send 0.16.2 No known vulnerabilities against package/version... | |
| [232/1061] destroy 1.0.4 No known vulnerabilities against package/version... | |
| [233/1061] mime 1.4.1 No known vulnerabilities against package/version... | |
| [234/1061] serve-static 1.13.2 No known vulnerabilities against package/version... | |
| [235/1061] utils-merge 1.0.1 No known vulnerabilities against package/version... | |
| ------------------------------------------------------------ | |
| [236/1061] jsonwebtoken 0.1.0 [VULNERABLE] 1 known vulnerabilities affecting installed version | |
| Verification Bypass | |
| There is a vulnerability in this module when the verification part is expecting a token digitally signed with an asymetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | |
| The issue is because this library has the very same signature to verify both type of tokens (parameter: `secretOrPublicKey`). | |
| This change adds a new parameter to the verify called `algorithms`. This can be used to specify a list of supported algorithms, but the default value depends on the secret used: if the secretOrPublicKey contains the string `BEGIN CERTIFICATE` the default is `[ 'RS256','RS384','RS512','ES256','ES384','ES512' ]` otherwise is `[ 'HS256','HS384','HS512' ]` | |
| ID: aa34c86b-8889-40c0-9acb-460005f07ea3 | |
| Details: https://ossindex.sonatype.org/vuln/aa34c86b-8889-40c0-9acb-460005f07ea3 | |
| Dependency path: /express-jwt/jsonwebtoken | |
| ------------------------------------------------------------ | |
| ------------------------------------------------------------ | |
| [237/1061] jws 0.2.6 [VULNERABLE] 1 known vulnerabilities affecting installed version | |
| Forgeable Public/Private Tokens | |
| The component 'jws' is vulnerable. | |
| A malicious user with knowledge of the public key can forge tokens that pass verification, due to a weakness caused by allowing the attacker to specify the verification function algorithm. | |
| [For all versions before 3.0.0.] | |
| ID: ffe29273-9f73-47ff-9a34-13c089c8cfb2 | |
| Details: https://ossindex.sonatype.org/vuln/ffe29273-9f73-47ff-9a34-13c089c8cfb2 | |
| Dependency path: /express-jwt/jsonwebtoken/jws | |
| ------------------------------------------------------------ | |
| ------------------------------------------------------------ | |
| [238/1061] base64url 0.0.6 [VULNERABLE] 1 known vulnerabilities affecting installed version | |
| CWE-125: Out-of-bounds Read | |
| The software reads data past the end, or before the beginning, of the intended buffer. | |
| ID: 16789607-a66c-405b-9cb5-de5474b8bd7a | |
| Details: https://ossindex.sonatype.org/vuln/16789607-a66c-405b-9cb5-de5474b8bd7a | |
| Dependency path: /express-jwt/jsonwebtoken/jws/base64url | |
| Dependency path: /express-jwt/jsonwebtoken/jws/jwa/base64url | |
| ------------------------------------------------------------ | |
| [239/1061] jwa 0.0.1 No known vulnerabilities against package/version... | |
| ------------------------------------------------------------ | |
| [240/1061] moment 2.0.0 [VULNERABLE] 3 known vulnerabilities affecting installed version | |
| [CVE-2016-4055] The duration function in the moment package before 2.11.2 for Node.js allows rem... | |
| The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | |
| ID: be1d7c12-e9e6-4460-b370-2ec9921cf915 | |
| Details: https://ossindex.sonatype.org/vuln/be1d7c12-e9e6-4460-b370-2ec9921cf915 | |
| Dependency path: /express-jwt/jsonwebtoken/moment | |
| [CVE-2017-18214] The moment module before 2.19.3 for Node.js is prone to a regular expression den... | |
| The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055. | |
| ID: 58fdd459-8d4a-4bf6-b106-ef7cff98268c | |
| Details: https://ossindex.sonatype.org/vuln/58fdd459-8d4a-4bf6-b106-ef7cff98268c | |
| Dependency path: /express-jwt/jsonwebtoken/moment | |
| CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') | |
| The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. | |
| ID: d939d5e9-46d5-4682-a6c7-756e5fea2b2b | |
| Details: https://ossindex.sonatype.org/vuln/d939d5e9-46d5-4682-a6c7-756e5fea2b2b | |
| Dependency path: /express-jwt/jsonwebtoken/moment | |
| ------------------------------------------------------------ | |
| [241/1061] express-rate-limit 3.4.1 No known vulnerabilities against package/version... | |
| [242/1061] defaults 1.0.3 No known vulnerabilities against package/version... | |
| [243/1061] clone 1.0.4 No known vulnerabilities against package/version... | |
| [244/1061] express-robots-txt 0.4.0 No known vulnerabilities against package/version... | |
| [245/1061] express-security.txt 2.0.0 No known vulnerabilities against package/version... | |
| [246/1061] moment 2.24.0 No known vulnerabilities against package/version... | |
| [247/1061] frisby 2.1.1 No known vulnerabilities against package/version... | |
| [248/1061] encoding 0.1.12 No known vulnerabilities against package/version... | |
| [249/1061] form-data 2.3.3 No known vulnerabilities against package/version... | |
| [250/1061] asynckit 0.4.0 No known vulnerabilities against package/version... | |
| [251/1061] combined-stream 1.0.8 No known vulnerabilities against package/version... | |
| [252/1061] joi 13.7.0 No known vulnerabilities against package/version... | |
| [253/1061] hoek 5.0.4 No known vulnerabilities against package/version... | |
| [254/1061] isemail 3.2.0 No known vulnerabilities against package/version... | |
| [255/1061] punycode 2.1.1 No known vulnerabilities against package/version... | |
| [256/1061] topo 3.0.3 No known vulnerabilities against package/version... | |
| [257/1061] hoek 6.1.3 No known vulnerabilities against package/version... | |
| [258/1061] node-fetch 2.6.0 No known vulnerabilities against package/version... | |
| [259/1061] fs-extra 7.0.1 No known vulnerabilities against package/version... | |
| [260/1061] jsonfile 4.0.0 No known vulnerabilities against package/version... | |
| [261/1061] universalify 0.1.2 No known vulnerabilities against package/version... | |
| [262/1061] glob 7.1.4 No known vulnerabilities against package/version... | |
| [263/1061] fs.realpath 1.0.0 No known vulnerabilities against package/version... | |
| [264/1061] inflight 1.0.6 No known vulnerabilities against package/version... | |
| [265/1061] wrappy 1.0.2 No known vulnerabilities against package/version... | |
| [266/1061] minimatch 3.0.4 No known vulnerabilities against package/version... | |
| [267/1061] brace-expansion 1.1.11 No known vulnerabilities against package/version... | |
| [268/1061] balanced-match 1.0.0 No known vulnerabilities against package/version... | |
| [269/1061] concat-map 0.0.1 No known vulnerabilities against package/version... | |
| [270/1061] path-is-absolute 1.0.1 No known vulnerabilities against package/version... | |
| [271/1061] grunt 1.0.4 No known vulnerabilities against package/version... | |
| [272/1061] coffeescript 1.10.0 No known vulnerabilities against package/version... | |
| [273/1061] dateformat 1.0.12 No known vulnerabilities against package/version... | |
| [274/1061] get-stdin 4.0.1 No known vulnerabilities against package/version... | |
| [275/1061] meow 3.7.0 No known vulnerabilities against package/version... | |
| [276/1061] camelcase-keys 2.1.0 No known vulnerabilities against package/version... | |
| [277/1061] camelcase 2.1.1 No known vulnerabilities against package/version... | |
| [278/1061] map-obj 1.0.1 No known vulnerabilities against package/version... | |
| [279/1061] loud-rejection 1.6.0 No known vulnerabilities against package/version... | |
| [280/1061] currently-unhandled 0.4.1 No known vulnerabilities against package/version... | |
| [281/1061] array-find-index 1.0.2 No known vulnerabilities against package/version... | |
| [282/1061] read-pkg-up 1.0.1 No known vulnerabilities against package/version... | |
| [283/1061] find-up 1.1.2 No known vulnerabilities against package/version... | |
| [284/1061] path-exists 2.1.0 No known vulnerabilities against package/version... | |
| [285/1061] read-pkg 1.1.0 No known vulnerabilities against package/version... | |
| [286/1061] load-json-file 1.1.0 No known vulnerabilities against package/version... | |
| [287/1061] parse-json 2.2.0 No known vulnerabilities against package/version... | |
| [288/1061] strip-bom 2.0.0 No known vulnerabilities against package/version... | |
| [289/1061] is-utf8 0.2.1 No known vulnerabilities against package/version... | |
| [290/1061] path-type 1.1.0 No known vulnerabilities against package/version... | |
| [291/1061] redent 1.0.0 No known vulnerabilities against package/version... | |
| [292/1061] indent-string 2.1.0 No known vulnerabilities against package/version... | |
| [293/1061] repeating 2.0.1 No known vulnerabilities against package/version... | |
| [294/1061] is-finite 1.0.2 No known vulnerabilities against package/version... | |
| [295/1061] strip-indent 1.0.1 No known vulnerabilities against package/version... | |
| [296/1061] trim-newlines 1.0.0 No known vulnerabilities against package/version... | |
| [297/1061] eventemitter2 0.4.14 No known vulnerabilities against package/version... | |
| [298/1061] exit 0.1.2 No known vulnerabilities against package/version... | |
| [299/1061] findup-sync 0.3.0 No known vulnerabilities against package/version... | |
| [300/1061] glob 5.0.15 No known vulnerabilities against package/version... | |
| [301/1061] grunt-known-options 1.1.1 No known vulnerabilities against package/version... | |
| [302/1061] grunt-legacy-log 2.0.0 No known vulnerabilities against package/version... | |
| [303/1061] grunt-legacy-log-utils 2.0.1 No known vulnerabilities against package/version... | |
| [304/1061] colors 1.1.2 No known vulnerabilities against package/version... | |
| [305/1061] hooker 0.2.3 No known vulnerabilities against package/version... | |
| [306/1061] grunt-legacy-util 1.1.1 No known vulnerabilities against package/version... | |
| [307/1061] getobject 0.1.0 No known vulnerabilities against package/version... | |
| [308/1061] underscore.string 3.3.5 No known vulnerabilities against package/version... | |
| [309/1061] sprintf-js 1.1.2 No known vulnerabilities against package/version... | |
| [310/1061] util-deprecate 1.0.2 No known vulnerabilities against package/version... | |
| [311/1061] which 1.3.1 No known vulnerabilities against package/version... | |
| [312/1061] glob 7.0.6 No known vulnerabilities against package/version... | |
| [313/1061] grunt-cli 1.2.0 No known vulnerabilities against package/version... | |
| [314/1061] resolve 1.1.7 No known vulnerabilities against package/version... | |
| [315/1061] nopt 3.0.6 No known vulnerabilities against package/version... | |
| [316/1061] js-yaml 3.13.1 No known vulnerabilities against package/version... | |
| [317/1061] mkdirp 0.5.1 No known vulnerabilities against package/version... | |
| [318/1061] minimist 0.0.8 No known vulnerabilities against package/version... | |
| [319/1061] rimraf 2.6.3 No known vulnerabilities against package/version... | |
| [320/1061] grunt-cli 1.3.2 No known vulnerabilities against package/version... | |
| [321/1061] nopt 4.0.1 No known vulnerabilities against package/version... | |
| [322/1061] abbrev 1.1.1 No known vulnerabilities against package/version... | |
| [323/1061] osenv 0.1.5 No known vulnerabilities against package/version... | |
| [324/1061] os-homedir 1.0.2 No known vulnerabilities against package/version... | |
| [325/1061] os-tmpdir 1.0.2 No known vulnerabilities against package/version... | |
| [326/1061] interpret 1.1.0 No known vulnerabilities against package/version... | |
| [327/1061] liftoff 2.5.0 No known vulnerabilities against package/version... | |
| [328/1061] extend 3.0.2 No known vulnerabilities against package/version... | |
| [329/1061] fined 1.2.0 No known vulnerabilities against package/version... | |
| [330/1061] expand-tilde 2.0.2 No known vulnerabilities against package/version... | |
| [331/1061] homedir-polyfill 1.0.3 No known vulnerabilities against package/version... | |
| [332/1061] is-plain-object 2.0.4 No known vulnerabilities against package/version... | |
| [333/1061] object.defaults 1.1.0 No known vulnerabilities against package/version... | |
| [334/1061] array-each 1.0.1 No known vulnerabilities against package/version... | |
| [335/1061] array-slice 1.1.0 No known vulnerabilities against package/version... | |
| [336/1061] for-own 1.0.0 No known vulnerabilities against package/version... | |
| [337/1061] isobject 3.0.1 No known vulnerabilities against package/version... | |
| [338/1061] object.pick 1.3.0 No known vulnerabilities against package/version... | |
| [339/1061] parse-filepath 1.0.2 No known vulnerabilities against package/version... | |
| [340/1061] is-absolute 1.0.0 No known vulnerabilities against package/version... | |
| [341/1061] is-relative 1.0.0 No known vulnerabilities against package/version... | |
| [342/1061] is-unc-path 1.0.0 No known vulnerabilities against package/version... | |
| [343/1061] unc-path-regex 0.1.2 No known vulnerabilities against package/version... | |
| [344/1061] is-windows 1.0.2 No known vulnerabilities against package/version... | |
| [345/1061] map-cache 0.2.2 No known vulnerabilities against package/version... | |
| [346/1061] path-root 0.1.1 No known vulnerabilities against package/version... | |
| [347/1061] path-root-regex 0.1.2 No known vulnerabilities against package/version... | |
| [348/1061] flagged-respawn 1.0.1 No known vulnerabilities against package/version... | |
| [349/1061] findup-sync 2.0.0 No known vulnerabilities against package/version... | |
| [350/1061] detect-file 1.0.0 No known vulnerabilities against package/version... | |
| [351/1061] is-glob 3.1.0 No known vulnerabilities against package/version... | |
| [352/1061] micromatch 3.1.10 No known vulnerabilities against package/version... | |
| [353/1061] resolve-dir 1.0.1 No known vulnerabilities against package/version... | |
| [354/1061] object.map 1.0.1 No known vulnerabilities against package/version... | |
| [355/1061] make-iterator 1.0.1 No known vulnerabilities against package/version... | |
| [356/1061] kind-of 6.0.2 No known vulnerabilities against package/version... | |
| [357/1061] rechoir 0.6.2 No known vulnerabilities against package/version... | |
| [358/1061] v8flags 3.1.3 No known vulnerabilities against package/version... | |
| [359/1061] grunt-contrib-compress 1.4.3 No known vulnerabilities against package/version... | |
| [360/1061] archiver 1.3.0 No known vulnerabilities against package/version... | |
| [361/1061] archiver-utils 1.3.0 No known vulnerabilities against package/version... | |
| [362/1061] lazystream 1.0.0 No known vulnerabilities against package/version... | |
| [363/1061] normalize-path 2.1.1 No known vulnerabilities against package/version... | |
| [364/1061] remove-trailing-separator 1.1.0 No known vulnerabilities against package/version... | |
| [365/1061] async 2.6.2 No known vulnerabilities against package/version... | |
| [366/1061] walkdir 0.0.11 No known vulnerabilities against package/version... | |
| [367/1061] zip-stream 1.2.0 No known vulnerabilities against package/version... | |
| [368/1061] compress-commons 1.2.2 No known vulnerabilities against package/version... | |
| [369/1061] crc32-stream 2.0.0 No known vulnerabilities against package/version... | |
| [370/1061] crc 3.8.0 No known vulnerabilities against package/version... | |
| [371/1061] chalk 1.1.3 No known vulnerabilities against package/version... | |
| [372/1061] ansi-styles 2.2.1 No known vulnerabilities against package/version... | |
| [373/1061] supports-color 2.0.0 No known vulnerabilities against package/version... | |
| [374/1061] has-ansi 2.0.0 No known vulnerabilities against package/version... | |
| [375/1061] hashids 1.2.2 No known vulnerabilities against package/version... | |
| [376/1061] helmet 3.16.0 No known vulnerabilities against package/version... | |
| [377/1061] is-docker 1.1.0 No known vulnerabilities against package/version... | |
| [378/1061] is-heroku 2.0.0 No known vulnerabilities against package/version... | |
| [379/1061] jade 1.11.0 No known vulnerabilities against package/version... | |
| [380/1061] ansi-regex 2.1.1 No known vulnerabilities against package/version... | |
| [381/1061] iltorb 1.3.10 No known vulnerabilities against package/version... | |
| [382/1061] detect-libc 0.2.0 No known vulnerabilities against package/version... | |
| [383/1061] nan 2.14.0 No known vulnerabilities against package/version... | |
| [384/1061] node-gyp 3.8.0 No known vulnerabilities against package/version... | |
| [385/1061] fstream 1.0.12 No known vulnerabilities against package/version... | |
| [386/1061] semver 5.3.0 No known vulnerabilities against package/version... | |
| [387/1061] npmlog 4.1.2 No known vulnerabilities against package/version... | |
| [388/1061] tar 2.2.2 No known vulnerabilities against package/version... | |
| [389/1061] block-stream 0.0.9 No known vulnerabilities against package/version... | |
| [390/1061] prebuild-install 2.5.3 No known vulnerabilities against package/version... | |
| [391/1061] expand-template 1.1.1 No known vulnerabilities against package/version... | |
| [392/1061] github-from-package 0.0.0 No known vulnerabilities against package/version... | |
| [393/1061] node-abi 2.9.0 No known vulnerabilities against package/version... | |
| [394/1061] noop-logger 0.1.1 No known vulnerabilities against package/version... | |
| [395/1061] detect-libc 1.0.3 No known vulnerabilities against package/version... | |
| [396/1061] pump 2.0.1 No known vulnerabilities against package/version... | |
| [397/1061] rc 1.2.8 No known vulnerabilities against package/version... | |
| [398/1061] simple-get 2.8.1 No known vulnerabilities against package/version... | |
| [399/1061] simple-concat 1.0.0 No known vulnerabilities against package/version... | |
| [400/1061] tar-fs 1.16.3 No known vulnerabilities against package/version... | |
| [401/1061] chownr 1.1.1 No known vulnerabilities against package/version... | |
| [402/1061] pump 1.0.3 No known vulnerabilities against package/version... | |
| [403/1061] which-pm-runs 1.0.0 No known vulnerabilities against package/version... | |
| [404/1061] pretty-bytes 4.0.2 No known vulnerabilities against package/version... | |
| [405/1061] stream-buffers 2.2.0 No known vulnerabilities against package/version... | |
| [406/1061] dns-prefetch-control 0.1.0 No known vulnerabilities against package/version... | |
| [407/1061] dont-sniff-mimetype 1.0.0 No known vulnerabilities against package/version... | |
| [408/1061] expect-ct 0.1.1 No known vulnerabilities against package/version... | |
| [409/1061] feature-policy 0.2.0 No known vulnerabilities against package/version... | |
| [410/1061] frameguard 3.0.0 No known vulnerabilities against package/version... | |
| [411/1061] helmet-crossdomain 0.3.0 No known vulnerabilities against package/version... | |
| [412/1061] helmet-csp 2.7.1 No known vulnerabilities against package/version... | |
| [413/1061] camelize 1.0.0 No known vulnerabilities against package/version... | |
| [414/1061] content-security-policy-builder 2.0.0 No known vulnerabilities against package/version... | |
| [415/1061] dasherize 2.0.0 No known vulnerabilities against package/version... | |
| [416/1061] platform 1.3.5 No known vulnerabilities against package/version... | |
| [417/1061] depd 2.0.0 No known vulnerabilities against package/version... | |
| [418/1061] hide-powered-by 1.0.0 No known vulnerabilities against package/version... | |
| [419/1061] hpkp 2.0.0 No known vulnerabilities against package/version... | |
| [420/1061] hsts 2.2.0 No known vulnerabilities against package/version... | |
| [421/1061] ienoopen 1.1.0 No known vulnerabilities against package/version... | |
| [422/1061] nocache 2.0.0 No known vulnerabilities against package/version... | |
| [423/1061] referrer-policy 1.1.0 No known vulnerabilities against package/version... | |
| [424/1061] x-xss-protection 1.1.0 No known vulnerabilities against package/version... | |
| [425/1061] html-entities 1.2.1 No known vulnerabilities against package/version... | |
| [426/1061] http-server 0.11.1 No known vulnerabilities against package/version... | |
| [427/1061] corser 2.0.1 No known vulnerabilities against package/version... | |
| [428/1061] ecstatic 3.3.2 No known vulnerabilities against package/version... | |
| [429/1061] he 1.2.0 No known vulnerabilities against package/version... | |
| [430/1061] mime 1.6.0 No known vulnerabilities against package/version... | |
| [431/1061] url-join 2.0.5 No known vulnerabilities against package/version... | |
| [432/1061] http-proxy 1.17.0 No known vulnerabilities against package/version... | |
| [433/1061] follow-redirects 1.7.0 No known vulnerabilities against package/version... | |
| [434/1061] debug 3.2.6 No known vulnerabilities against package/version... | |
| [435/1061] ms 2.1.2 No known vulnerabilities against package/version... | |
| [436/1061] eventemitter3 3.1.2 No known vulnerabilities against package/version... | |
| [437/1061] requires-port 1.0.0 No known vulnerabilities against package/version... | |
| [438/1061] colors 1.0.3 No known vulnerabilities against package/version... | |
| [439/1061] optimist 0.6.1 No known vulnerabilities against package/version... | |
| [440/1061] minimist 0.0.10 No known vulnerabilities against package/version... | |
| [441/1061] wordwrap 0.0.3 No known vulnerabilities against package/version... | |
| [442/1061] opener 1.4.3 No known vulnerabilities against package/version... | |
| [443/1061] portfinder 1.0.20 No known vulnerabilities against package/version... | |
| [444/1061] union 0.4.6 No known vulnerabilities against package/version... | |
| ------------------------------------------------------------ | |
| [445/1061] qs 2.3.3 [VULNERABLE] 2 known vulnerabilities affecting installed version | |
| Prototype override protection bypass | |
| A prototype override protection bypass is possible, which allows attackers to overwrite properties and functions. A previous solution for the problem is incomplete. | |
| ID: 3b7c9a3f-0265-4435-b43d-7dbee2d6a461 | |
| Details: https://ossindex.sonatype.org/vuln/3b7c9a3f-0265-4435-b43d-7dbee2d6a461 | |
| Dependency path: /http-server/union/qs | |
| [CVE-2017-1000048] Improper Input Validation | |
| the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash. | |
| ID: f57acfe9-36e7-427e-8f4a-d6bdfdc02024 | |
| Details: https://ossindex.sonatype.org/vuln/f57acfe9-36e7-427e-8f4a-d6bdfdc02024 | |
| Dependency path: /http-server/union/qs | |
| ------------------------------------------------------------ | |
| [446/1061] character-parser 1.2.1 No known vulnerabilities against package/version... | |
| [447/1061] clean-css 3.4.28 No known vulnerabilities against package/version... | |
| [448/1061] source-map 0.4.4 No known vulnerabilities against package/version... | |
| [449/1061] amdefine 1.0.1 No known vulnerabilities against package/version... | |
| ------------------------------------------------------------ | |
| [450/1061] constantinople 3.0.2 [VULNERABLE] 1 known vulnerabilities affecting installed version | |
| CWE-94: Improper Control of Generation of Code ('Code Injection') | |
| The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. | |
| ID: 8e9b448f-746e-4890-99e7-3ba0a742a910 | |
| Details: https://ossindex.sonatype.org/vuln/8e9b448f-746e-4890-99e7-3ba0a742a910 | |
| Dependency path: /jade/constantinople | |
| ------------------------------------------------------------ | |
| [451/1061] acorn 2.7.0 No known vulnerabilities against package/version... | |
| [452/1061] commander 2.6.0 No known vulnerabilities against package/version... | |
| [453/1061] jstransformer 0.0.2 No known vulnerabilities against package/version... | |
| [454/1061] is-promise 2.1.0 No known vulnerabilities against package/version... | |
| [455/1061] promise 6.1.0 No known vulnerabilities against package/version... | |
| [456/1061] asap 1.0.0 No known vulnerabilities against package/version... | |
| [457/1061] transformers 2.1.0 No known vulnerabilities against package/version... | |
| [458/1061] css 1.0.8 No known vulnerabilities against package/version... | |
| [459/1061] css-parse 1.0.4 No known vulnerabilities against package/version... | |
| [460/1061] css-stringify 1.0.5 No known vulnerabilities against package/version... | |
| [461/1061] promise 2.0.0 No known vulnerabilities against package/version... | |
| [462/1061] is-promise 1.0.1 No known vulnerabilities against package/version... | |
| ------------------------------------------------------------ | |
| [463/1061] uglify-js 2.2.5 [VULNERABLE] 4 known vulnerabilities affecting installed version | |
| CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion') | |
| The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. | |
| ID: 4d6460cf-4f69-4f57-85a4-273d0b825856 | |
| Details: https://ossindex.sonatype.org/vuln/4d6460cf-4f69-4f57-85a4-273d0b825856 | |
| Dependency path: /jade/transformers/uglify-js | |
| CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | |
| The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. eval). | |
| ID: 8b21332c-16a3-404b-aafc-d6d61351b38a | |
| Details: https://ossindex.sonatype.org/vuln/8b21332c-16a3-404b-aafc-d6d61351b38a | |
| Dependency path: /jade/transformers/uglify-js | |
| [CVE-2015-8857] The uglify-js package before 2.4.24 for Node.js does not properly account for no... | |
| The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. | |
| ID: ac325db1-e307-43c4-9f8d-361d200a465c | |
| Details: https://ossindex.sonatype.org/vuln/ac325db1-e307-43c4-9f8d-361d200a465c | |
| Dependency path: /jade/transformers/uglify-js | |
| [CVE-2015-8858] Resource Management Errors | |
| The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)." | |
| ID: bab1679d-9a3b-456c-9e2e-3ca39b4bde3b | |
| Details: https://ossindex.sonatype.org/vuln/bab1679d-9a3b-456c-9e2e-3ca39b4bde3b | |
| Dependency path: /jade/transformers/uglify-js | |
| ------------------------------------------------------------ | |
| [464/1061] optimist 0.3.7 No known vulnerabilities against package/version... | |
| [465/1061] source-map 0.1.43 No known vulnerabilities against package/version... | |
| [466/1061] uglify-js 2.8.29 No known vulnerabilities against package/version... | |
| [467/1061] source-map 0.5.7 No known vulnerabilities against package/version... | |
| [468/1061] yargs 3.10.0 No known vulnerabilities against package/version... | |
| [469/1061] camelcase 1.2.1 No known vulnerabilities against package/version... | |
| [470/1061] cliui 2.1.0 No known vulnerabilities against package/version... | |
| [471/1061] center-align 0.1.3 No known vulnerabilities against package/version... | |
| [472/1061] align-text 0.1.4 No known vulnerabilities against package/version... | |
| [473/1061] kind-of 3.2.2 No known vulnerabilities against package/version... | |
| [474/1061] longest 1.0.1 No known vulnerabilities against package/version... | |
| [475/1061] repeat-string 1.6.1 No known vulnerabilities against package/version... | |
| [476/1061] lazy-cache 1.0.4 No known vulnerabilities against package/version... | |
| [477/1061] right-align 0.1.3 No known vulnerabilities against package/version... | |
| [478/1061] wordwrap 0.0.2 No known vulnerabilities against package/version... | |
| [479/1061] window-size 0.1.0 No known vulnerabilities against package/version... | |
| [480/1061] uglify-to-browserify 1.0.2 No known vulnerabilities against package/version... | |
| [481/1061] void-elements 2.0.1 No known vulnerabilities against package/version... | |
| [482/1061] with 4.0.3 No known vulnerabilities against package/version... | |
| [483/1061] acorn-globals 1.0.9 No known vulnerabilities against package/version... | |
| [484/1061] acorn 1.2.2 No known vulnerabilities against package/version... | |
| [485/1061] jasmine 3.4.0 No known vulnerabilities against package/version... | |
| [486/1061] jasmine-core 3.4.0 No known vulnerabilities against package/version... | |
| [487/1061] jasmine-core 3.3.0 No known vulnerabilities against package/version... | |
| [488/1061] jasmine-reporters 2.3.2 No known vulnerabilities against package/version... | |
| [489/1061] xmldom 0.1.27 No known vulnerabilities against package/version... | |
| [490/1061] jest 23.6.0 No known vulnerabilities against package/version... | |
| [491/1061] import-local 1.0.0 No known vulnerabilities against package/version... | |
| [492/1061] pkg-dir 2.0.0 No known vulnerabilities against package/version... | |
| [493/1061] find-up 2.1.0 No known vulnerabilities against package/version... | |
| [494/1061] locate-path 2.0.0 No known vulnerabilities against package/version... | |
| [495/1061] p-locate 2.0.0 No known vulnerabilities against package/version... | |
| [496/1061] p-limit 1.3.0 No known vulnerabilities against package/version... | |
| [497/1061] p-try 1.0.0 No known vulnerabilities against package/version... | |
| [498/1061] resolve-cwd 2.0.0 No known vulnerabilities against package/version... | |
| [499/1061] resolve-from 3.0.0 No known vulnerabilities against package/version... | |
| [500/1061] fsevents 1.2.9 No known vulnerabilities against package/version... | |
| [501/1061] jest-cli 23.6.0 No known vulnerabilities against package/version... | |
| [502/1061] ansi-escapes 3.2.0 No known vulnerabilities against package/version... | |
| [503/1061] is-ci 1.2.1 No known vulnerabilities against package/version... | |
| [504/1061] ci-info 1.6.0 No known vulnerabilities against package/version... | |
| [505/1061] istanbul-api 1.3.7 No known vulnerabilities against package/version... | |
| [506/1061] fileset 2.0.3 No known vulnerabilities against package/version... | |
| [507/1061] istanbul-lib-coverage 1.2.1 No known vulnerabilities against package/version... | |
| [508/1061] istanbul-lib-hook 1.2.2 No known vulnerabilities against package/version... | |
| [509/1061] append-transform 0.4.0 No known vulnerabilities against package/version... | |
| [510/1061] default-require-extensions 1.0.0 No known vulnerabilities against package/version... | |
| [511/1061] istanbul-lib-instrument 1.10.2 No known vulnerabilities against package/version... | |
| [512/1061] istanbul-lib-report 1.1.5 No known vulnerabilities against package/version... | |
| [513/1061] supports-color 3.2.3 No known vulnerabilities against package/version... | |
| [514/1061] has-flag 1.0.0 No known vulnerabilities against package/version... | |
| [515/1061] path-parse 1.0.6 No known vulnerabilities against package/version... | |
| [516/1061] istanbul-lib-source-maps 1.2.6 No known vulnerabilities against package/version... | |
| [517/1061] istanbul-reports 1.5.1 No known vulnerabilities against package/version... | |
| [518/1061] handlebars 4.1.2 No known vulnerabilities against package/version... | |
| [519/1061] source-map 0.6.1 No known vulnerabilities against package/version... | |
| [520/1061] uglify-js 3.6.0 No known vulnerabilities against package/version... | |
| [521/1061] commander 2.20.0 No known vulnerabilities against package/version... | |
| [522/1061] neo-async 2.6.1 No known vulnerabilities against package/version... | |
| [523/1061] jest-changed-files 23.4.2 No known vulnerabilities against package/version... | |
| [524/1061] throat 4.1.0 No known vulnerabilities against package/version... | |
| [525/1061] jest-config 23.6.0 No known vulnerabilities against package/version... | |
| [526/1061] babel-core 6.26.3 No known vulnerabilities against package/version... | |
| [527/1061] babel-code-frame 6.26.0 No known vulnerabilities against package/version... | |
| [528/1061] json5 0.5.1 No known vulnerabilities against package/version... | |
| [529/1061] babel-generator 6.26.1 No known vulnerabilities against package/version... | |
| [530/1061] babel-helpers 6.24.1 No known vulnerabilities against package/version... | |
| [531/1061] babel-runtime 6.26.0 No known vulnerabilities against package/version... | |
| [532/1061] babel-template 6.26.0 No known vulnerabilities against package/version... | |
| [533/1061] babel-messages 6.23.0 No known vulnerabilities against package/version... | |
| [534/1061] babel-register 6.26.0 No known vulnerabilities against package/version... | |
| [535/1061] core-js 2.6.9 No known vulnerabilities against package/version... | |
| [536/1061] home-or-tmp 2.0.0 No known vulnerabilities against package/version... | |
| [537/1061] source-map-support 0.4.18 No known vulnerabilities against package/version... | |
| [538/1061] babel-traverse 6.26.0 No known vulnerabilities against package/version... | |
| [539/1061] babel-types 6.26.0 No known vulnerabilities against package/version... | |
| [540/1061] babylon 6.18.0 No known vulnerabilities against package/version... | |
| [541/1061] convert-source-map 1.6.0 No known vulnerabilities against package/version... | |
| [542/1061] private 0.1.8 No known vulnerabilities against package/version... | |
| [543/1061] slash 1.0.0 No known vulnerabilities against package/version... | |
| [544/1061] babel-jest 23.6.0 No known vulnerabilities against package/version... | |
| [545/1061] babel-plugin-istanbul 4.1.6 No known vulnerabilities against package/version... | |
| [546/1061] babel-preset-jest 23.2.0 No known vulnerabilities against package/version... | |
| [547/1061] babel-plugin-jest-hoist 23.2.0 No known vulnerabilities against package/version... | |
| [548/1061] babel-plugin-syntax-object-rest-spread 6.13.0 No known vulnerabilities against package/version... | |
| [549/1061] micromatch 2.3.11 No known vulnerabilities against package/version... | |
| [550/1061] filename-regex 2.0.1 No known vulnerabilities against package/version... | |
| [551/1061] arr-diff 2.0.0 No known vulnerabilities against package/version... | |
| [552/1061] arr-flatten 1.1.0 No known vulnerabilities against package/version... | |
| [553/1061] array-unique 0.2.1 No known vulnerabilities against package/version... | |
| [554/1061] braces 1.8.5 No known vulnerabilities against package/version... | |
| [555/1061] expand-range 1.8.2 No known vulnerabilities against package/version... | |
| [556/1061] preserve 0.2.0 No known vulnerabilities against package/version... | |
| [557/1061] repeat-element 1.1.3 No known vulnerabilities against package/version... | |
| [558/1061] expand-brackets 0.1.5 No known vulnerabilities against package/version... | |
| [559/1061] is-posix-bracket 0.1.1 No known vulnerabilities against package/version... | |
| [560/1061] extglob 0.3.2 No known vulnerabilities against package/version... | |
| [561/1061] is-extglob 1.0.0 No known vulnerabilities against package/version... | |
| [562/1061] is-glob 2.0.1 No known vulnerabilities against package/version... | |
| [563/1061] object.omit 2.0.1 No known vulnerabilities against package/version... | |
| [564/1061] parse-glob 3.0.4 No known vulnerabilities against package/version... | |
| [565/1061] regex-cache 0.4.4 No known vulnerabilities against package/version... | |
| [566/1061] jest-environment-jsdom 23.4.0 No known vulnerabilities against package/version... | |
| [567/1061] jest-environment-node 23.4.0 No known vulnerabilities against package/version... | |
| [568/1061] jest-mock 23.2.0 No known vulnerabilities against package/version... | |
| [569/1061] jest-util 23.4.0 No known vulnerabilities against package/version... | |
| [570/1061] jest-get-type 22.4.3 No known vulnerabilities against package/version... | |
| [571/1061] jest-jasmine2 23.6.0 No known vulnerabilities against package/version... | |
| [572/1061] co 4.6.0 No known vulnerabilities against package/version... | |
| [573/1061] expect 23.6.0 No known vulnerabilities against package/version... | |
| [574/1061] jest-diff 23.6.0 No known vulnerabilities against package/version... | |
| [575/1061] jest-matcher-utils 23.6.0 No known vulnerabilities against package/version... | |
| [576/1061] jest-message-util 23.4.0 No known vulnerabilities against package/version... | |
| [577/1061] jest-regex-util 23.3.0 No known vulnerabilities against package/version... | |
| [578/1061] is-generator-fn 1.0.0 No known vulnerabilities against package/version... | |
| [579/1061] jest-each 23.6.0 No known vulnerabilities against package/version... | |
| [580/1061] pretty-format 23.6.0 No known vulnerabilities against package/version... | |
| [581/1061] jest-snapshot 23.6.0 No known vulnerabilities against package/version... | |
| [582/1061] jest-resolve 23.6.0 No known vulnerabilities against package/version... | |
| [583/1061] browser-resolve 1.11.3 No known vulnerabilities against package/version... | |
| [584/1061] realpath-native 1.1.0 No known vulnerabilities against package/version... | |
| [585/1061] jest-validate 23.6.0 No known vulnerabilities against package/version... | |
| [586/1061] jest-haste-map 23.6.0 No known vulnerabilities against package/version... | |
| [587/1061] fb-watchman 2.0.0 No known vulnerabilities against package/version... | |
| [588/1061] bser 2.0.0 No known vulnerabilities against package/version... | |
| [589/1061] node-int64 0.4.0 No known vulnerabilities against package/version... | |
| [590/1061] invariant 2.2.4 No known vulnerabilities against package/version... | |
| [591/1061] jest-docblock 23.2.0 No known vulnerabilities against package/version... | |
| [592/1061] detect-newline 2.1.0 No known vulnerabilities against package/version... | |
| [593/1061] jest-serializer 23.0.1 No known vulnerabilities against package/version... | |
| [594/1061] jest-worker 23.2.0 No known vulnerabilities against package/version... | |
| [595/1061] sane 2.5.2 No known vulnerabilities against package/version... | |
| [596/1061] anymatch 2.0.0 No known vulnerabilities against package/version... | |
| [597/1061] capture-exit 1.2.0 No known vulnerabilities against package/version... | |
| [598/1061] rsvp 3.6.2 No known vulnerabilities against package/version... | |
| [599/1061] exec-sh 0.2.2 No known vulnerabilities against package/version... | |
| [600/1061] merge 1.2.1 No known vulnerabilities against package/version... | |
| [601/1061] node-pre-gyp 0.12.0 No known vulnerabilities against package/version... | |
| [602/1061] needle 2.3.0 No known vulnerabilities against package/version... | |
| [603/1061] debug 4.1.1 No known vulnerabilities against package/version... | |
| [604/1061] ms 2.1.1 No known vulnerabilities against package/version... | |
| [605/1061] iconv-lite 0.4.24 No known vulnerabilities against package/version... | |
| [606/1061] sax 1.2.4 No known vulnerabilities against package/version... | |
| [607/1061] npm-packlist 1.4.1 No known vulnerabilities against package/version... | |
| [608/1061] ignore-walk 3.0.1 No known vulnerabilities against package/version... | |
| [609/1061] npm-bundled 1.0.6 No known vulnerabilities against package/version... | |
| [610/1061] semver 5.7.0 No known vulnerabilities against package/version... | |
| [611/1061] tar 4.4.8 No known vulnerabilities against package/version... | |
| [612/1061] fs-minipass 1.2.5 No known vulnerabilities against package/version... | |
| [613/1061] minipass 2.3.5 No known vulnerabilities against package/version... | |
| [614/1061] minizlib 1.2.1 No known vulnerabilities against package/version... | |
| [615/1061] yallist 3.0.3 No known vulnerabilities against package/version... | |
| [616/1061] walker 1.0.7 No known vulnerabilities against package/version... | |
| [617/1061] makeerror 1.0.11 No known vulnerabilities against package/version... | |
| [618/1061] tmpl 1.0.4 No known vulnerabilities against package/version... | |
| [619/1061] watch 0.18.0 No known vulnerabilities against package/version... | |
| [620/1061] jwt-decode 2.2.0 No known vulnerabilities against package/version... | |
| [621/1061] glob 7.1.3 No known vulnerabilities against package/version... | |
| [622/1061] jest-resolve-dependencies 23.6.0 No known vulnerabilities against package/version... | |
| [623/1061] jest-runner 23.6.0 No known vulnerabilities against package/version... | |
| [624/1061] jest-leak-detector 23.6.0 No known vulnerabilities against package/version... | |
| [625/1061] source-map-support 0.5.12 No known vulnerabilities against package/version... | |
| [626/1061] buffer-from 1.1.1 No known vulnerabilities against package/version... | |
| [627/1061] jest-runtime 23.6.0 No known vulnerabilities against package/version... | |
| [628/1061] jest-watcher 23.4.0 No known vulnerabilities against package/version... | |
| [629/1061] string-length 2.0.0 No known vulnerabilities against package/version... | |
| [630/1061] yargs 11.1.0 No known vulnerabilities against package/version... | |
| [631/1061] os-locale 2.1.0 No known vulnerabilities against package/version... | |
| [632/1061] execa 0.7.0 No known vulnerabilities against package/version... | |
| [633/1061] cross-spawn 5.1.0 No known vulnerabilities against package/version... | |
| [634/1061] lru-cache 4.1.5 No known vulnerabilities against package/version... | |
| [635/1061] yallist 2.1.2 No known vulnerabilities against package/version... | |
| [636/1061] pseudomap 1.0.2 No known vulnerabilities against package/version... | |
| [637/1061] shebang-command 1.2.0 No known vulnerabilities against package/version... | |
| [638/1061] lcid 1.0.0 No known vulnerabilities against package/version... | |
| [639/1061] invert-kv 1.0.0 No known vulnerabilities against package/version... | |
| [640/1061] mem 1.1.0 No known vulnerabilities against package/version... | |
| [641/1061] mimic-fn 1.2.0 No known vulnerabilities against package/version... | |
| [642/1061] y18n 3.2.1 No known vulnerabilities against package/version... | |
| [643/1061] yargs-parser 9.0.2 No known vulnerabilities against package/version... | |
| [644/1061] camelcase 4.1.0 No known vulnerabilities against package/version... | |
| [645/1061] node-notifier 5.4.0 No known vulnerabilities against package/version... | |
| [646/1061] growly 1.3.0 No known vulnerabilities against package/version... | |
| [647/1061] is-wsl 1.1.0 No known vulnerabilities against package/version... | |
| [648/1061] shellwords 0.1.1 No known vulnerabilities against package/version... | |
| [649/1061] prompts 0.1.14 No known vulnerabilities against package/version... | |
| [650/1061] kleur 2.0.2 No known vulnerabilities against package/version... | |
| [651/1061] sisteransi 0.1.1 No known vulnerabilities against package/version... | |
| [652/1061] jsonwebtoken 8.5.1 No known vulnerabilities against package/version... | |
| [653/1061] jws 3.2.2 No known vulnerabilities against package/version... | |
| [654/1061] jwa 1.4.1 No known vulnerabilities against package/version... | |
| [655/1061] buffer-equal-constant-time 1.0.1 No known vulnerabilities against package/version... | |
| [656/1061] ecdsa-sig-formatter 1.0.11 No known vulnerabilities against package/version... | |
| [657/1061] lodash.includes 4.3.0 No known vulnerabilities against package/version... | |
| [658/1061] lodash.isboolean 3.0.3 No known vulnerabilities against package/version... | |
| [659/1061] lodash.isinteger 4.0.4 No known vulnerabilities against package/version... | |
| [660/1061] lodash.isnumber 3.0.3 No known vulnerabilities against package/version... | |
| [661/1061] lodash.isplainobject 4.0.6 No known vulnerabilities against package/version... | |
| [662/1061] lodash.isstring 4.0.1 No known vulnerabilities against package/version... | |
| [663/1061] lodash.once 4.1.1 No known vulnerabilities against package/version... | |
| [664/1061] jssha 2.3.1 No known vulnerabilities against package/version... | |
| [665/1061] lcov-result-merger 3.1.0 No known vulnerabilities against package/version... | |
| [666/1061] through2 2.0.5 No known vulnerabilities against package/version... | |
| [667/1061] xtend 4.0.1 No known vulnerabilities against package/version... | |
| [668/1061] vinyl 2.2.0 No known vulnerabilities against package/version... | |
| [669/1061] clone-buffer 1.0.0 No known vulnerabilities against package/version... | |
| [670/1061] clone-stats 1.0.0 No known vulnerabilities against package/version... | |
| [671/1061] cloneable-readable 1.1.3 No known vulnerabilities against package/version... | |
| [672/1061] process-nextick-args 2.0.1 No known vulnerabilities against package/version... | |
| [673/1061] replace-ext 1.0.0 No known vulnerabilities against package/version... | |
| [674/1061] clone 2.1.2 No known vulnerabilities against package/version... | |
| [675/1061] vinyl-fs 3.0.3 No known vulnerabilities against package/version... | |
| [676/1061] fs-mkdirp-stream 1.0.0 No known vulnerabilities against package/version... | |
| [677/1061] glob-stream 6.1.0 No known vulnerabilities against package/version... | |
| [678/1061] glob-parent 3.1.0 No known vulnerabilities against package/version... | |
| [679/1061] path-dirname 1.0.2 No known vulnerabilities against package/version... | |
| [680/1061] is-negated-glob 1.0.0 No known vulnerabilities against package/version... | |
| [681/1061] ordered-read-streams 1.0.1 No known vulnerabilities against package/version... | |
| [682/1061] pumpify 1.5.1 No known vulnerabilities against package/version... | |
| [683/1061] to-absolute-glob 2.0.2 No known vulnerabilities against package/version... | |
| [684/1061] unique-stream 2.3.1 No known vulnerabilities against package/version... | |
| [685/1061] json-stable-stringify-without-jsonify 1.0.1 No known vulnerabilities against package/version... | |
| [686/1061] through2-filter 3.0.0 No known vulnerabilities against package/version... | |
| [687/1061] is-valid-glob 1.0.0 No known vulnerabilities against package/version... | |
| [688/1061] lead 1.0.0 No known vulnerabilities against package/version... | |
| [689/1061] flush-write-stream 1.1.1 No known vulnerabilities against package/version... | |
| [690/1061] object.assign 4.1.0 No known vulnerabilities against package/version... | |
| [691/1061] remove-bom-buffer 3.0.0 No known vulnerabilities against package/version... | |
| [692/1061] is-buffer 1.1.6 No known vulnerabilities against package/version... | |
| [693/1061] remove-bom-stream 1.2.0 No known vulnerabilities against package/version... | |
| [694/1061] resolve-options 1.1.0 No known vulnerabilities against package/version... | |
| [695/1061] value-or-function 3.0.0 No known vulnerabilities against package/version... | |
| [696/1061] to-through 2.0.0 No known vulnerabilities against package/version... | |
| [697/1061] vinyl-sourcemap 1.1.0 No known vulnerabilities against package/version... | |
| [698/1061] append-buffer 1.0.2 No known vulnerabilities against package/version... | |
| [699/1061] buffer-equal 1.0.0 No known vulnerabilities against package/version... | |
| [700/1061] now-and-later 2.0.1 No known vulnerabilities against package/version... | |
| [701/1061] libxmljs 0.19.5 No known vulnerabilities against package/version... | |
| [702/1061] bindings 1.3.1 No known vulnerabilities against package/version... | |
| [703/1061] nan 2.10.0 No known vulnerabilities against package/version... | |
| [704/1061] node-pre-gyp 0.11.0 No known vulnerabilities against package/version... | |
| [705/1061] needle 2.4.0 No known vulnerabilities against package/version... | |
| [706/1061] tar 4.4.10 No known vulnerabilities against package/version... | |
| [707/1061] fs-minipass 1.2.6 No known vulnerabilities against package/version... | |
| [708/1061] marsdb 0.6.11 No known vulnerabilities against package/version... | |
| [709/1061] check-types 6.0.0 No known vulnerabilities against package/version... | |
| [710/1061] double-ended-queue 0.9.7 No known vulnerabilities against package/version... | |
| [711/1061] eventemitter3 1.1.1 No known vulnerabilities against package/version... | |
| [712/1061] fast.js 0.1.1 No known vulnerabilities against package/version... | |
| [713/1061] geojson-utils 1.1.0 No known vulnerabilities against package/version... | |
| [714/1061] mocha 6.0.2 No known vulnerabilities against package/version... | |
| [715/1061] ansi-colors 3.2.3 No known vulnerabilities against package/version... | |
| [716/1061] browser-stdout 1.3.1 No known vulnerabilities against package/version... | |
| [717/1061] diff 3.5.0 No known vulnerabilities against package/version... | |
| [718/1061] growl 1.10.5 No known vulnerabilities against package/version... | |
| [719/1061] log-symbols 2.2.0 No known vulnerabilities against package/version... | |
| [720/1061] js-yaml 3.12.0 No known vulnerabilities against package/version... | |
| [721/1061] argparse 1.0.10 No known vulnerabilities against package/version... | |
| [722/1061] esprima 4.0.1 No known vulnerabilities against package/version... | |
| [723/1061] supports-color 6.0.0 No known vulnerabilities against package/version... | |
| [724/1061] node-environment-flags 1.0.4 No known vulnerabilities against package/version... | |
| [725/1061] object.getownpropertydescriptors 2.0.3 No known vulnerabilities against package/version... | |
| [726/1061] define-properties 1.1.3 No known vulnerabilities against package/version... | |
| [727/1061] es-abstract 1.13.0 No known vulnerabilities against package/version... | |
| [728/1061] es-to-primitive 1.2.0 No known vulnerabilities against package/version... | |
| [729/1061] is-callable 1.1.4 No known vulnerabilities against package/version... | |
| [730/1061] is-date-object 1.0.1 No known vulnerabilities against package/version... | |
| [731/1061] is-symbol 1.0.2 No known vulnerabilities against package/version... | |
| [732/1061] has-symbols 1.0.0 No known vulnerabilities against package/version... | |
| [733/1061] function-bind 1.1.1 No known vulnerabilities against package/version... | |
| [734/1061] has 1.0.3 No known vulnerabilities against package/version... | |
| [735/1061] is-regex 1.0.4 No known vulnerabilities against package/version... | |
| [736/1061] object-keys 1.1.1 No known vulnerabilities against package/version... | |
| [737/1061] strip-json-comments 2.0.1 No known vulnerabilities against package/version... | |
| [738/1061] wide-align 1.1.3 No known vulnerabilities against package/version... | |
| [739/1061] yargs-unparser 1.5.0 No known vulnerabilities against package/version... | |
| [740/1061] flat 4.1.0 No known vulnerabilities against package/version... | |
| [741/1061] is-buffer 2.0.3 No known vulnerabilities against package/version... | |
| [742/1061] morgan 1.9.1 No known vulnerabilities against package/version... | |
| [743/1061] multer 1.4.1 No known vulnerabilities against package/version... | |
| [744/1061] basic-auth 2.0.1 No known vulnerabilities against package/version... | |
| [745/1061] on-headers 1.0.2 No known vulnerabilities against package/version... | |
| [746/1061] append-field 1.0.0 No known vulnerabilities against package/version... | |
| [747/1061] busboy 0.2.14 No known vulnerabilities against package/version... | |
| [748/1061] readable-stream 1.1.14 No known vulnerabilities against package/version... | |
| [749/1061] isarray 0.0.1 No known vulnerabilities against package/version... | |
| [750/1061] string_decoder 0.10.31 No known vulnerabilities against package/version... | |
| [751/1061] core-util-is 1.0.2 No known vulnerabilities against package/version... | |
| [752/1061] dicer 0.2.5 No known vulnerabilities against package/version... | |
| [753/1061] streamsearch 0.1.2 No known vulnerabilities against package/version... | |
| [754/1061] concat-stream 1.6.2 No known vulnerabilities against package/version... | |
| [755/1061] typedarray 0.0.6 No known vulnerabilities against package/version... | |
| [756/1061] notevil 1.1.0 No known vulnerabilities against package/version... | |
| [757/1061] hoister 0.0.2 No known vulnerabilities against package/version... | |
| [758/1061] esprima 1.0.4 No known vulnerabilities against package/version... | |
| [759/1061] nyc 13.3.0 No known vulnerabilities against package/version... | |
| [760/1061] archy 1.0.0 No known vulnerabilities against package/version... | |
| [761/1061] arrify 1.0.1 No known vulnerabilities against package/version... | |
| [762/1061] caching-transform 3.0.1 No known vulnerabilities against package/version... | |
| [763/1061] hasha 3.0.0 No known vulnerabilities against package/version... | |
| [764/1061] package-hash 3.0.0 No known vulnerabilities against package/version... | |
| [765/1061] lodash.flattendeep 4.4.0 No known vulnerabilities against package/version... | |
| [766/1061] release-zalgo 1.0.0 No known vulnerabilities against package/version... | |
| [767/1061] es6-error 4.1.1 No known vulnerabilities against package/version... | |
| [768/1061] write-file-atomic 2.4.2 No known vulnerabilities against package/version... | |
| [769/1061] imurmurhash 0.1.4 No known vulnerabilities against package/version... | |
| [770/1061] find-cache-dir 2.0.0 No known vulnerabilities against package/version... | |
| [771/1061] commondir 1.0.1 No known vulnerabilities against package/version... | |
| [772/1061] pkg-dir 3.0.0 No known vulnerabilities against package/version... | |
| [773/1061] foreground-child 1.5.6 No known vulnerabilities against package/version... | |
| [774/1061] cross-spawn 4.0.2 No known vulnerabilities against package/version... | |
| [775/1061] istanbul-lib-coverage 2.0.3 No known vulnerabilities against package/version... | |
| [776/1061] istanbul-lib-hook 2.0.3 No known vulnerabilities against package/version... | |
| [777/1061] append-transform 1.0.0 No known vulnerabilities against package/version... | |
| [778/1061] default-require-extensions 2.0.0 No known vulnerabilities against package/version... | |
| [779/1061] strip-bom 3.0.0 No known vulnerabilities against package/version... | |
| [780/1061] istanbul-lib-instrument 3.3.0 No known vulnerabilities against package/version... | |
| [781/1061] @babel/generator 7.4.4 No known vulnerabilities against package/version... | |
| [782/1061] jsesc 2.5.2 No known vulnerabilities against package/version... | |
| [783/1061] @babel/types 7.4.4 No known vulnerabilities against package/version... | |
| [784/1061] trim-right 1.0.1 No known vulnerabilities against package/version... | |
| [785/1061] @babel/parser 7.4.5 No known vulnerabilities against package/version... | |
| [786/1061] @babel/template 7.4.4 No known vulnerabilities against package/version... | |
| [787/1061] @babel/code-frame 7.0.0 No known vulnerabilities against package/version... | |
| [788/1061] @babel/traverse 7.4.5 No known vulnerabilities against package/version... | |
| [789/1061] @babel/helper-function-name 7.1.0 No known vulnerabilities against package/version... | |
| [790/1061] @babel/helper-get-function-arity 7.0.0 No known vulnerabilities against package/version... | |
| [791/1061] @babel/helper-split-export-declaration 7.4.4 No known vulnerabilities against package/version... | |
| [792/1061] globals 11.12.0 No known vulnerabilities against package/version... | |
| [793/1061] istanbul-lib-coverage 2.0.5 No known vulnerabilities against package/version... | |
| [794/1061] semver 6.1.1 No known vulnerabilities against package/version... | |
| [795/1061] istanbul-lib-report 2.0.4 No known vulnerabilities against package/version... | |
| [796/1061] supports-color 6.1.0 No known vulnerabilities against package/version... | |
| [797/1061] istanbul-lib-source-maps 3.0.2 No known vulnerabilities against package/version... | |
| [798/1061] istanbul-reports 2.1.1 No known vulnerabilities against package/version... | |
| [799/1061] handlebars 4.1.0 No known vulnerabilities against package/version... | |
| [800/1061] uglify-js 3.4.9 No known vulnerabilities against package/version... | |
| [801/1061] commander 2.17.1 No known vulnerabilities against package/version... | |
| [802/1061] merge-source-map 1.1.0 No known vulnerabilities against package/version... | |
| [803/1061] resolve-from 4.0.0 No known vulnerabilities against package/version... | |
| [804/1061] spawn-wrap 1.4.2 No known vulnerabilities against package/version... | |
| [805/1061] test-exclude 5.1.0 No known vulnerabilities against package/version... | |
| [806/1061] read-pkg-up 4.0.0 No known vulnerabilities against package/version... | |
| [807/1061] read-pkg 3.0.0 No known vulnerabilities against package/version... | |
| [808/1061] load-json-file 4.0.0 No known vulnerabilities against package/version... | |
| [809/1061] path-type 3.0.0 No known vulnerabilities against package/version... | |
| [810/1061] uuid 3.3.2 No known vulnerabilities against package/version... | |
| [811/1061] otplib 11.0.1 No known vulnerabilities against package/version... | |
| [812/1061] thirty-two 1.0.2 No known vulnerabilities against package/version... | |
| [813/1061] pdfkit 0.8.3 No known vulnerabilities against package/version... | |
| [814/1061] fontkit 1.8.0 No known vulnerabilities against package/version... | |
| [815/1061] brfs 1.6.1 No known vulnerabilities against package/version... | |
| [816/1061] quote-stream 1.0.2 No known vulnerabilities against package/version... | |
| [817/1061] buffer-equal 0.0.1 No known vulnerabilities against package/version... | |
| [818/1061] static-module 2.2.5 No known vulnerabilities against package/version... | |
| [819/1061] duplexer2 0.1.4 No known vulnerabilities against package/version... | |
| [820/1061] escodegen 1.9.1 No known vulnerabilities against package/version... | |
| [821/1061] falafel 2.1.0 No known vulnerabilities against package/version... | |
| [822/1061] acorn 5.7.3 No known vulnerabilities against package/version... | |
| [823/1061] foreach 2.0.5 No known vulnerabilities against package/version... | |
| [824/1061] magic-string 0.22.5 No known vulnerabilities against package/version... | |
| [825/1061] vlq 0.2.3 No known vulnerabilities against package/version... | |
| [826/1061] merge-source-map 1.0.4 No known vulnerabilities against package/version... | |
| [827/1061] object-inspect 1.4.1 No known vulnerabilities against package/version... | |
| [828/1061] shallow-copy 0.0.1 No known vulnerabilities against package/version... | |
| [829/1061] static-eval 2.0.2 No known vulnerabilities against package/version... | |
| [830/1061] brotli 1.3.2 No known vulnerabilities against package/version... | |
| [831/1061] browserify-optional 1.0.1 No known vulnerabilities against package/version... | |
| [832/1061] ast-transform 0.0.0 No known vulnerabilities against package/version... | |
| [833/1061] escodegen 1.2.0 No known vulnerabilities against package/version... | |
| [834/1061] estraverse 1.5.1 No known vulnerabilities against package/version... | |
| [835/1061] esutils 1.0.0 No known vulnerabilities against package/version... | |
| [836/1061] ast-types 0.7.8 No known vulnerabilities against package/version... | |
| [837/1061] deep-equal 1.0.1 No known vulnerabilities against package/version... | |
| [838/1061] dfa 1.2.0 No known vulnerabilities against package/version... | |
| [839/1061] restructure 0.5.4 No known vulnerabilities against package/version... | |
| [840/1061] tiny-inflate 1.0.2 No known vulnerabilities against package/version... | |
| [841/1061] unicode-properties 1.2.2 No known vulnerabilities against package/version... | |
| [842/1061] unicode-trie 1.0.0 No known vulnerabilities against package/version... | |
| [843/1061] pako 0.2.9 No known vulnerabilities against package/version... | |
| [844/1061] unicode-trie 0.3.1 No known vulnerabilities against package/version... | |
| [845/1061] linebreak 0.3.0 No known vulnerabilities against package/version... | |
| [846/1061] base64-js 0.0.8 No known vulnerabilities against package/version... | |
| [847/1061] png-js 0.1.1 No known vulnerabilities against package/version... | |
| [848/1061] protractor 5.4.2 No known vulnerabilities against package/version... | |
| [849/1061] @types/q 0.0.32 No known vulnerabilities against package/version... | |
| [850/1061] @types/selenium-webdriver 3.0.16 No known vulnerabilities against package/version... | |
| [851/1061] blocking-proxy 1.0.1 No known vulnerabilities against package/version... | |
| [852/1061] browserstack 1.5.2 No known vulnerabilities against package/version... | |
| [853/1061] https-proxy-agent 2.2.1 No known vulnerabilities against package/version... | |
| [854/1061] agent-base 4.3.0 No known vulnerabilities against package/version... | |
| [855/1061] es6-promisify 5.0.0 No known vulnerabilities against package/version... | |
| [856/1061] es6-promise 4.2.8 No known vulnerabilities against package/version... | |
| [857/1061] jasminewd2 2.2.0 No known vulnerabilities against package/version... | |
| [858/1061] jasmine 2.8.0 No known vulnerabilities against package/version... | |
| [859/1061] jasmine-core 2.8.0 No known vulnerabilities against package/version... | |
| [860/1061] webdriver-manager 12.1.5 No known vulnerabilities against package/version... | |
| [861/1061] adm-zip 0.4.13 No known vulnerabilities against package/version... | |
| [862/1061] del 2.2.2 No known vulnerabilities against package/version... | |
| [863/1061] globby 5.0.0 No known vulnerabilities against package/version... | |
| [864/1061] replace 1.1.0 No known vulnerabilities against package/version... | |
| ------------------------------------------------------------ | |
| [865/1061] sanitize-html 1.4.2 [VULNERABLE] 5 known vulnerabilities affecting installed version | |
| Sanitization not applied recursively | |
| Sanitization is not applied recursively, leading to a vulnerability to certain masking attacks. | |
| The issue was later resolved in a different manner: | |
| > This issue has been resolved better through the use of the decodeEntities: true option of htmlparser2. Recursive invocation is no longer required to pass the test suite. | |
| > | |
| > -- [github.com](https://github.com/punkave/sanitize-html/issues/29) | |
| ID: 22dfe542-af41-43c8-b2f4-361a24948fdd | |
| Details: https://ossindex.sonatype.org/vuln/22dfe542-af41-43c8-b2f4-361a24948fdd | |
| Dependency path: sanitize-html@1.4.2 | |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |
| The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | |
| ID: 1c0eccfb-8955-435a-9188-9ecc4130dd92 | |
| Details: https://ossindex.sonatype.org/vuln/1c0eccfb-8955-435a-9188-9ecc4130dd92 | |
| Dependency path: sanitize-html@1.4.2 | |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |
| The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | |
| ID: f5f2bb79-9535-4101-89b6-dc19d01778f8 | |
| Details: https://ossindex.sonatype.org/vuln/f5f2bb79-9535-4101-89b6-dc19d01778f8 | |
| Dependency path: sanitize-html@1.4.2 | |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |
| The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | |
| ID: d2655bca-24d7-4694-b571-a9f3376b044d | |
| Details: https://ossindex.sonatype.org/vuln/d2655bca-24d7-4694-b571-a9f3376b044d | |
| Dependency path: sanitize-html@1.4.2 | |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |
| The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | |
| ID: bca50ed8-4378-47c2-90ab-331708a55c66 | |
| Details: https://ossindex.sonatype.org/vuln/bca50ed8-4378-47c2-90ab-331708a55c66 | |
| Dependency path: sanitize-html@1.4.2 | |
| ------------------------------------------------------------ | |
| [866/1061] sequelize-noupdate-attributes 1.0.0 No known vulnerabilities against package/version... | |
| [867/1061] socket.io 2.2.0 No known vulnerabilities against package/version... | |
| [868/1061] array-union 1.0.2 No known vulnerabilities against package/version... | |
| [869/1061] array-uniq 1.0.3 No known vulnerabilities against package/version... | |
| [870/1061] is-path-cwd 1.0.0 No known vulnerabilities against package/version... | |
| [871/1061] is-path-in-cwd 1.0.1 No known vulnerabilities against package/version... | |
| [872/1061] is-path-inside 1.0.1 No known vulnerabilities against package/version... | |
| [873/1061] path-is-inside 1.0.2 No known vulnerabilities against package/version... | |
| [874/1061] q 1.4.1 No known vulnerabilities against package/version... | |
| [875/1061] xml2js 0.4.19 No known vulnerabilities against package/version... | |
| [876/1061] xmlbuilder 9.0.7 No known vulnerabilities against package/version... | |
| [877/1061] saucelabs 1.5.0 No known vulnerabilities against package/version... | |
| [878/1061] selenium-webdriver 3.6.0 No known vulnerabilities against package/version... | |
| [879/1061] jszip 3.2.1 No known vulnerabilities against package/version... | |
| [880/1061] pako 1.0.10 No known vulnerabilities against package/version... | |
| [881/1061] lie 3.3.0 No known vulnerabilities against package/version... | |
| [882/1061] immediate 3.0.6 No known vulnerabilities against package/version... | |
| [883/1061] set-immediate-shim 1.0.1 No known vulnerabilities against package/version... | |
| [884/1061] tmp 0.0.30 No known vulnerabilities against package/version... | |
| [885/1061] webdriver-js-extender 2.1.0 No known vulnerabilities against package/version... | |
| [886/1061] colors 1.2.4 No known vulnerabilities against package/version... | |
| [887/1061] he 0.4.1 No known vulnerabilities against package/version... | |
| [888/1061] htmlparser2 3.3.0 No known vulnerabilities against package/version... | |
| [889/1061] domelementtype 1.3.1 No known vulnerabilities against package/version... | |
| [890/1061] domhandler 2.1.0 No known vulnerabilities against package/version... | |
| [891/1061] domutils 1.1.6 No known vulnerabilities against package/version... | |
| [892/1061] readable-stream 1.0.34 No known vulnerabilities against package/version... | |
| ------------------------------------------------------------ | |
| [893/1061] lodash 2.4.2 [VULNERABLE] 3 known vulnerabilities affecting installed version | |
| [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl... | |
| lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |
| ID: 12e63c9c-b3f9-42d3-8541-dca1b72cad69 | |
| Details: https://ossindex.sonatype.org/vuln/12e63c9c-b3f9-42d3-8541-dca1b72cad69 | |
| Dependency path: /sanitize-html/lodash | |
| CWE-471: Modification of Assumed-Immutable Data (MAID) | |
| The software does not properly protect an assumed-immutable element from being modified by an attacker. | |
| ID: 0f23ff35-235f-404f-8118-bc1580673fd0 | |
| Details: https://ossindex.sonatype.org/vuln/0f23ff35-235f-404f-8118-bc1580673fd0 | |
| Dependency path: /sanitize-html/lodash | |
| [CVE-2018-16487] A prototype pollution vulnerability was found in lodash <4.17.11 where the funct... | |
| A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. | |
| ID: 0675c3f4-728c-47fa-96aa-1826d93ba0a0 | |
| Details: https://ossindex.sonatype.org/vuln/0675c3f4-728c-47fa-96aa-1826d93ba0a0 | |
| Dependency path: /sanitize-html/lodash | |
| ------------------------------------------------------------ | |
| [894/1061] sequelize 4.43.2 No known vulnerabilities against package/version... | |
| [895/1061] cls-bluebird 2.1.0 No known vulnerabilities against package/version... | |
| [896/1061] is-bluebird 1.0.2 No known vulnerabilities against package/version... | |
| [897/1061] shimmer 1.2.1 No known vulnerabilities against package/version... | |
| [898/1061] generic-pool 3.5.0 No known vulnerabilities against package/version... | |
| [899/1061] moment-timezone 0.5.25 No known vulnerabilities against package/version... | |
| [900/1061] retry-as-promised 2.3.2 No known vulnerabilities against package/version... | |
| [901/1061] terraformer-wkt-parser 1.2.0 No known vulnerabilities against package/version... | |
| [902/1061] @types/geojson 1.0.6 No known vulnerabilities against package/version... | |
| [903/1061] terraformer 1.0.9 No known vulnerabilities against package/version... | |
| [904/1061] toposort-class 1.0.1 No known vulnerabilities against package/version... | |
| [905/1061] validator 10.11.0 No known vulnerabilities against package/version... | |
| [906/1061] wkx 0.4.7 No known vulnerabilities against package/version... | |
| [907/1061] @types/node 12.0.8 No known vulnerabilities against package/version... | |
| [908/1061] serve-index 1.9.1 No known vulnerabilities against package/version... | |
| [909/1061] batch 0.6.1 No known vulnerabilities against package/version... | |
| ------------------------------------------------------------ | |
| [910/1061] shelljs 0.8.3 [VULNERABLE] 1 known vulnerabilities affecting installed version | |
| Possible Command Injection | |
| There are `relevant security flaws surrounding command injection and unexpected globbing` due to the use of the exec function. | |
| ID: 560f37f7-6c1d-4b9c-aad3-34dcfcf218d7 | |
| Details: https://ossindex.sonatype.org/vuln/560f37f7-6c1d-4b9c-aad3-34dcfcf218d7 | |
| Dependency path: /shelljs | |
| ------------------------------------------------------------ | |
| [911/1061] sinon 7.2.7 No known vulnerabilities against package/version... | |
| [912/1061] @sinonjs/commons 1.4.0 No known vulnerabilities against package/version... | |
| [913/1061] @sinonjs/formatio 3.2.1 No known vulnerabilities against package/version... | |
| [914/1061] @sinonjs/samsam 3.3.2 No known vulnerabilities against package/version... | |
| [915/1061] lolex 3.1.0 No known vulnerabilities against package/version... | |
| [916/1061] nise 1.5.0 No known vulnerabilities against package/version... | |
| [917/1061] @sinonjs/text-encoding 0.7.1 No known vulnerabilities against package/version... | |
| [918/1061] just-extend 4.0.2 No known vulnerabilities against package/version... | |
| [919/1061] lolex 4.1.0 No known vulnerabilities against package/version... | |
| [920/1061] path-to-regexp 1.7.0 No known vulnerabilities against package/version... | |
| [921/1061] sinon-chai 3.2.0 No known vulnerabilities against package/version... | |
| [922/1061] engine.io 3.3.2 No known vulnerabilities against package/version... | |
| [923/1061] base64id 1.0.0 No known vulnerabilities against package/version... | |
| [924/1061] engine.io-parser 2.1.3 No known vulnerabilities against package/version... | |
| [925/1061] after 0.8.2 No known vulnerabilities against package/version... | |
| [926/1061] arraybuffer.slice 0.0.7 No known vulnerabilities against package/version... | |
| [927/1061] base64-arraybuffer 0.1.5 No known vulnerabilities against package/version... | |
| [928/1061] blob 0.0.5 No known vulnerabilities against package/version... | |
| [929/1061] has-binary2 1.0.3 No known vulnerabilities against package/version... | |
| [930/1061] debug 3.1.0 No known vulnerabilities against package/version... | |
| [931/1061] ws 6.1.4 No known vulnerabilities against package/version... | |
| [932/1061] async-limiter 1.0.0 No known vulnerabilities against package/version... | |
| [933/1061] socket.io-adapter 1.1.1 No known vulnerabilities against package/version... | |
| [934/1061] socket.io-client 2.2.0 No known vulnerabilities against package/version... | |
| [935/1061] socket.io-parser 3.3.0 No known vulnerabilities against package/version... | |
| [936/1061] component-emitter 1.2.1 No known vulnerabilities against package/version... | |
| [937/1061] isarray 2.0.1 No known vulnerabilities against package/version... | |
| [938/1061] sqlite3 4.0.9 No known vulnerabilities against package/version... | |
| [939/1061] standard 12.0.1 No known vulnerabilities against package/version... | |
| [940/1061] eslint 5.4.0 No known vulnerabilities against package/version... | |
| [941/1061] ajv 6.10.0 No known vulnerabilities against package/version... | |
| [942/1061] doctrine 2.1.0 No known vulnerabilities against package/version... | |
| [943/1061] esutils 2.0.2 No known vulnerabilities against package/version... | |
| [944/1061] eslint-scope 4.0.3 No known vulnerabilities against package/version... | |
| [945/1061] esrecurse 4.2.1 No known vulnerabilities against package/version... | |
| [946/1061] estraverse 4.2.0 No known vulnerabilities against package/version... | |
| [947/1061] eslint-utils 1.3.1 No known vulnerabilities against package/version... | |
| [948/1061] eslint-visitor-keys 1.0.0 No known vulnerabilities against package/version... | |
| [949/1061] espree 4.1.0 No known vulnerabilities against package/version... | |
| [950/1061] acorn-jsx 5.0.1 No known vulnerabilities against package/version... | |
| [951/1061] acorn 6.1.1 No known vulnerabilities against package/version... | |
| [952/1061] esquery 1.0.1 No known vulnerabilities against package/version... | |
| [953/1061] file-entry-cache 2.0.0 No known vulnerabilities against package/version... | |
| [954/1061] flat-cache 1.3.4 No known vulnerabilities against package/version... | |
| [955/1061] circular-json 0.3.3 No known vulnerabilities against package/version... | |
| [956/1061] write 0.2.1 No known vulnerabilities against package/version... | |
| [957/1061] functional-red-black-tree 1.0.1 No known vulnerabilities against package/version... | |
| [958/1061] ignore 4.0.6 No known vulnerabilities against package/version... | |
| [959/1061] inquirer 5.2.0 No known vulnerabilities against package/version... | |
| [960/1061] cli-cursor 2.1.0 No known vulnerabilities against package/version... | |
| [961/1061] restore-cursor 2.0.0 No known vulnerabilities against package/version... | |
| [962/1061] onetime 2.0.1 No known vulnerabilities against package/version... | |
| [963/1061] cli-width 2.2.0 No known vulnerabilities against package/version... | |
| [964/1061] external-editor 2.2.0 No known vulnerabilities against package/version... | |
| [965/1061] chardet 0.4.2 No known vulnerabilities against package/version... | |
| [966/1061] tmp 0.0.33 No known vulnerabilities against package/version... | |
| [967/1061] figures 2.0.0 No known vulnerabilities against package/version... | |
| [968/1061] rxjs 5.5.12 No known vulnerabilities against package/version... | |
| [969/1061] symbol-observable 1.0.1 No known vulnerabilities against package/version... | |
| [970/1061] mute-stream 0.0.7 No known vulnerabilities against package/version... | |
| [971/1061] run-async 2.3.0 No known vulnerabilities against package/version... | |
| [972/1061] is-resolvable 1.1.0 No known vulnerabilities against package/version... | |
| [973/1061] levn 0.3.0 No known vulnerabilities against package/version... | |
| [974/1061] prelude-ls 1.1.2 No known vulnerabilities against package/version... | |
| [975/1061] type-check 0.3.2 No known vulnerabilities against package/version... | |
| [976/1061] natural-compare 1.4.0 No known vulnerabilities against package/version... | |
| [977/1061] optionator 0.8.2 No known vulnerabilities against package/version... | |
| [978/1061] deep-is 0.1.3 No known vulnerabilities against package/version... | |
| [979/1061] fast-levenshtein 2.0.6 No known vulnerabilities against package/version... | |
| [980/1061] wordwrap 1.0.0 No known vulnerabilities against package/version... | |
| [981/1061] pluralize 7.0.0 No known vulnerabilities against package/version... | |
| [982/1061] progress 2.0.3 No known vulnerabilities against package/version... | |
| [983/1061] regexpp 2.0.1 No known vulnerabilities against package/version... | |
| [984/1061] require-uncached 1.0.3 No known vulnerabilities against package/version... | |
| [985/1061] caller-path 0.1.0 No known vulnerabilities against package/version... | |
| [986/1061] callsites 0.2.0 No known vulnerabilities against package/version... | |
| [987/1061] resolve-from 1.0.1 No known vulnerabilities against package/version... | |
| [988/1061] unzipper 0.8.12 No known vulnerabilities against package/version... | |
| [989/1061] winston 3.2.1 No known vulnerabilities against package/version... | |
| [990/1061] table 4.0.3 No known vulnerabilities against package/version... | |
| [991/1061] ajv-keywords 3.4.0 No known vulnerabilities against package/version... | |
| [992/1061] slice-ansi 1.0.0 No known vulnerabilities against package/version... | |
| [993/1061] is-fullwidth-code-point 2.0.0 No known vulnerabilities against package/version... | |
| [994/1061] text-table 0.2.0 No known vulnerabilities against package/version... | |
| [995/1061] eslint-config-standard 12.0.0 No known vulnerabilities against package/version... | |
| [996/1061] eslint-config-standard-jsx 6.0.2 No known vulnerabilities against package/version... | |
| [997/1061] eslint-plugin-import 2.14.0 No known vulnerabilities against package/version... | |
| [998/1061] contains-path 0.1.0 No known vulnerabilities against package/version... | |
| [999/1061] eslint-import-resolver-node 0.3.2 No known vulnerabilities against package/version... | |
| [1000/1061] eslint-module-utils 2.4.0 No known vulnerabilities against package/version... | |
| [1001/1061] doctrine 1.5.0 No known vulnerabilities against package/version... | |
| [1002/1061] isarray 1.0.0 No known vulnerabilities against package/version... | |
| [1003/1061] read-pkg-up 2.0.0 No known vulnerabilities against package/version... | |
| [1004/1061] read-pkg 2.0.0 No known vulnerabilities against package/version... | |
| [1005/1061] load-json-file 2.0.0 No known vulnerabilities against package/version... | |
| [1006/1061] path-type 2.0.0 No known vulnerabilities against package/version... | |
| [1007/1061] eslint-plugin-node 7.0.1 No known vulnerabilities against package/version... | |
| [1008/1061] eslint-plugin-es 1.4.0 No known vulnerabilities against package/version... | |
| [1009/1061] eslint-plugin-promise 4.0.1 No known vulnerabilities against package/version... | |
| [1010/1061] eslint-plugin-react 7.11.1 No known vulnerabilities against package/version... | |
| [1011/1061] array-includes 3.0.3 No known vulnerabilities against package/version... | |
| [1012/1061] jsx-ast-utils 2.1.0 No known vulnerabilities against package/version... | |
| [1013/1061] prop-types 15.7.2 No known vulnerabilities against package/version... | |
| [1014/1061] loose-envify 1.4.0 No known vulnerabilities against package/version... | |
| [1015/1061] react-is 16.8.6 No known vulnerabilities against package/version... | |
| [1016/1061] eslint-plugin-standard 4.0.0 No known vulnerabilities against package/version... | |
| [1017/1061] standard-engine 9.0.0 No known vulnerabilities against package/version... | |
| [1018/1061] deglob 2.1.1 No known vulnerabilities against package/version... | |
| [1019/1061] ignore 3.3.10 No known vulnerabilities against package/version... | |
| [1020/1061] find-root 1.1.0 No known vulnerabilities against package/version... | |
| [1021/1061] pkg-config 1.1.1 No known vulnerabilities against package/version... | |
| [1022/1061] debug-log 1.0.1 No known vulnerabilities against package/version... | |
| [1023/1061] run-parallel 1.1.9 No known vulnerabilities against package/version... | |
| [1024/1061] uniq 1.0.1 No known vulnerabilities against package/version... | |
| [1025/1061] pkg-conf 2.1.0 No known vulnerabilities against package/version... | |
| [1026/1061] get-stdin 6.0.0 No known vulnerabilities against package/version... | |
| [1027/1061] swagger-ui-express 4.0.6 No known vulnerabilities against package/version... | |
| [1028/1061] swagger-ui-dist 3.22.3 No known vulnerabilities against package/version... | |
| [1029/1061] big-integer 1.6.44 No known vulnerabilities against package/version... | |
| [1030/1061] binary 0.3.0 No known vulnerabilities against package/version... | |
| [1031/1061] buffers 0.1.1 No known vulnerabilities against package/version... | |
| [1032/1061] chainsaw 0.1.0 No known vulnerabilities against package/version... | |
| [1033/1061] traverse 0.3.9 No known vulnerabilities against package/version... | |
| [1034/1061] buffer-indexof-polyfill 1.0.1 No known vulnerabilities against package/version... | |
| [1035/1061] listenercount 1.0.1 No known vulnerabilities against package/version... | |
| [1036/1061] setimmediate 1.0.5 No known vulnerabilities against package/version... | |
| [1037/1061] bluebird 3.4.7 No known vulnerabilities against package/version... | |
| [1038/1061] readable-stream 2.1.5 No known vulnerabilities against package/version... | |
| [1039/1061] buffer-shims 1.0.0 No known vulnerabilities against package/version... | |
| [1040/1061] process-nextick-args 1.0.7 No known vulnerabilities against package/version... | |
| [1041/1061] diagnostics 1.1.1 No known vulnerabilities against package/version... | |
| [1042/1061] colorspace 1.1.2 No known vulnerabilities against package/version... | |
| [1043/1061] color 3.0.0 No known vulnerabilities against package/version... | |
| [1044/1061] color-string 1.5.3 No known vulnerabilities against package/version... | |
| [1045/1061] simple-swizzle 0.2.2 No known vulnerabilities against package/version... | |
| [1046/1061] is-arrayish 0.3.2 No known vulnerabilities against package/version... | |
| [1047/1061] text-hex 1.0.0 No known vulnerabilities against package/version... | |
| [1048/1061] enabled 1.0.2 No known vulnerabilities against package/version... | |
| [1049/1061] env-variable 0.0.5 No known vulnerabilities against package/version... | |
| [1050/1061] kuler 1.0.1 No known vulnerabilities against package/version... | |
| [1051/1061] colornames 1.1.1 No known vulnerabilities against package/version... | |
| [1052/1061] logform 2.1.2 No known vulnerabilities against package/version... | |
| [1053/1061] fast-safe-stringify 2.0.6 No known vulnerabilities against package/version... | |
| [1054/1061] fecha 2.3.3 No known vulnerabilities against package/version... | |
| [1055/1061] triple-beam 1.3.0 No known vulnerabilities against package/version... | |
| [1056/1061] one-time 0.0.4 No known vulnerabilities against package/version... | |
| [1057/1061] stack-trace 0.0.10 No known vulnerabilities against package/version... | |
| [1058/1061] winston-transport 4.3.0 No known vulnerabilities against package/version... | |
| [1059/1061] readable-stream 3.4.0 No known vulnerabilities against package/version... | |
| [1060/1061] string_decoder 1.1.1 No known vulnerabilities against package/version... | |
| [1061/1061] z85 0.0.2 No known vulnerabilities against package/version... | |
| Audited dependencies: 1061, Vulnerable: 11, Ignored: 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment