OSS Index Helpclose
An open index of open source

 Welcome to the Bower Start Page

Posted by OSS-Index on May 21, 2016

Quick access to Bower auditing tools, search, and recent bower activity on OSS Index.

 Recent news...


Bower package vulnerability: riot

Cross Site Scripting (XSS)
Thu Jun 15 01:19:09 EDT 2017

Child tag attributes on child elements containing expressions can be evaluated on execution of update events on the parent element.




Bower package vulnerability: dompurify

Cross-site Scripting (XSS)
Thu Jun 15 01:11:10 EDT 2017

> Affected versions of this package are vulnerable to a Cross-site Scripting (XSS) bug in Safari (>= versions 10.1). Specifically, when DOMPurify attempts to parse a string like: > > <svg onload=alert(document.domain)> > > it will result in XSS. > > – snyk.io




Bower package vulnerability: dompurify

Cross-site Scripting (XSS)
Thu Jun 15 01:11:06 EDT 2017

> Affected versions of the package are vulnerable to Cross-site Scripting (XSS) attacks. SVG tags are case sensitive, but DOMPurify transforms these tags to lowercase. This causes the SVG document to render incorrectly, and may trigger a flaw in the Opera browser. > > – snyk.io




Bower package vulnerability: dompurify

Cross-site Scripting (XSS)
Thu Jun 15 01:11:03 EDT 2017

> Affected versions of the package are vulnerable to Cross-site Scripting (XSS) which is caused by Double-Clobbering. > > – snyk.io




Bower package vulnerability: ljharb-qs

Denial of Service (Event Loop Blocking)
Wed May 10 23:32:40 EDT 2017

> When parsing a string representing a deeply nested object, qs will block the event loop for long periods of time. Such a delay may hold up the server's resources, keeping it from processing other requests in the meantime, thus enabling a Denial-of-Service attack. > > – snyk.io




Bower package vulnerability: vor-test-project-bower-please-ignore-1

Test vulnerability, please ignore
Thu May 04 01:07:44 EDT 2017

Test vulnerability for a test project




Bower package vulnerability: vor-test-project-bower-please-ignore-1

Test vulnerability, please ignore
Thu May 04 01:07:44 EDT 2017

This is a test vulnerability for a test project




Bower package vulnerability: vor-test-project-bower-please-ignore-1

Test vulnerability, please ignore
Thu May 04 01:07:44 EDT 2017

This is a test vulnerability for a test project




Bower package vulnerability: agGrid_kiwik

Cross Site Scripting (XSS)
Wed May 03 01:48:34 EDT 2017

> Affected versions of the package are vulnerable to HTML Injection. ag-grid used mozilla's Element.innerHTML, which is vulnerable to Cross-Site Scripting (XSS) attacks when used within a user-inputted value. In this case an attacker could insert a malicious username and initiate a XSS attack. > > – snyk.io




Bower package vulnerability: fileapi

Possible Cross Site Scripting (XSS)
Sun Apr 16 17:31:52 EDT 2017

Non-flashvar query parameters may be a vector of cross site scripting attacks and should be ignored.



Package auditing tools

 Bower [DevAudit]