OSS Index Helpclose
An open index of open source

 Welcome to the npm Start Page

Posted by OSS-Index on May 18, 2016

Quick access to npm auditing tools, search, and recent npm activity on OSS Index.

 Recent news...


npm package vulnerability: ip

Uninitialized Memory Exposure
Sun Jun 25 22:44:27 EDT 2017

> Affected versions of the package are vulnerable to Uninitialized Memory Exposure due to an insecure use of the Node.js Buffer class. > > – snyk.io




npm package vulnerability: pidusage

Arbitrary Command Injection
Sun Jun 25 22:44:17 EDT 2017

> Affected versions of the package are vulnerable to Arbitrary Command Injection. It passes user input to child_process.exec without sanitization, which causes a command injection vulnerability in the ps function due to never casting the PID to an integer. >
> – snyk.io




npm package vulnerability: crumb

Authentication Bypass
Sun Jun 25 22:43:18 EDT 2017

> Affected versions of the package are vulnerable to Authentication Bypass. crumb does not validate the hostname while comparing a request origin against the whitelist, but rather compare http protocol alone. This opens a window for attackers to gain information by Man in the Middle (MitM) attacks. > > – snyk.io




npm package vulnerability: jstree

Cross Site Scripting (XSS)
Sun Jun 25 22:41:42 EDT 2017

> Affected versions of the package are vulnerable to Cross-site Scripting (XSS). > – snyk.io




npm package vulnerability: jQuery

Cross Site Scripting (XSS)
Thu Jun 15 01:09:50 EDT 2017

> Affected versions of the package are vulnerable to a DOM based Cross-site Scripting (XSS) attack due to using the text() function inside the after() function. > > – snyk.io




npm package vulnerability: mysql

SQL Injection due to unescaped object keys
Thu Jun 08 01:59:06 EDT 2017

> Affected versions of this package do not properly escape column identifiers with mysql.escape() and can result in SQL injection vulnerability. > > – snyk.io




npm package vulnerability: rendr

Cross Site Scripting (XSS)
Fri Jun 02 02:10:15 EDT 2017

> Affected versions of the package are vulnerable to Cross-site Scripting (XSS). > > > – snyk.io




npm package vulnerability: uikit

Regular Expression Denial of Service (ReDoS)
Fri Jun 02 02:09:53 EDT 2017

> Affected versions of the package are vulnerable to Regular Expression Denial of Service (DoS) due to using a hardcoded file from a vulnerable version of marked. > > – snyk.io




npm package vulnerability: datatables

Cross Site Scripting (XSS)
Fri Jun 02 02:09:02 EDT 2017

> Affected versions of the package are vulnerable to Cross-site Scripting (XSS). > > > – snyk.io




npm package vulnerability: keygrip

[Duplicate] Debug package vulnerability with ReDoS
Thu May 18 01:55:46 EDT 2017

See https://ossindex.net/resource/vulnerability/8402880343



Package auditing tools

 npm [AuditJS]