| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| This affects all versions of package phantomjs-seo. It is possible for an attacker to craft a url that will be passed to a PhantomJS instance allowing for an SSRF attack. |
| All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). |
| All versions of package safetydance are vulnerable to Prototype Pollution via the set function. |
| The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. |
| The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option. |
| All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column. |
| The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. |
| This affects all versions <0.7.0 of package github.com/russellhaering/gosaml2. There is a crash on nil-pointer dereference caused by sending malformed XML signatures. |
| The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. |
| The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load() instead of its secure replacement safeLoad() of the package js-yaml inside grunt.file.readYAML. |
| All versions of package gedi are vulnerable to Prototype Pollution via the set function. |
| All versions of package safe-object2 are vulnerable to Prototype Pollution via the setter function. |
| All versions of package worksmith are vulnerable to Prototype Pollution via the setValue function. |
| All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function. |
| All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function. |
| All versions of package nodee-utils are vulnerable to Prototype Pollution via the deepSet function. |
| All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function. |
| The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. |
| Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function. |
| All versions of package gammautils are vulnerable to Prototype Pollution via the deepSet and deepMerge functions. |