eldorplus / conception-website Goto Github PK
View Code? Open in Web Editor NEWCréation de site internet
Home Page: http://conception-web.ga
Création de site internet
Home Page: http://conception-web.ga
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Publish Date: 2018-12-04
URL: CVE-2018-19839
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-12-04
Fix Resolution: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105
Step up your Open Source Security Game with Mend here
Growl unobtrusive notifications
Library home page: https://registry.npmjs.org/growl/-/growl-1.9.2.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/growl/package.json,/node_modules/growl/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.
Publish Date: 2018-06-04
URL: CVE-2017-16042
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-16042
Release Date: 2018-04-26
Fix Resolution (growl): 1.10.2
Direct dependency fix Resolution (mocha): 4.0.0
Step up your Open Source Security Game with Mend here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.16.6.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/lodash/package.json
Dependency Hierarchy:
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/karma/node_modules/lodash/package.json,/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-06-07
URL: CVE-2018-3721
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1067
Release Date: 2018-06-07
Fix Resolution (lodash): 4.17.5
Direct dependency fix Resolution (node-sass): 4.14.0
Fix Resolution (lodash): 4.17.5
Direct dependency fix Resolution (karma-webpack): 2.0.10
Step up your Open Source Security Game with Mend here
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20822
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-04-23
Fix Resolution: libsass - 3.5.5;node-sass - 4.14.0
Step up your Open Source Security Game with Mend here
A comprehensive library for mime-type mapping
Library home page: https://registry.npmjs.org/mime/-/mime-1.3.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mime/package.json
Dependency Hierarchy:
A comprehensive library for mime-type mapping
Library home page: https://registry.npmjs.org/mime/-/mime-1.3.6.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/url-loader/node_modules/mime/package.json,/node_modules/mime/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.
Publish Date: 2018-06-07
URL: CVE-2017-16138
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16138
Release Date: 2018-04-26
Fix Resolution (mime): 1.4.1
Direct dependency fix Resolution (express): 4.16.0
Fix Resolution (mime): 1.4.1
Direct dependency fix Resolution (webpack-dev-middleware): 1.11.0
Step up your Open Source Security Game with Mend here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
Base Score Metrics:
Step up your Open Source Security Game with Mend here
General purpose crypto utilities
Library home page: https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/cryptiles/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
Publish Date: 2018-07-09
URL: CVE-2018-1000620
Base Score Metrics:
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000620
Release Date: 2018-07-09
Fix Resolution (cryptiles): 4.1.2
Direct dependency fix Resolution (phantomjs-prebuilt): 2.1.16
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /node_modules/js-base64/test/index.html
Path to vulnerable library: /node_modules/js-base64/test/index.html
Dependency Hierarchy:
Found in HEAD commit: d01989566d2a70e542b08bc943c5de9d223ce39d
Found in base branch: develop
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
Step up your Open Source Security Game with Mend here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.16.6.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/lodash/package.json
Dependency Hierarchy:
The lodash method `_.defaultsDeep` exported as a module.
Library home page: https://registry.npmjs.org/lodash.defaultsdeep/-/lodash.defaultsdeep-4.3.2.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/lodash.defaultsdeep/package.json,/node_modules/lodash.defaultsdeep/package.json
Dependency Hierarchy:
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/karma/node_modules/lodash/package.json,/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-07-26
URL: CVE-2019-10744
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jf85-cpcp-j695
Release Date: 2019-07-26
Fix Resolution (lodash): 4.17.12
Direct dependency fix Resolution (node-sass): 4.14.0
Fix Resolution (lodash.defaultsdeep): 4.17.12
Direct dependency fix Resolution (nightwatch): 0.9.16
Fix Resolution (lodash): 4.17.12
Direct dependency fix Resolution (karma-webpack): 2.0.10
Step up your Open Source Security Game with Mend here
The lodash method `_.defaultsDeep` exported as a module.
Library home page: https://registry.npmjs.org/lodash.defaultsdeep/-/lodash.defaultsdeep-4.3.2.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/lodash.defaultsdeep/package.json,/node_modules/lodash.defaultsdeep/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
lodash.defaultsdeep before 4.6.1 is vulnerable to Prototype Pollution. The function defaultsDeep() may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2019-08-14
URL: WS-2019-0181
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1070
Release Date: 2019-08-14
Fix Resolution (lodash.defaultsdeep): 4.6.1
Direct dependency fix Resolution (nightwatch): 1.0.4
Step up your Open Source Security Game with Mend here
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-1.7.0.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: conception-website/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
Found in HEAD commit: d01989566d2a70e542b08bc943c5de9d223ce39d
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.toString() backslash-escapes all forward slashes in regular expressions. If serialized data of regular expression objects are used in an environment other than Node.js, it is affected by this vulnerability.
Publish Date: 2019-12-05
URL: CVE-2019-16769
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16769
Release Date: 2019-12-05
Fix Resolution: v2.1.1
Step up your Open Source Security Game with WhiteSource here
An HTTP(s) proxy `http.Agent` implementation for HTTPS
Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/pac-proxy-agent/node_modules/https-proxy-agent/package.json,/node_modules/https-proxy-agent/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed input to the 'auth' parameter (e.g. JSON).
Publish Date: 2018-06-07
URL: CVE-2018-3739
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3739
Release Date: 2018-04-26
Fix Resolution (https-proxy-agent): 2.2.0
Direct dependency fix Resolution (nightwatch): 1.0.4
Step up your Open Source Security Game with Mend here
A javascript text diff implementation.
Library home page: https://registry.npmjs.org/diff/-/diff-3.2.0.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/diff/package.json,/node_modules/diff/package.json
Dependency Hierarchy:
A javascript text diff implementation.
Library home page: https://registry.npmjs.org/diff/-/diff-1.4.0.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/mocha-nightwatch/node_modules/diff/package.json,/node_modules/diff/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
A vulnerability was found in diff before v3.5.0, the affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
Publish Date: 2018-03-05
URL: WS-2018-0590
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-03-05
Fix Resolution (diff): 3.5.0
Direct dependency fix Resolution (mocha): 5.0.3
Fix Resolution (diff): 3.5.0
Direct dependency fix Resolution (nightwatch): 1.0.1
Step up your Open Source Security Game with Mend here
tar for node
Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /tmp/git/conception-website/node_modules/grpc/node_modules/tar/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.
Publish Date: 2019-04-05
URL: WS-2019-0047
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/803
Release Date: 2019-04-05
Fix Resolution: 4.4.2
Step up your Open Source Security Game with WhiteSource here
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.8.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/js-yaml/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.
Publish Date: 2019-04-05
URL: WS-2019-0063
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/813
Release Date: 2019-04-05
Fix Resolution (js-yaml): 3.13.1
Direct dependency fix Resolution (eslint): 4.0.0
Fix Resolution (js-yaml): 3.13.1
Direct dependency fix Resolution (optimize-css-assets-webpack-plugin): 2.0.0
Step up your Open Source Security Game with Mend here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6283
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-01-14
Fix Resolution: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105
Step up your Open Source Security Game with Mend here
A comprehensive library for mime-type mapping
Library home page: https://registry.npmjs.org/mime/-/mime-1.3.6.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /tmp/git/conception-website/node_modules/url-loader/node_modules/mime/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Affected version of mime (1.0.0 throw 1.4.0 and 2.0.0 throw 2.0.2), are vulnerable to regular expression denial of service.
Publish Date: 2017-09-27
URL: WS-2017-0330
Type: Upgrade version
Origin: broofa/mime@1df903f
Release Date: 2019-04-03
Fix Resolution: 1.4.1,2.0.3
Step up your Open Source Security Game with WhiteSource here
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-3.2.6.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-0.7.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.6.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.6.7.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.6.8.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/mocha/node_modules/debug/package.json,/node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.3.3.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/engine.io-client/node_modules/debug/package.json,/node_modules/debug/package.json
Dependency Hierarchy:
small debugging utility
Library home page: https://registry.npmjs.org/debug/-/debug-2.2.0.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/socket.io-parser/node_modules/debug/package.json,/node_modules/debug/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.
Publish Date: 2018-06-07
URL: CVE-2017-16137
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-gxpj-cx7g-858c
Release Date: 2018-04-26
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (googleapis): 39.2.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (phantomjs-prebuilt): 2.1.15
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (mocha): 3.5.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (express): 4.15.4
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (babel-core): 6.25.0
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (karma): 1.7.1
Fix Resolution (debug): 3.2.7
Direct dependency fix Resolution (karma): 1.7.1
Step up your Open Source Security Game with Mend here
An AST-based pattern checker for JavaScript.
Library home page: https://registry.npmjs.org/eslint/-/eslint-3.19.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/eslint/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
A vulnerability was descovered in eslint before 4.18.2. One of the regexes in eslint is vulnerable to catastrophic backtracking.
Publish Date: 2018-02-27
URL: WS-2018-0347
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Fastest brace expansion for node.js, with the most complete support for the Bash 4.3 braces specification.
Library home page: https://registry.npmjs.org/braces/-/braces-1.8.5.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /tmp/git/conception-website/node_modules/test-exclude/node_modules/braces/package.json
Dependency Hierarchy:
Fastest brace expansion lib. Typically used with file paths, but can be used with any string. Expands comma-separated values (e.g. `foo/{a,b,c}/bar`) and alphabetical or numerical ranges (e.g. `{1..9}`)
Library home page: https://registry.npmjs.org/braces/-/braces-0.1.5.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /tmp/git/conception-website/node_modules/expand-braces/node_modules/braces/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Version of braces prior to 2.3.1 are vulnerable to Regular Expression Denial of Service (ReDoS). Untrusted input may cause catastrophic backtracking while matching regular expressions. This can cause the application to be unresponsive leading to Denial of Service.
Publish Date: 2019-03-25
URL: WS-2019-0019
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/786
Release Date: 2019-02-21
Fix Resolution: 2.3.1
Step up your Open Source Security Game with WhiteSource here
Port of jQuery.extend for node.js and the browser
Library home page: https://registry.npmjs.org/extend/-/extend-3.0.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/extend/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16492
Base Score Metrics:
Type: Upgrade version
Origin: https://hackerone.com/reports/381185
Release Date: 2019-02-01
Fix Resolution (extend): 3.0.2
Direct dependency fix Resolution (eslint-friendly-formatter): 3.0.0
Step up your Open Source Security Game with Mend here
General purpose node utilities
Library home page: https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/hoek/package.json,/node_modules/hoek/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-03-30
URL: CVE-2018-3728
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16082
Release Date: 2018-03-30
Fix Resolution (hoek): 4.2.0
Direct dependency fix Resolution (jsonwebtoken): 8.0.0
Step up your Open Source Security Game with Mend here
Advanced file system stream things
Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: conception-website/node_modules/grpc/node_modules/fstream/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Publish Date: 2019-07-02
URL: CVE-2019-13173
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13173
Release Date: 2019-07-02
Fix Resolution: 1.0.12
Step up your Open Source Security Game with WhiteSource here
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Found in base branch: develop
** DISPUTED ** In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters. NOTE: Upstream comments indicate this issue is closed as "won't fix" and "works as intended" by design.
Publish Date: 2018-12-03
URL: CVE-2018-19826
Base Score Metrics:
Step up your Open Source Security Game with Mend here
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/conception-website/node_modules/js-base64/test/index.html
Path to vulnerable library: /conception-website/node_modules/js-base64/test/index.html
Dependency Hierarchy:
Found in HEAD commit: d01989566d2a70e542b08bc943c5de9d223ce39d
JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.
Publish Date: 2016-11-27
URL: WS-2016-0090
Type: Upgrade version
Origin: jquery/jquery@b078a62
Release Date: 2019-04-08
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-12-17
Fix Resolution: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6
Step up your Open Source Security Game with Mend here
Webpack plugin and CLI utility that represents bundle content as convenient interactive zoomable treemap
Library home page: https://registry.npmjs.org/webpack-bundle-analyzer/-/webpack-bundle-analyzer-2.8.2.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/webpack-bundle-analyzer/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.
Publish Date: 2019-04-11
URL: WS-2019-0058
Base Score Metrics:
Step up your Open Source Security Game with Mend here
An HTTP(s) proxy `http.Agent` implementation for HTTP
Library home page: https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-1.0.0.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: conception-website/node_modules/http-proxy-agent/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Versions of http-proxy-agent before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to Buffer.
Publish Date: 2018-04-25
URL: WS-2018-0085
Base Score Metrics:
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/607
Release Date: 2018-01-27
Fix Resolution: 2.1.0
Step up your Open Source Security Game with WhiteSource here
Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
Library home page: https://registry.npmjs.org/ws/-/ws-2.3.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/ws/package.json
Dependency Hierarchy:
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
Library home page: https://registry.npmjs.org/ws/-/ws-1.1.2.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/ws/package.json,/node_modules/ws/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
Denial of Service vulnerability was found in ws npm package 0.2.6 through 1.1.4 and 2.0.0 through 3.3.0. ws can crash when a specially crafted Sec-WebSocket-Extensions header containing Object.prototype property names as extension or parameter names are sent.
Publish Date: 2017-11-08
URL: WS-2017-0421
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5v72-xg48-5rpm
Release Date: 2017-11-08
Fix Resolution (ws): 3.3.1
Direct dependency fix Resolution (webpack-bundle-analyzer): 2.9.1
Fix Resolution (ws): 3.3.1
Direct dependency fix Resolution (karma): 1.7.1
Step up your Open Source Security Game with Mend here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
Publish Date: 2019-01-14
URL: CVE-2019-6286
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-07-23
Fix Resolution: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105
Step up your Open Source Security Game with Mend here
Method that parses a JSON string and returns a JSON object
Library home page: https://registry.npmjs.org/parsejson/-/parsejson-0.0.3.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/parsejson/package.json,/node_modules/parsejson/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
Publish Date: 2018-06-07
URL: CVE-2017-16113
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Recursive object extending
Library home page: https://registry.npmjs.org/deep-extend/-/deep-extend-0.4.2.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: conception-website/node_modules/grpc/node_modules/deep-extend/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
Publish Date: 2018-07-03
URL: CVE-2018-3750
Base Score Metrics:
Type: Upgrade version
Origin: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3750
Release Date: 2019-01-24
Fix Resolution: 0.5.1
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-12-03
URL: CVE-2018-19827
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-12-03
Fix Resolution: GR.PageRender.Razor - 1.8.0;Fable.Template.Elmish.React - 0.1.6
Step up your Open Source Security Game with Mend here
An HTTP(s) proxy `http.Agent` implementation for HTTPS
Library home page: https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-1.0.0.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: conception-website/node_modules/pac-proxy-agent/node_modules/https-proxy-agent/package.json,conception-website/node_modules/https-proxy-agent/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Found in base branch: develop
Versions of https-proxy-agent before 2.2.0 are vulnerable to a denial of service. This is due to unsanitized options (proxy.auth) being passed to Buffer().
Publish Date: 2018-02-28
URL: WS-2018-0072
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/593
Release Date: 2018-02-28
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20821
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-04-23
Fix Resolution: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105
Step up your Open Source Security Game with Mend here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Publish Date: 2018-12-04
URL: CVE-2018-19838
Base Score Metrics:
Step up your Open Source Security Game with Mend here
Encode and decode streams into string streams
Library home page: https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/grpc/node_modules/stringstream/package.json,/node_modules/stringstream/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
All versions of stringstream are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.
Publish Date: 2018-05-16
URL: WS-2018-0103
Base Score Metrics:
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/664
Release Date: 2018-01-27
Fix Resolution (stringstream): 0.0.6
Direct dependency fix Resolution (phantomjs-prebuilt): 2.1.15
Step up your Open Source Security Game with Mend here
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.8.4.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/js-yaml/package.json
Dependency Hierarchy:
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.7.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/js-yaml/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
Versions js-yaml prior to 3.13.0 are vulnerable to Denial of Service. By parsing a carefully-crafted YAML file, the node process stalls and may exhaust system resources leading to a Denial of Service.
Publish Date: 2019-03-20
URL: WS-2019-0032
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/788/versions
Release Date: 2019-03-20
Fix Resolution (js-yaml): 3.13.0
Direct dependency fix Resolution (eslint): 4.0.0
Fix Resolution (js-yaml): 3.13.0
Direct dependency fix Resolution (optimize-css-assets-webpack-plugin): 2.0.0
Step up your Open Source Security Game with Mend here
Growl unobtrusive notifications
Library home page: https://registry.npmjs.org/growl/-/growl-1.9.2.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /tmp/git/conception-website/node_modules/growl/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Affected versions of the package are vulnerable to Arbitrary Code Injection.
Publish Date: 2017-05-01
URL: WS-2017-0236
Type: Change files
Origin: tj/node-growl@d9f6ea2
Release Date: 2016-09-05
Fix Resolution: Replace or update the following files: package.json, growl.js
Step up your Open Source Security Game with WhiteSource here
A Java based fault and performance management system
Library home page: https://sourceforge.net/projects/opennms/
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
Base Score Metrics:
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.2/jquery.min.js
Path to dependency file: /node_modules/js-base64/test/index.html
Path to vulnerable library: /node_modules/js-base64/test/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /node_modules/vm-browserify/example/run/index.html
Path to vulnerable library: /node_modules/vm-browserify/example/run/index.html
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - 3.0.0
Step up your Open Source Security Game with Mend here
Tiny milisecond conversion utility
Library home page: https://registry.npmjs.org/ms/-/ms-0.7.2.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: conception-website/node_modules/engine.io/node_modules/ms/package.json,conception-website/node_modules/ms/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Found in base branch: develop
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS).
Publish Date: 2017-04-12
URL: WS-2017-0247
Type: Upgrade version
Origin: vercel/ms#89
Release Date: 2017-04-12
Fix Resolution: 2.1.1
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-06-04
Fix Resolution: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105
Step up your Open Source Security Game with Mend here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
Base Score Metrics:
Step up your Open Source Security Game with Mend here
🌈 Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11693
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6284
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2019-6284
Release Date: 2019-01-14
Fix Resolution: 5.0.0
Step up your Open Source Security Game with Mend here
Wrapper around libsass
Library home page: https://registry.npmjs.org/node-sass/-/node-sass-4.13.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/node-sass/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-03
URL: CVE-2018-19797
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-12-03
Fix Resolution: Fable.Template.Elmish.React - 0.1.6;GR.PageRender.Razor - 1.8.0;MIDIator.WebClient - 1.0.105
Step up your Open Source Security Game with Mend here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.16.6.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/lodash/package.json
Dependency Hierarchy:
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /node_modules/karma/node_modules/lodash/package.json,/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 388e228fdc3fb332f3a4d2cb33d84668e0e8f99a
Found in base branch: develop
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://hackerone.com/reports/380873
Release Date: 2019-02-01
Fix Resolution (lodash): 4.17.11
Direct dependency fix Resolution (node-sass): 4.14.0
Fix Resolution (lodash): 4.17.11
Direct dependency fix Resolution (karma-webpack): 2.0.10
Step up your Open Source Security Game with Mend here
Advanced file system stream things
Library home page: https://registry.npmjs.org/fstream/-/fstream-1.0.11.tgz
Path to dependency file: /conception-website/package.json
Path to vulnerable library: /tmp/git/conception-website/node_modules/grpc/node_modules/fstream/package.json
Dependency Hierarchy:
Found in HEAD commit: aafabe1f890f6614128b3e3a46fcacc878d945e9
Versions of fstream prior to 1.0.12 are vulnerable to Arbitrary File Overwrite.
Publish Date: 2019-05-23
URL: WS-2019-0100
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/886
Release Date: 2019-05-23
Fix Resolution: 1.0.12
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.