Bugs with TODO items

Hide "check" TODOs

BugDescriptionNote
CVE-2011-4183A vulnerability in open build service allows remote attackers to ...check
CVE-2011-4190The kdump implementation is missing the host key verification in the ...check
CVE-2012-0433The install-chef-suse.sh script shipped with crowbar before 2012-10-02 ...check
CVE-2014-0593The set_version script as shipped with obs-service-set_version is a ...check
CVE-2014-10064The qs module before 1.0.0 does not have an option or default for ...check
CVE-2014-10065Certain input when passed into remarkable before 1.4.1 will bypass the ...check
CVE-2014-10066Versions less than 0.1.4 of the static file server module fancy-server ...check
CVE-2014-10067paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by ...check
CVE-2014-10068The inert directory handler in inert node module before 1.1.1 always ...check
CVE-2014-7952The backup mechanism in the adb tool in Android might allow attackers ...check
CVE-2015-4043SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows ...check
CVE-2015-7610Cross-site request forgery (CSRF) vulnerability in the login form in ...check
CVE-2015-9236Hapi versions less than 11.0.0 implement CORS incorrectly and allowed ...check
CVE-2015-9238secure-compare 3.0.0 and below do not actually compare two strings ...check
CVE-2015-9239ansi2html is vulnerable to regular expression denial of service ...check
CVE-2015-9240Due to a bug in the the default sign in functionality in the keystone ...check
CVE-2015-9241Certain input passed into the If-Modified-Since or Last-Modified ...check
CVE-2015-9242Certain input strings when passed to new Date() or Date.parse() in ...check
CVE-2015-9243When server level, connection level or route level CORS configurations ...check
CVE-2016-10518A vulnerability was found in the ping functionality of the ws module ...check
CVE-2016-10519A security issue was found in bittorrent-dht before 5.1.3 that allows ...check
CVE-2016-10520jadedown is vulnerable to regular expression denial of service (ReDoS) ...check
CVE-2016-10521jshamcrest is vulnerable to regular expression denial of service ...check
CVE-2016-10523MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted ...check
CVE-2016-10524i18n-node-angular is a module used to interact between i18n and ...check
CVE-2016-10525When attempting to allow authentication mode `try` in hapi, ...check
CVE-2016-10526A common setup to deploy to gh-pages on every commit via a CI system ...check
CVE-2016-10527The riot-compiler version version 2.3.21 has an issue in a regex ...check
CVE-2016-10528restafary is a REpresentful State Transfer API for Creating, Reading, ...check
CVE-2016-10529Droppy versions <3.5.0 does not perform any verification for ...check
CVE-2016-10530The airbrake module 0.3.8 and earlier defaults to sending environment ...check
CVE-2016-10532console-io is a module that allows users to implement a web console in ...check
CVE-2016-10533express-restify-mongoose is a module to easily create a flexible REST ...check
CVE-2016-10534electron-packager is a command line tool that packages Electron source ...check
CVE-2016-10535csrf-lite is a cross-site request forgery protection library for ...check
CVE-2016-10536engine.io-client is the client for engine.io, the implementation of a ...check
CVE-2016-10543call is an HTTP router that is primarily used by the hapi framework. ...check
CVE-2016-10544uws is a WebSocket server library. By sending a 256mb websocket ...check
CVE-2016-10546An arbitrary code injection vector was found in PouchDB 6.0.4 and ...check
CVE-2016-10547Nunjucks is a full featured templating engine for JavaScript. Versions ...check
CVE-2016-10548Arbitrary code execution is possible in reduce-css-calc node module ...check
CVE-2016-10549Sails is an MVC style framework for building realtime web ...check
CVE-2016-10550sequelize is an Object-relational mapping, or a middleman to convert ...check
CVE-2016-10551waterline-sequel is a module that helps generate SQL statements for ...check
CVE-2016-10552igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over ...check
CVE-2016-10553sequelize is an Object-relational mapping, or a middleman to convert ...check
CVE-2016-10554sequelize is an Object-relational mapping, or a middleman to convert ...check
CVE-2016-10556sequelize is an Object-relational mapping, or a middleman to convert ...check
CVE-2016-10557appium-chromedriver is a Node.js wrapper around Chromedriver. Versions ...check
CVE-2016-10558aerospike is an Aerospike add-on module for Node.js. aerospike ...check
CVE-2016-10559selenium-download downloads the latest versions of the selenium ...check
CVE-2016-10560galenframework-cli is the node wrapper for the Galen Framework. ...check
CVE-2016-10561Bitty is a development web server tool that functions similar to ...check
CVE-2016-10562iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions ...check
CVE-2016-10563During the installation process, the go-ipfs-deps module before 0.4.4 ...check
CVE-2016-10564apk-parser is a tool to extract Android Manifest info from an APK ...check
CVE-2016-10565operadriver is a Opera Driver for Selenium. operadriver versions below ...check
CVE-2016-10566install-nw is a module which quickly and robustly installs and caches ...check
CVE-2016-10567product-monitor is a HTML/JavaScript template for monitoring a product ...check
CVE-2016-10568geoip-lite-country is a stripped down version of geoip-lite, ...check
CVE-2016-10569embedza is a module to create HTML snippets/embeds from URLs using ...check
CVE-2016-10570pngcrush-installer is an installer for Pngcrush. pngcrush-installer ...check
CVE-2016-10571bkjs-wand is imagemagick wand support for node.js and backendjs ...check
CVE-2016-10572mongodb-instance before 0.0.3 installs mongodb locally. ...check
CVE-2016-10573baryton-saxophone is a module to install and launch Selenium Server ...check
CVE-2016-10574apk-parser3 is a module to extract Android Manifest info from an APK ...check
CVE-2016-10575Kindlegen is a simple Node.js wrapper of the official kindlegen ...check
CVE-2016-10576Fuseki server wrapper and management API in fuseki before 1.0.1 ...check
CVE-2016-10579Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver ...check
CVE-2016-10580nodewebkit is an installer for node-webkit. nodewebkit downloads ...check
CVE-2016-10581Steroids is PhoneGap on Steroids, providing native UI elements, ...check
CVE-2016-10582closurecompiler is a Closure Compiler for node.js. closurecompiler ...check
CVE-2016-10583closure-utils is Utilities for Closure Library based projects. ...check
CVE-2016-10584dalek-browser-chrome-canary provides Google Chrome bindings for ...check
CVE-2016-10585libxl provides Node bindings for the libxl library for reading and ...check
CVE-2016-10586macaca-chromedriver is a Node.js wrapper for the selenium ...check
CVE-2016-10587wasdk is a toolkit for creating WebAssembly modules. wasdk downloads ...check
CVE-2016-10588nw is an installer for nw.js. nw downloads zipped resources over HTTP, ...check
CVE-2016-10589selenium-binaries downloads Selenium related binaries for your OS. ...check
CVE-2016-10590cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node ...check
CVE-2016-10591Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML ...check
CVE-2016-10592jser-stat is a JSer.info stat library. jser-stat downloads data ...check
CVE-2016-10593ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads ...check
CVE-2016-10594ipip is a Node.js module to query geolocation information for an IP or ...check
CVE-2016-10595jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads ...check
CVE-2016-10596imageoptim is a Node.js wrapper for some images compression ...check
CVE-2016-10597cobalt-cli downloads resources over HTTP, which leaves it vulnerable ...check
CVE-2016-10598arrayfire-js is a module for ArrayFire for the Node.js platform. ...check
CVE-2016-10599sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar ...check
CVE-2016-10600webrtc-native uses WebRTC from chromium project. webrtc-native ...check
CVE-2016-10601webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver ...check
CVE-2016-10602haxe is a cross-platform toolkit haxe downloads zipped resources over ...check
CVE-2016-10603air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads ...check
CVE-2016-10604dalek-browser-chrome is Google Chrome bindings for DalekJS. ...check
CVE-2016-10605dalek-browser-ie is Internet Explorer bindings for DalekJS. ...check
CVE-2016-10606grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in ...check
CVE-2016-10607openframe-glsviewer is a Openframe extension which adds support for ...check
CVE-2016-10608robot-js is a module for native system automation for node.js. ...check
CVE-2016-10609chromedriver126 is chromedriver version 1.26 for linux OS. ...check
CVE-2016-10610unicode-json is a unicode lookup table. unicode-json before 2.0.0 ...check
CVE-2016-10611strider-sauce is Sauce Labs / Selenium support for Strider. ...check
CVE-2016-10612dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. ...check
CVE-2016-10613bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra ...check
CVE-2016-10633dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. ...check
CVE-2016-10634scala-standalone-bin is a Binary wrapper for ScalaJS. ...check
CVE-2016-10635broccoli-closure is a Closure compiler plugin for Broccoli. ...check
CVE-2016-10636grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler ...check
CVE-2016-10637haxe-dev is a cross-platform toolkit. haxe-dev downloads binary ...check
CVE-2016-10638js-given is a JavaScript frontend to jgiven. js-given downloads binary ...check
CVE-2016-10639redis-srvr is a npm wrapper for redis-server. redis-srvr downloads ...check
CVE-2016-10640node-thulac is a node binding for thulac. node-thulac downloads binary ...check
CVE-2016-10641node-bsdiff-android downloads resources over HTTP, which leaves it ...check
CVE-2016-10642cmake installs the cmake x86 linux binaries. cmake downloads binary ...check
CVE-2016-10643jstestdriver is a wrapper for Google's jstestdriver. jstestdriver ...check
CVE-2016-10644slimerjs-edge is a npm wrapper for installing the bleeding edge ...check
CVE-2016-10645grunt-images is a grunt plugin for processing images. grunt-images ...check
CVE-2016-10646resourcehacker is a Node wrapper of Resource Hacker (windows ...check
CVE-2016-10647node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary ...check
CVE-2016-10649frames-compiler downloads binary resources over HTTP, which leaves it ...check
CVE-2016-10657co-cli-installer downloads the co-cli module as part of the install ...check
CVE-2016-10658native-opencv is the OpenCV library installed via npm native-opencv ...check
CVE-2016-10660fis-parser-sass-bin a plugin for fis to compile sass using ...check
CVE-2016-10661phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu ...check
CVE-2016-10662tomita is a node wrapper for Yandex Tomita Parser tomita downloads ...check
CVE-2016-10663wixtoolset is a Node module wrapper around the wixtoolset binaries ...check
CVE-2016-10664mystem is a Node.js wrapper for MyStem morphology text analyzer by ...check
CVE-2016-10665herbivore is a packet sniffing and crafting library. Built on libtins ...check
CVE-2016-10666tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser ...check
CVE-2016-10667selenium-portal is a Selenium Testing Framework selenium-portal ...check
CVE-2016-10668libsbml is a module that installs Linux binaries for libSBML libsbml ...check
CVE-2016-10669soci downloads binary resources over HTTP, which leaves it vulnerable ...check
CVE-2016-10670windows-seleniumjar-mirror downloads the Selenium Jar file ...check
CVE-2016-10671mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper ...check
CVE-2016-10672cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis ...check
CVE-2016-10673ipip-coffee queries geolocation information from IP ipip-coffee ...check
CVE-2016-10674limbus-buildgen is a "build anywhere" build system. limbus-buildgen ...check
CVE-2016-10675libsbmlsim is a module that installs linux binaries for libsbmlsim ...check
CVE-2016-10676rs-brightcove is a wrapper around brightcove's web api rs-brightcove ...check
CVE-2016-10677google-closure-tools-latest is a Node.js module wrapper for ...check
CVE-2016-10678serc.js is a Selenium RC process wrapper serc.js downloads binary ...check
CVE-2016-10679selenium-standalone-painful installs a start-selenium command line to ...check
CVE-2016-10680adamvr-geoip-lite is a light weight native JavaScript implementation ...check
CVE-2016-10681roslib-socketio - The standard ROS Javascript Library fork for add ...check
CVE-2016-10682massif is a Phantomjs fork massif downloads resources over HTTP, which ...check
CVE-2016-10683arcanist downloads resources over HTTP, which leaves it vulnerable to ...check
CVE-2016-10685pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox ...check
CVE-2016-10686fis-sass-all is another libsass wrapper for node. fis-sass-all ...check
CVE-2016-10687windows-selenium-chromedriver is a module that downloads the Selenium ...check
CVE-2016-10688Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's ...check
CVE-2016-10689The windows-iedriver module downloads fixed version of ...check
CVE-2016-10690openframe-ascii-image module is an openframe plugin which adds support ...check
CVE-2016-10691windows-seleniumjar is a module that downloads the Selenium Jar file ...check
CVE-2016-10692haxeshim haxe shim to deal with coexisting versions. haxeshim ...check
CVE-2016-10693pm2-kafka is a PM2 module that installs and runs a kafka server ...check
CVE-2016-10694alto-saxophone is a module to install and launch Chromedriver for Mac, ...check
CVE-2016-10695The npm-test-sqlite3-trunk module provides asynchronous, non-blocking ...check
CVE-2016-10696windows-latestchromedriver downloads the latest version of ...check
CVE-2016-10697react-native-baidu-voice-synthesizer is a baidu voice speech ...check
CVE-2016-10698mystem-fix is a node.js wrapper for MyStem morphology text analyzer by ...check
CVE-2016-8390An exploitable out of bounds write vulnerability exists in the parsing ...check
CVE-2016-9488ManageEngine Applications Manager versions 12 and 13 suffer from ...check
CVE-2016-9490ManageEngine Applications Manager versions 12 and 13 suffer from a ...check
CVE-2017-0928html-janitor node module suffers from an External Control of Critical ...check
CVE-2017-0930augustine node module suffers from a Path Traversal vulnerability due ...check
CVE-2017-0931html-janitor node module suffers from a Cross-Site Scripting (XSS) ...check
CVE-2017-11672The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is ...check
CVE-2017-11750The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and ...check if patch simplifying patch applied in any suite
CVE-2017-12070Unsigned versions of the DLLs distributed by the OPC Foundation may be ...check
CVE-2017-12075Command injection vulnerability in EZ-Internet in Synology DiskStation ...check
CVE-2017-12078Command injection vulnerability in EZ-Internet in Synology Router ...check
CVE-2017-12092An exploitable file write vulnerability exists in the memory module ...check
CVE-2017-13072Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS ...check
CVE-2017-16003windows-build-tools is a module for installing C++ Build Tools for ...check
CVE-2017-16006Remarkable is a markdown parser. In versions 1.6.2 and lower, ...check
CVE-2017-16007node-jose is a JavaScript implementation of the JSON Object Signing ...check
CVE-2017-16008i18next is a language translation framework. Because of how the ...check
CVE-2017-16009ag-grid is an advanced data grid that is library agnostic. ag-grid is ...check
CVE-2017-16012Jquery is a javascript library for DOM traversal and manipulation, ...check, why are there two jquery source packages once src:jquery and once src:node-jquery?
CVE-2017-16013hapi is a web and services application framework. When hapi >= 15.0.0 ...check
CVE-2017-16015Forms is a library for easily creating HTML forms. Versions before ...check
CVE-2017-16016Sanitize-html is a library for scrubbing html input of malicious ...check
CVE-2017-16017sanitize-html is a library for scrubbing html input for malicious ...check
CVE-2017-16018Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 ...check
CVE-2017-16019GitBook is a command line tool (and Node.js library) for building ...check
CVE-2017-16020Summit is a node web framework. When using the PouchDB driver in the ...check
CVE-2017-16022Morris.js creates an svg graph, with labels that appear when hovering ...check
CVE-2017-16024The sync-exec module is used to simulate child_process.execSync in ...check
CVE-2017-16025Nes is a websocket extension library for hapi. Hapi is a webserver ...check
CVE-2017-16028react-native-meteor-oauth is a library for Oauth2 login to a Meteor ...check
CVE-2017-16029hostr is a simple web server that serves up the contents of the ...check
CVE-2017-16031Socket.io is a realtime application framework that provides ...check
CVE-2017-16035The hubl-server module is a wrapper for the HubL Development Server. ...check
CVE-2017-16036`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. ...check
CVE-2017-16037`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, ...check
CVE-2017-16038`f2e-server` 1.12.11 and earlier is vulnerable to a directory ...check
CVE-2017-16039`hftp` is a static http or ftp server `hftp` is vulnerable to a ...check
CVE-2017-16040gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass ...check
CVE-2017-16041ikst versions before 1.1.2 download resources over HTTP, which leaves ...check
CVE-2017-16043Shout is an IRC client. Because the `/topic` command in messages is ...check
CVE-2017-16044`d3.js` was a malicious module published with the intent to hijack ...check
CVE-2017-16045`jquery.js` was a malicious module published with the intent to hijack ...check
CVE-2017-16046`mariadb` was a malicious module published with the intent to hijack ...check
CVE-2017-16047mysqljs was a malicious module published with the intent to hijack ...check
CVE-2017-16048`node-sqlite` was a malicious module published with the intent to ...check
CVE-2017-16049`nodesqlite` was a malicious module published with the intent to ...check
CVE-2017-16050`sqlite.js` was a malicious module published with the intent to hijack ...check
CVE-2017-16051`sqliter` was a malicious module published with the intent to hijack ...check
CVE-2017-16052`node-fabric` was a malicious module published with the intent to ...check
CVE-2017-16053`fabric-js` was a malicious module published with the intent to hijack ...check
CVE-2017-16054`nodefabric` was a malicious module published with the intent to ...check
CVE-2017-16055`sqlserver` was a malicious module published with the intent to hijack ...check
CVE-2017-16056mssql.js was a malicious module published with the intent to hijack ...check
CVE-2017-16057nodemssql was a malicious module published with the intent to hijack ...check
CVE-2017-16058gruntcli was a malicious module published with the intent to hijack ...check
CVE-2017-16059mssql-node was a malicious module published with the intent to hijack ...check
CVE-2017-16060babelcli was a malicious module published with the intent to hijack ...check
CVE-2017-16061tkinter was a malicious module published with the intent to hijack ...check
CVE-2017-16062node-tkinter was a malicious module published with the intent to ...check
CVE-2017-16063node-opensl was a malicious module published with the intent to hijack ...check
CVE-2017-16064node-openssl was a malicious module published with the intent to ...check
CVE-2017-16065openssl.js was a malicious module published with the intent to hijack ...check
CVE-2017-16066opencv.js was a malicious module published with the intent to hijack ...check
CVE-2017-16067node-opencv was a malicious module published with the intent to hijack ...check
CVE-2017-16068ffmepg was a malicious module published with the intent to hijack ...check
CVE-2017-16069nodeffmpeg was a malicious module published with the intent to hijack ...check
CVE-2017-16070nodecaffe was a malicious module published with the intent to hijack ...check
CVE-2017-16071nodemailer-js was a malicious module published with the intent to ...check
CVE-2017-16072nodemailer.js was a malicious module published with the intent to ...check
CVE-2017-16073noderequest was a malicious module published with the intent to hijack ...check
CVE-2017-16074crossenv was a malicious module published with the intent to hijack ...check
CVE-2017-16075http-proxy.js was a malicious module published with the intent to ...check
CVE-2017-16076proxy.js was a malicious module published with the intent to hijack ...check
CVE-2017-16077mongose was a malicious module published with the intent to hijack ...check
CVE-2017-16078shadowsock was a malicious module published with the intent to hijack ...check
CVE-2017-16079smb was a malicious module published with the intent to hijack ...check
CVE-2017-16080nodesass was a malicious module published with the intent to hijack ...check
CVE-2017-16081cross-env.js was a malicious module published with the intent to ...check
CVE-2017-16082A remote code execution vulnerability was found within the pg module ...check
CVE-2017-16083node-simple-router is a minimalistic router for Node. ...check
CVE-2017-16084list-n-stream is a server for static files to list and stream local ...check
CVE-2017-16085tinyserver2 is a webserver for static files. tinyserver2 is vulnerable ...check
CVE-2017-16086ua-parser is a port of Browserscope's user agent parser. ua-parser is ...check
CVE-2017-16088The safe-eval module describes itself as a safer version of eval. By ...check
CVE-2017-16089serverlyr is a simple http server. serverlyr is vulnerable to a ...check
CVE-2017-16090fsk-server is a simple http server. fsk-server is vulnerable to a ...check
CVE-2017-16091xtalk helps your browser talk to nodex, a simple web framework. xtalk ...check
CVE-2017-16092Sencisho is a simple http server for local development. Sencisho is ...check
CVE-2017-16093cyber-js is a simple http server. A cyberjs server is vulnerable to a ...check
CVE-2017-16094iter-http is a server for static files. iter-http is vulnerable to a ...check
CVE-2017-16095serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable ...check
CVE-2017-16096serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable ...check
CVE-2017-16097tiny-http is a simple http server. tiny-http is vulnerable to a ...check
CVE-2017-16098charset 1.0.0 and below are vulnerable to regular expression denial of ...check
CVE-2017-16099The no-case module is vulnerable to regular expression denial of ...check
CVE-2017-16100dns-sync is a sync/blocking dns resolver. If untrusted user input is ...check
CVE-2017-16101serverwg is a simple http server. serverwg is vulnerable to a ...check
CVE-2017-16102serverhuwenhui is a simple http server. serverhuwenhui is vulnerable ...check
CVE-2017-16103serveryztyzt is a simple http server. serveryztyzt is vulnerable to a ...check
CVE-2017-16104citypredict.whauwiller is vulnerable to a directory traversal issue, ...check
CVE-2017-16105serverwzl is a simple http server. serverwzl is vulnerable to a ...check
CVE-2017-16106tmock is a static file server. tmock is vulnerable to a directory ...check
CVE-2017-16107pooledwebsocket is vulnerable to a directory traversal issue, giving ...check
CVE-2017-16108gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is ...check
CVE-2017-16109easyquick is a simple web server. easyquick is vulnerable to a ...check
CVE-2017-16110weather.swlyons is a simple web server for weather updates. ...check
CVE-2017-16111The content module is a module to parse HTTP Content-* headers. It is ...check
CVE-2017-16120liyujing is a static file server. liyujing is vulnerable to a ...check
CVE-2017-16121datachannel-client is a signaling implementation for DataChannel.js. ...check
CVE-2017-16122cuciuci is a simple fileserver. cuciuci is vulnerable to a directory ...check
CVE-2017-16123welcomyzt is a simple file server. welcomyzt is vulnerable to a ...check
CVE-2017-16124node-server-forfront is a simple static file server. ...check
CVE-2017-16125rtcmulticonnection-client is a signaling implementation for ...check
CVE-2017-16126The module botbait is a tool to be used to track bot and automated ...check
CVE-2017-16127The module pandora-doomsday infects other modules. It's since been ...check
CVE-2017-16128The module npm-script-demo opened a connection to a command and ...check
CVE-2017-16130exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. ...check
CVE-2017-16131unicorn-list is a web framework. unicorn-list is vulnerable to a ...check
CVE-2017-16132simple-npm-registry is a local npm package cache. simple-npm-registry ...check
CVE-2017-16133goserv is an http server. goserv is vulnerable to a directory ...check
CVE-2017-16134http_static_simple is an http server. http_static_simple is vulnerable ...check
CVE-2017-16135serverzyy is a static file server. serverzyy is vulnerable to a ...check
CVE-2017-16139jikes is a file server. jikes is vulnerable to a directory traversal ...check
CVE-2017-16140lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory ...check
CVE-2017-16141lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a ...check
CVE-2017-16142infraserver is a RESTful server. infraserver is vulnerable to a ...check
CVE-2017-16143commentapp.stetsonwood is an http server. commentapp.stetsonwood is ...check
CVE-2017-16144myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is ...check
CVE-2017-16145sspa is a server dedicated to single-page apps. sspa is vulnerable to ...check
CVE-2017-16146mockserve is a file server. mockserve is vulnerable to a directory ...check
CVE-2017-16147shit-server is a file server. shit-server is vulnerable to a directory ...check
CVE-2017-16148serve46 is a static file server. serve46 is vulnerable to a directory ...check
CVE-2017-16149zwserver is a weather web server. zwserver is vulnerable to a ...check
CVE-2017-16150wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to ...check
CVE-2017-16151Based on details posted by the ElectronJS team; A remote code ...check
CVE-2017-16152static-html-server is a static file server. static-html-server is ...check
CVE-2017-16154earlybird is a web server module for early development. earlybird is ...check
CVE-2017-16155fast-http-cli is the command line interface for fast-http, a simple ...check
CVE-2017-16156myprolyz is a static file server. myprolyz is vulnerable to a ...check
CVE-2017-16157censorify.tanisjr is a simple web server and API RESTful service. ...check
CVE-2017-16158dcserver is a static file server. dcserver is vulnerable to a ...check
CVE-2017-16159caolilinode is a simple file server. caolilinode is vulnerable to a ...check
CVE-2017-1616011xiaoli is a simple file server. 11xiaoli is vulnerable to a ...check
CVE-2017-16161shenliru is a simple file server. shenliru is vulnerable to a ...check
CVE-2017-1616222lixian is a simple file server. 22lixian is vulnerable to a ...check
CVE-2017-16163dylmomo is a simple file server. dylmomo is vulnerable to a directory ...check
CVE-2017-16164desafio is a simple web server. desafio is vulnerable to a directory ...check
CVE-2017-16165calmquist.static-server is a static file server. ...check
CVE-2017-16166byucslabsix is an http server. byucslabsix is vulnerable to a ...check
CVE-2017-16167yyooopack is a simple file server. yyooopack is vulnerable to a ...check
CVE-2017-16168wffserve is vulnerable to a directory traversal issue, giving an ...check
CVE-2017-16169looppake is a simple http server. looppake is vulnerable to a ...check
CVE-2017-16170liuyaserver is a static file server. liuyaserver is vulnerable to a ...check
CVE-2017-16171hcbserver is a static file server. hcbserver is vulnerable to a ...check
CVE-2017-16172section2.madisonjbrooks12 is a simple web server. ...check
CVE-2017-16173utahcityfinder constructs lists of Utah cities with a certain prefix. ...check
CVE-2017-16174whispercast is a file server. whispercast is vulnerable to a directory ...check
CVE-2017-16175ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a ...check
CVE-2017-16176jansenstuffpleasework is a file server. jansenstuffpleasework is ...check
CVE-2017-16177chatbyvista is a file server. chatbyvista is vulnerable to a directory ...check
CVE-2017-16178intsol-package is a file server. intsol-package is vulnerable to a ...check
CVE-2017-16179dasafio is a web server. dasafio is vulnerable to a directory ...check
CVE-2017-16180serverabc is a static file server. serverabc is vulnerable to a ...check
CVE-2017-16181wintiwebdev is a static file server. wintiwebdev is vulnerable to a ...check
CVE-2017-16182serverxxx is a static file server. serverxxx is vulnerable to a ...check
CVE-2017-16183iter-server is a static file server. iter-server is vulnerable to a ...check
CVE-2017-16184scott-blanch-weather-app is a sample Node.js app using Express 4. ...check
CVE-2017-16185uekw1511server is a static file server. uekw1511server is vulnerable ...check
CVE-2017-16186360class.jansenhm is a static file server. 360class.jansenhm is ...check
CVE-2017-16187open-device creates a web interface for any device. open-device is ...check
CVE-2017-16188reecerver is a web server. reecerver is vulnerable to a directory ...check
CVE-2017-16189sly07 is an API for censoring text. sly07 is vulnerable to a directory ...check
CVE-2017-16190dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a ...check
CVE-2017-16191cypserver is a static file server. cypserver is vulnerable to a ...check
CVE-2017-16192getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is ...check
CVE-2017-16193mfrs is a static file server. mfrs is vulnerable to a directory ...check
CVE-2017-16194picard is a micro framework. picard is vulnerable to a directory ...check
CVE-2017-16195pytservce is a static file server. pytservce is vulnerable to a ...check
CVE-2017-16196quickserver is a simple static file server. quickserver is vulnerable ...check
CVE-2017-16197qinserve is a static file server. qinserve is vulnerable to a ...check
CVE-2017-16198ritp is a static web server. ritp is vulnerable to a directory ...check
CVE-2017-16199susu-sum is a static file server. susu-sum is vulnerable to a ...check
CVE-2017-16200uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a ...check
CVE-2017-16201zjjserver is a static file server. zjjserver is vulnerable to a ...check
CVE-2017-16202The cofeescript module exfiltrates sensitive data such as a user's ...check
CVE-2017-16203The coffe-script module exfiltrates sensitive data such as a user's ...check
CVE-2017-16204The jquey module exfiltrates sensitive data such as a user's private ...check
CVE-2017-16205The coffescript module exfiltrates sensitive data such as a user's ...check
CVE-2017-16206The cofee-script module exfiltrates sensitive data such as a user's ...check
CVE-2017-16207discordi.js is a malicious module based on the discord.js library that ...check
CVE-2017-16208dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a ...check
CVE-2017-16209enserver is a simple web server. enserver is vulnerable to a directory ...check
CVE-2017-16210jn_jj_server is a static file server. jn_jj_server is vulnerable to a ...check
CVE-2017-16211lessindex is a static file server. lessindex is vulnerable to a ...check
CVE-2017-16212ltt is a static file server. ltt is vulnerable to a directory ...check
CVE-2017-16213mfrserver is a simple file server. mfrserver is vulnerable to a ...check
CVE-2017-16214peiserver is a static file server. peiserver is vulnerable to a ...check
CVE-2017-16215sgqserve is a simple file server. sgqserve is vulnerable to a ...check
CVE-2017-16216tencent-server is a simple web server. tencent-server is vulnerable to ...check
CVE-2017-16217fbr-client sends files through sockets via socket.io and webRTC. ...check
CVE-2017-16218dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a ...check
CVE-2017-16219yttivy is a static file server. yttivy is vulnerable to a directory ...check
CVE-2017-16220wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory ...check
CVE-2017-16221yzt is a simple file server. yzt is vulnerable to a directory ...check
CVE-2017-16222elding is a simple web server. elding is vulnerable to a directory ...check
CVE-2017-16223nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a ...check
CVE-2017-16224st is a module for serving static files. An attacker is able to craft ...check
CVE-2017-16225aegir is a module to help automate JavaScript project management. ...check
CVE-2017-16226The static-eval module is intended to evaluate statically-analyzable ...check
CVE-2017-16906In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...check
CVE-2017-16907In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...check
CVE-2017-16908In Horde Groupware 5.2.19, there is XSS via the Name field during ...check
CVE-2017-17062The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, ...check
CVE-2017-18169User process can perform the kernel DOS in ashmem when doing cache ...check
CVE-2017-18220The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in ...check, needs clarification, the issue is CloseBlob use-after-free
CVE-2017-18225The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, ...check
CVE-2017-18226The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...check
CVE-2017-18240The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ...check
CVE-2017-18284The Gentoo app-backup/burp package before 2.1.32 sets the ownership of ...check
CVE-2017-2852An exploitable denial-of-service vulnerability exists in the ...check
CVE-2017-2858An exploitable denial-of-service vulnerability exists in the traversal ...check
CVE-2017-2860An exploitable denial-of-service vulnerability exists in the lookup ...check
CVE-2017-3199The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 ...check
CVE-2017-3200The Java implementation of AMF3 deserializers used in GraniteDS, ...check
CVE-2017-3201The Java implementation of AMF3 deserializers used in Flamingo ...check
CVE-2017-3202The Java implementation of AMF3 deserializers used in Flamingo ...check
CVE-2017-3203The Java implementations of AMF3 deserializers in Pivotal/Spring ...check
CVE-2017-3206The Java implementation of AMF3 deserializers used by Flamingo ...check
CVE-2017-3207The Java implementations of AMF3 deserializers in WebORB for Java by ...check
CVE-2017-3208The Java implementation of AMF3 deserializers used by WebORB for Java ...check
CVE-2017-3907Code Injection vulnerability in the ePolicy Orchestrator (ePO) ...check
CVE-2017-3936OS Command Injection vulnerability in McAfee ePolicy Orchestrator ...check
CVE-2017-3960Exploitation of Authorization vulnerability in the web interface in ...check
CVE-2017-3962Password recovery exploitation vulnerability in the ...check
CVE-2017-3968Session fixation vulnerability in the web interface in McAfee Network ...check
CVE-2017-6153Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, ...check
CVE-2017-6290In Android before the 2018-06-05 security patch level, NVIDIA TLK ...check
CVE-2017-6292In Android before the 2018-06-05 security patch level, NVIDIA TLZ ...check
CVE-2017-6294In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 ...check
CVE-2017-6779Multiple Cisco products are affected by a vulnerability in local file ...check
CVE-2017-7635QNAP NAS application Proxy Server through version 1.2.0 does not ...check
CVE-2017-7636Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy ...check
CVE-2017-7637QNAP NAS application Proxy Server through version 1.2.0 allows remote ...check
CVE-2017-7639QNAP NAS application Proxy Server through version 1.2.0 does not ...check
CVE-2017-7893In SaltStack Salt before 2016.3.6, compromised salt-minions can ...check, pinpoint fixing version, check with maintainers on issue
CVE-2017-7906In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently ...check
CVE-2017-7931In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform ...check
CVE-2017-7933In ABB IP GATEWAY 3.39 and prior, some configuration files contain ...check
CVE-2018-0149A vulnerability in the web-based management interface of Cisco ...check
CVE-2018-0225The Enterprise Console in Cisco AppDynamics App iQ Platform before ...check
CVE-2018-0263A vulnerability in Cisco Meeting Server (CMS) could allow an ...check
CVE-2018-0274A vulnerability in the CLI parser of Cisco Network Services ...check
CVE-2018-0291A vulnerability in the Simple Network Management Protocol (SNMP) input ...check
CVE-2018-0292A vulnerability in the Internet Group Management Protocol (IGMP) ...check
CVE-2018-0293A vulnerability in role-based access control (RBAC) for Cisco NX-OS ...check
CVE-2018-0294A vulnerability in the write-erase feature of Cisco FXOS Software and ...check
CVE-2018-0295A vulnerability in the Border Gateway Protocol (BGP) implementation of ...check
CVE-2018-0296A vulnerability in the web interface of the Cisco Adaptive Security ...check
CVE-2018-0298A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric ...check
CVE-2018-0299A vulnerability in the Simple Network Management Protocol (SNMP) ...check
CVE-2018-0300A vulnerability in the process of uploading new application images to ...check
CVE-2018-0301A vulnerability in the NX-API feature of Cisco NX-OS Software could ...check
CVE-2018-0302A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS ...check
CVE-2018-0303A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS ...check
CVE-2018-0304A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...check
CVE-2018-0305A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...check
CVE-2018-0306A vulnerability in the CLI parser of Cisco NX-OS Software could allow ...check
CVE-2018-0307A vulnerability in the CLI of Cisco NX-OS Software could allow an ...check
CVE-2018-0308A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...check
CVE-2018-0309A vulnerability in the implementation of a specific CLI command and the ...check
CVE-2018-0310A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...check
CVE-2018-0311A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...check
CVE-2018-0312A vulnerability in the Cisco Fabric Services component of Cisco FXOS ...check
CVE-2018-0313A vulnerability in the NX-API feature of Cisco NX-OS Software could ...check
CVE-2018-0314A vulnerability in the Cisco Fabric Services (CFS) component of Cisco ...check
CVE-2018-0315A vulnerability in the authentication, authorization, and accounting ...check
CVE-2018-0316A vulnerability in the Session Initiation Protocol (SIP) call-handling ...check
CVE-2018-0317A vulnerability in the web interface of Cisco Prime Collaboration ...check
CVE-2018-0318A vulnerability in the password reset function of Cisco Prime ...check
CVE-2018-0319A vulnerability in the password recovery function of Cisco Prime ...check
CVE-2018-0320A vulnerability in the web framework code of Cisco Prime Collaboration ...check
CVE-2018-0321A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could ...check
CVE-2018-0322A vulnerability in the web management interface of Cisco Prime ...check
CVE-2018-0329A vulnerability in the default configuration of the Simple Network ...check
CVE-2018-0330A vulnerability in the NX-API management application programming ...check
CVE-2018-0331A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) ...check
CVE-2018-0332A vulnerability in the Session Initiation Protocol (SIP) ingress packet ...check
CVE-2018-0337A vulnerability in the role-based access-checking mechanisms of Cisco ...check
CVE-2018-0358A vulnerability in the file descriptor handling of Cisco TelePresence ...check
CVE-2018-0359A vulnerability in the session identification management functionality ...check
CVE-2018-0362A vulnerability in BIOS authentication management of Cisco 5000 Series ...check
CVE-2018-0363A vulnerability in the web-based management interface of Cisco Unified ...check
CVE-2018-0364A vulnerability in the web-based management interface of Cisco Unified ...check
CVE-2018-0365A vulnerability in the web-based management interface of Cisco ...check
CVE-2018-0371A vulnerability in the Web Admin Interface of Cisco Meeting Server ...check
CVE-2018-0373A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for ...check
CVE-2018-0712Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build ...check
CVE-2018-0765A denial of service vulnerability exists when .NET and .NET Core ...check, can potentially affect mono packages
CVE-2018-0871An information disclosure vulnerability exists when Edge improperly ...check
CVE-2018-0978A remote code execution vulnerability exists when Internet Explorer ...check
CVE-2018-0982An elevation of privilege vulnerability exists in the way that the ...check
CVE-2018-1002209arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip filefurther checks, should be fixedin 0.7.6
CVE-2018-1036An elevation of privilege vulnerability exists when NTFS improperly ...check
CVE-2018-10377PortSwigger Burp Suite before 1.7.34 has Improper Certificate ...check
CVE-2018-1040A denial of service vulnerability exists in the way that the Windows ...check
CVE-2018-1051It was found that the fix for CVE-2016-9606 in versions 3.0.22 and ...check
CVE-2018-10767There is a stack-based buffer over-read in calling GLib in the function ...check (in particular if reported upstream)
CVE-2018-10780Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based ...check, there is same function in byteSwap2 in earlier versions than 0.26
CVE-2018-10945The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows ...check
CVE-2018-11212An issue was discovered in libjpeg 9a. The alloc_sarray function in ...check, for now only tracking libjpeg9 but decide if other implementations and versions need to be tracked
CVE-2018-11213An issue was discovered in libjpeg 9a. The get_text_gray_row function ...check, for now only tracking libjpeg9 but decide if other implementations and versions need to be tracked
CVE-2018-11214An issue was discovered in libjpeg 9a. The get_text_rgb_row function in ...check, for now only tracking libjpeg9 but decide if other implementations and versions need to be tracked
CVE-2018-11516The vlc_demux_chained_Delete function in input/demux_chained.c in ...check
CVE-2018-1153Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the ...check
CVE-2018-11537Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as ...check
CVE-2018-11647index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. ...check
CVE-2018-11813libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles ...check, for now only tracking libjpeg9 but decide if other implementations and versions need to be tracked
CVE-2018-12228An issue was discovered in Asterisk Open Source 15.x before 15.4.1. ...check, possibly only 15.x version
CVE-2018-12438The Elliptic Curve Cryptography library (aka sunec or libsunec) allows ...check
CVE-2018-12454The _addguess function of a simplelottery smart contract implementation ...check
CVE-2018-12526Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default ...check
CVE-2018-12588Cross-site scripting (XSS) vulnerability in ...check
CVE-2018-12617qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in ...check
CVE-2018-1281The clustered setup of Apache MXNet allows users to specify which IP ...check
CVE-2018-3576improper validation of array index in WiFi driver function ...check
CVE-2018-3720assign-deep node module before 0.4.7 suffers from a Modification of ...check
CVE-2018-3722merge-deep node module before 3.0.1 suffers from a Modification of ...check
CVE-2018-3723defaults-deep node module before 0.2.4 suffers from a Modification of ...check
CVE-2018-3724general-file-server node module suffers from a Path Traversal ...check
CVE-2018-3727626 node module suffers from a Path Traversal vulnerability due to ...check
CVE-2018-3759private_address_check ruby gem before 0.5.0 is vulnerable to a ...check
CVE-2018-4141An issue was discovered in certain Apple products. macOS before ...check
CVE-2018-4159An issue was discovered in certain Apple products. macOS before ...check
CVE-2018-4171An issue was discovered in certain Apple products. macOS before ...check
CVE-2018-4188An issue was discovered in certain Apple products. iOS before 11.4 is ...check
CVE-2018-4230An issue was discovered in certain Apple products. macOS before ...check
CVE-2018-4237An issue was discovered in certain Apple products. iOS before 11.4 is ...check
CVE-2018-4833A vulnerability has been identified in RFID 181-EIP (All versions), ...check
CVE-2018-5360LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...claimed to be fixed in latest libtiff, but no idication yet which changes adresses the issue
CVE-2018-5428The version control adapters component of TIBCO Data Virtualization ...check
CVE-2018-5432The TIBCO Administrator server component of of TIBCO Software Inc.'s ...check
CVE-2018-5433The TIBCO Administrator server component of TIBCO Software Inc.'s ...check
CVE-2018-5434The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime ...check
CVE-2018-5854A stack-based buffer overflow can occur in fastboot from all Android ...check
CVE-2018-5857In the WCD CPE codec, a Use After Free condition can occur in all ...check
CVE-2018-5860In the MDSS driver in all Android releases(Android for MSM, Firefox OS ...check
CVE-2018-5863If userspace provides a too-large WPA RSN IE length in ...check
CVE-2018-6512The previous version of Puppet Enterprise 2018.1 is vulnerable to ...check
CVE-2018-6513Puppet Enterprise 2016.4.x prior to 2016.4.12, Puppet Enterprise ...check
CVE-2018-6563Multiple cross-site request forgery (CSRF) vulnerabilities in ...check
CVE-2018-9246The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in ...check if set of commits complete

Search for package or bug name: Reporting problems