CVE-2016-10541

creationtimestamp| type| source ---|---|--- 2019-02-18 23:58:29+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-qg8p-v9q4-gh34...

CVE-2016-10531

creationtimestamp| type| source ---|---|--- 2019-02-18 23:58:20+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-vfvf-mqq8-rwqc...

CVE-2016-10538

creationtimestamp| type| source ---|---|--- 2019-02-18 23:40:03+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-6cpc-mj5c-m9rq...

CVE-2016-10528

creationtimestamp| type| source ---|---|--- 2019-02-18 23:39:22+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-xg5r-8j97-2wrj...

CVE-2016-10520

creationtimestamp| type| source ---|---|--- 2019-02-18 23:38:38+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-6354-6mhv-mvv5...

Remote Code Execution

Overview Versions of node-os-utils prior to 1.1.0 are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution. Recommendation Upgrade to version 1.1.0 or later...

Prototype Pollution

Overview Versions of node.extend before 1.1.7 or 2.0.1 are vulnerable to prototype pollution. Recommendation Update to version 1.1.7, 2.0.1 or later. References - HackerOne Report - GitHub Advisory...

Path Traversal

Overview Versions of http-live-simulator prior to 1.0.7 are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths. For example: curl --path-as-is http://localhost:8080//../../../../etc/passwd. Recommendation Upgrade to...

Cross-Site Scripting

Overview Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser...

Remote Code Execution

Overview All versions of office-converter are vulnerable to Remote Code Execution. Due to insufficient input validation an attacker could run arbitrary commands on the server thus rendering the package vulnerable to Remote Code Execution. Recommendation No fix is currently available. Consider usi...

Prototype Pollution

Overview Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects' prototype, thus allowing an attacker to execute arbitrary code on the server. Recommendation For handlebars 4.1.x upgrade to 4.1.2 or later. For handlebars 4.0.x upgrade to 4.0.1...

Sensitive Data Exposure

Overview All versions of rails-session-decoder are missing verification of the Message Authentication Code appended to the cookies. This may lead to decryption of cipher text thus exposing encrypted information. Recommendation No fix is currently available. Consider using an alternative module...

Cross-Site Scripting

Overview Versions of jingo prior to 1.9.2 are vulnerable to Cross-Site Scripting XSS. If malicious input such as alert1 is placed in the content of a wiki page, Jingo does not properly encode the input and it is executed instead of rendered as text. Recommendation Upgrade to version 1.9.2...

Denial of Service

Overview All versions of markdown-it-toc-and-anchor are vulnerable to Denial of Service. Parsing markdown containing text+\n@toc causes the application to enter and infinite loop. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

Cross-Site Scripting

Overview All versions of md-data-table are vulnerable to cross-site scripting XSS. This vulnerability is exploitable if an attacker has control over data that is rendered by mdt-row Recommendation As there is no fix for this vulnerability at this time we recommend either selecting another package...

Path Traversal

Overview All versions of simplehttpserver are vulnerable to Path Traversal. This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL. Recommendation No fix is currently available. Do not use simplehttpserver in production or consider...

Path Traversal

Overview All versions of takeapeek are vulnerable to path traversal exposing files and directories. Recommendation As no fix is currently available for this vulnerability is it is our recommendation to use another static file server. References - HackerOne Report - Node.js Security-wg - GitHub...

CVE-2017-16005

creationtimestamp| type| source ---|---|--- 2018-11-09 17:49:34+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-q257-vv4p-fg92...

CVE-2017-16006

creationtimestamp| type| source ---|---|--- 2018-11-09 17:48:20+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-mrmf-qwxg-7c3h...

CVE-2017-16016

creationtimestamp| type| source ---|---|--- 2018-11-09 17:47:23+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-xc6g-ggrc-qq4r...