CVE-2022-25979

Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization in the Editor function...

node-gettext vulnerable to Prototype Pollution

All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations function in gettext.js due to improper user input sanitization...

CVE-2024-21509

Versions of the package mysql2 before 3.9.4 are vulnerable to Prototype Poisoning due to insecure results object creation and improper user input sanitization passed through parserFn in textparser.js and binaryparser.js...

CVE-2022-25855

All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...

CVE-2022-25929

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting XSS due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties...