cocos2d-coffee-autocomplete (>=0.1.0 <=0.1.3), codeforces-tool (>=0.1.1 <=0.1.2) +13 more potentially affected by CVE-2016-10614 via httpsync (>=0.0.7 <=0.0.8)

httpsync NPM version =0.0.7, =0.1.0, =0.1.1, =0.0.1, =0.1.0, =0.0.6, =0.1.0, =0.0.2, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =0.0.9, =0.0.10 Source cves: CVE-2016-10614 Source advisory: OSV:GHSA-4X5J-V9V9-W8GW...

@forgerock/openam-agent-cache-memcached (=2.0.0), @mapbox/tilelive-memcached (=1.0.1) +74 more potentially affected by CVE-2018-3767 via memjs (>=0.10.2 <=0.9.1)

memjs NPM version =0.10.2, =1.0.0, =0.0.0, =0.12.1, =0.0.1, =0.8.0, =0.1.0, =1.1.0, =1.1.1 and more Source cves: CVE-2018-3767 Source advisory: OSV:GHSA-CX8M-8XMX-Q8V3...

Node.js third-party modules: [serve] Directory index of arbitrary folder available due to lack of sanitization of %2e and %2f characters in url

Hi, This report is about Arbitrary Directory Listing vulnerability I found in serve module. Vulnerability does not allow to open arbitrary file due to send module which handles file reading and implements its own validation and protection against Path Traversal attacks. However serve handles...