| Version | Supported |
|---|---|
| 1.0.x | ✅ |
Improper parsing of octal bytes in netmask Critical #2 opened now • Detected in netmask (npm) • package-lock.json
path-to-regexp outputs backtracking regular expressions High #7 opened now • Detected in path-to-regexp (npm) • package-lock.json
ip SSRF improper categorization in isPublic High #6 opened now • Detected in ip (npm) • package-lock.json
Code Injection in pac-resolver High #4 opened now • Detected in degenerator (npm) • package-lock.json
Code Injection in pac-resolver High #3 opened now • Detected in pac-resolver (npm) • package-lock.json
Denial of service while parsing a tar file due to lack of folders count validation Moderate #5 opened now • Detected in tar (npm) • package-lock.json
netmask npm package mishandles octal input data Moderate #1 opened now • Detected in netmask (npm) • package-lock.json
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High Development #10 opened now • Detected in rollup (npm) • package-lock.json
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS Moderate Development #9 opened now • Detected in vite (npm) • package-lock.json
Vite's server.fs.deny is bypassed when using ?import&raw Moderate Development
#8 opened now • Detected in vite (npm) • package-lock.json