scriptex / 2048 Goto Github PK
View Code? Open in Web Editor NEWA TypeScript implementation of the popular game
Home Page: https://2048.atanas.info
License: MIT License
A TypeScript implementation of the popular game
Home Page: https://2048.atanas.info
License: MIT License
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In inspect.cpp in LibSass 3.5.5, a high memory footprint caused by an endless loop (containing a Sass::Inspect::operator()(Sass::String_Quoted*) stack frame) may cause a Denial of Service via crafted sass input files with stray '&' or '/' characters.
Publish Date: 2018-12-03
URL: CVE-2018-19826
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/mkdirp/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.1.3.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/gonzales-pe/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz
Dependency Hierarchy:
Found in HEAD commit: eec4d903894695618e66c7546c7869026759573c
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
Release Date: 2020-03-11
Fix Resolution: minimist - 0.2.1,1.2.2
Step up your Open Source Security Game with WhiteSource here
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: 904fe053ffe0b7bc8eb700ee24ae7ff8b8fed094
all versions before 6.5.2 of elliptic are vulnerable to Timing Attack through side-channels.
Publish Date: 2019-11-13
URL: WS-2019-0424
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-16.1.0.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/stylelint/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/critical/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-4.2.1.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/browser-sync/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-5.0.0.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/sass-graph/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 7b7bc3866a51a5cda3f2bb532489634688f0104e
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7608
Release Date: 2020-03-16
Fix Resolution: v18.1.1;13.1.2;15.0.1
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11694
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/snapdragon-util/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-4.0.0.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/has-values/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/kind-of/package.json
Dependency Hierarchy:
Get the native type of a value.
Library home page: https://registry.npmjs.org/kind-of/-/kind-of-5.1.0.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/is-descriptor/node_modules/kind-of/package.json
Dependency Hierarchy:
Found in HEAD commit: 43e5f2a9f7776866ffdc3d7f0180d1b87aab5035
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Publish Date: 2019-12-30
URL: CVE-2019-20149
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20822
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: 81ef9d00d275b65353f00bd7be519c1ff24bca87
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.
Publish Date: 2019-11-06
URL: CVE-2019-18797
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18797
Release Date: 2019-11-06
Fix Resolution: 3.6.3
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-12-03
URL: CVE-2018-19827
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::skip_over_scopes in prelexer.hpp when called from Sass::Parser::parse_import(), a similar issue to CVE-2018-11693.
Publish Date: 2019-01-14
URL: CVE-2019-6286
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/asset-resolver/node_modules/lodash/package.json
Dependency Hierarchy:
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/oust/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/cave/node_modules/lodash/package.json
Dependency Hierarchy:
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.11.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 8195e5c1be288267d74cb92d59b47b5c8b14d389
A Prototype Pollution vulnerability was found in lodash through version 4.17.11.
Publish Date: 2019-07-08
URL: CVE-2019-10744
Type: Upgrade version
Origin: lodash/lodash@a01e4fa
Release Date: 2019-07-08
Fix Resolution: 4.17.12
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/asset-resolver/node_modules/lodash/package.json
Dependency Hierarchy:
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/oust/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/cave/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Publish Date: 2019-02-01
URL: CVE-2018-16487
Base Score Metrics:
Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16487
Release Date: 2019-02-01
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!
Library home page: https://registry.npmjs.org/bl/-/bl-1.2.2.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/bl/package.json
Dependency Hierarchy:
Found in HEAD commit: 74dee4c2cae7ce4f6119a013ef63600a768a7b77
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1 and <2.2.1 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
Publish Date: 2020-07-21
URL: CVE-2020-8244
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8244
Release Date: 2020-07-21
Fix Resolution: 2.2.1,3.0.1,4.0.3
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /2048/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/tinycolor2/index.html
Path to vulnerable library: /2048/node_modules/tinycolor2/demo/jquery-1.9.1.js,/2048/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/vm-browserify/example/run/index.html
Path to vulnerable library: /2048/node_modules/vm-browserify/example/run/index.html
Dependency Hierarchy:
Found in HEAD commit: 3d66aea58ebd85a879a52006b5f871dc73085b72
JQuery, before 2.2.0, is vulnerable to Cross-site Scripting (XSS) attacks via text/javascript response with arbitrary code execution.
Publish Date: 2016-11-27
URL: WS-2016-0090
Type: Upgrade version
Origin: jquery/jquery@b078a62
Release Date: 2019-04-08
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: 0bd2d6ac21fd15bc7f7de7fabda3faea2af5c868
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Publish Date: 2020-06-04
URL: CVE-2020-13822
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-17
URL: CVE-2018-20190
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.
Publish Date: 2018-05-26
URL: CVE-2018-11499
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Selector_List::populate_extends in SharedPtr.hpp (used by ast.cpp and ast_selectors.cpp) may cause a Denial of Service (application crash) via a crafted sass input file.
Publish Date: 2018-12-03
URL: CVE-2018-19797
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/oust/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/cave/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.
Publish Date: 2018-06-07
URL: CVE-2018-3721
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-3721
Release Date: 2018-06-07
Fix Resolution: 4.17.5
Step up your Open Source Security Game with WhiteSource here
HTTP proxying for the masses
Library home page: https://registry.npmjs.org/http-proxy/-/http-proxy-1.15.2.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/http-proxy/package.json
Dependency Hierarchy:
Found in HEAD commit: f1bece02fabc8824e9bc201b047b0b9ca64cc1f5
Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERR_HTTP_HEADERS_SENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the proxyReq.setHeader function.
Publish Date: 2020-05-14
URL: WS-2020-0091
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1486
Release Date: 2020-05-26
Fix Resolution: http-proxy - 1.18.1
Step up your Open Source Security Game with WhiteSource here
Promise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.17.1.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/axios/package.json
Dependency Hierarchy:
Found in HEAD commit: b287c1f49141ed857742868a44fdbc0ff446ce3a
Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.
Publish Date: 2019-05-07
URL: CVE-2019-10742
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/js-base64/test/index.html
Path to vulnerable library: /2048/node_modules/js-base64/test/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /2048/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/tinycolor2/test/index.html
Path to vulnerable library: /2048/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js,/2048/node_modules/tinycolor2/demo/jquery-1.9.1.js
Dependency Hierarchy:
Found in HEAD commit: 1ef613d93155262138cc75e2b902143367db38ae
In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6284
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().
Publish Date: 2018-12-04
URL: CVE-2018-19838
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19838
Fix Resolution: 3.5.5
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).
Publish Date: 2019-04-23
URL: CVE-2018-20821
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Get, set, or delete a property from a nested object using a dot path
Library home page: https://registry.npmjs.org/dot-prop/-/dot-prop-4.2.0.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/dot-prop/package.json
Dependency Hierarchy:
Found in HEAD commit: 7c090d20bda65c244423514dbaeddd3db6e0857b
Prototype pollution vulnerability in dot-prop npm package version 5.1.0 and earlier allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Publish Date: 2020-02-04
URL: CVE-2020-8116
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116
Release Date: 2020-02-04
Fix Resolution: dot-prop - 5.1.1
Step up your Open Source Security Game with WhiteSource here
YAML 1.2 parser and serializer
Library home page: https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/js-yaml/package.json
Dependency Hierarchy:
Found in HEAD commit: 110cda77d316d3d3d3c956973abda6fae784f4f8
Js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load() function may execute arbitrary code injected through a malicious YAML file.
Publish Date: 2019-04-30
URL: WS-2019-0063
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/813
Release Date: 2019-04-30
Fix Resolution: 3.13.1
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /2048/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/tinycolor2/index.html
Path to vulnerable library: /2048/node_modules/tinycolor2/demo/jquery-1.9.1.js,/2048/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js
Dependency Hierarchy:
Found in HEAD commit: b1c0fa9a6e1a3236044a9cd70f893e0fddbcb888
The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Publish Date: 2019-10-23
URL: CVE-2015-9521
Type: Upgrade version
Origin: jquery/jquery@b078a62
Release Date: 2019-10-23
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
tar for node
Library home page: https://registry.npmjs.org/tar/-/tar-2.2.1.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/node-gyp/node_modules/tar/package.json
Dependency Hierarchy:
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
Versions of node-tar prior to 4.4.2 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system's file with the contents of the extracted file.
Publish Date: 2019-04-05
URL: WS-2019-0047
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/803
Release Date: 2019-04-05
Fix Resolution: 4.4.2
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.
Publish Date: 2018-06-04
URL: CVE-2018-11695
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.
Publish Date: 2019-01-14
URL: CVE-2019-6283
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
A pure javascript JPEG encoder and decoder
Library home page: https://registry.npmjs.org/jpeg-js/-/jpeg-js-0.3.7.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/jpeg-js/package.json
Dependency Hierarchy:
Found in HEAD commit: f53fecb70323fadbea333ad6c2337ae6869d8f79
Uncontrolled resource consumption in jpeg-js
before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.
Publish Date: 2020-07-21
URL: CVE-2020-8175
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8175
Release Date: 2020-07-21
Fix Resolution: 0.4.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/vm-browserify/example/run/index.html
Path to vulnerable library: /2048/node_modules/vm-browserify/example/run/index.html
Dependency Hierarchy:
Found in HEAD commit: 3d66aea58ebd85a879a52006b5f871dc73085b72
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 4c661762095a935b2d510c682bdbd3351d254078
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Extracting archives made easy
Library home page: https://registry.npmjs.org/decompress/-/decompress-4.2.0.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/decompress/package.json
Dependency Hierarchy:
Found in HEAD commit: 8570e2ef6a1fcd90c4827221f91f5c1fd7d2bcb7
decompress in all its versions is vulnerable to arbitrary file write. the package fails to prevent an extraction of files with relative paths which allows attackers to write to any folder in the system.
Publish Date: 2020-03-08
URL: WS-2020-0044
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11693
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Update links to social networks based on the latest changes in atanas.info.
Also add a link to atanas.info.
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /2048/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/tinycolor2/test/index.html
Path to vulnerable library: /2048/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js,/2048/node_modules/tinycolor2/demo/jquery-1.9.1.js
Dependency Hierarchy:
Found in HEAD commit: 3b0b042b45e018c88529c0c8367edbc8787adad6
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /2048/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/tinycolor2/index.html
Path to vulnerable library: /2048/node_modules/tinycolor2/demo/jquery-1.9.1.js,/2048/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js
Dependency Hierarchy:
Found in HEAD commit: 3d66aea58ebd85a879a52006b5f871dc73085b72
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Change files
Origin: jquery/jquery@753d591
Release Date: 2019-03-25
Fix Resolution: Replace or update the following files: core.js, core.js
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11697
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.
Publish Date: 2018-06-04
URL: CVE-2018-11698
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
tar for node
Library home page: https://registry.npmjs.org/tar/-/tar-2.2.2.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/node-gyp/node_modules/tar/package.json
Dependency Hierarchy:
Found in HEAD commit: 85785856c0e37100d8e1f70fb09dac46c8904b28
A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content.
Publish Date: 2019-04-30
URL: CVE-2018-20834
Base Score Metrics:
Type: Upgrade version
Origin: https://hackerone.com/reports/344595
Release Date: 2019-04-30
Fix Resolution: v4.4.2
Step up your Open Source Security Game with WhiteSource here
The modern build of lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-3.10.1.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/oust/node_modules/lodash/package.json
Dependency Hierarchy:
A utility library delivering consistency, customization, performance, & extras.
Library home page: https://registry.npmjs.org/lodash/-/lodash-2.4.2.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/cave/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 490b25b61ecc1c40311a924aa487eb446971a0cc
lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.
Publish Date: 2019-07-17
URL: CVE-2019-1010266
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
Release Date: 2019-07-17
Fix Resolution: 4.17.11
Step up your Open Source Security Game with WhiteSource here
Library home page: https://chromium.googlesource.com/chromium/src
Found in HEAD commit: 9969343c85789025474cf57fb2a5ca085e8e3ab6
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
Publish Date: 2014-01-21
URL: CVE-2013-0340
Type: Upgrade version
Origin: https://security.gentoo.org/glsa/201701-21
Release Date: 2017-01-11
Fix Resolution: All Expat users should upgrade to the latest version >= expat-2.2.0-r1
Step up your Open Source Security Game with WhiteSource here
๐ Node.js bindings to libsass
Library home page: https://github.com/sass/node-sass.git
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.
In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file.
Publish Date: 2018-12-04
URL: CVE-2018-19839
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19839
Fix Resolution: 3.5.5
Step up your Open Source Security Game with WhiteSource here
A querystring parser that supports nesting and arrays, with a depth limit
Library home page: https://registry.npmjs.org/qs/-/qs-6.2.3.tgz
Path to dependency file: /2048/package.json
Path to vulnerable library: /tmp/git/2048/node_modules/qs/package.json
Dependency Hierarchy:
Found in HEAD commit: b58bbe703411c8203ad9e68496cd450c7f2ea208
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash.
Publish Date: 2017-07-17
URL: CVE-2017-1000048
Base Score Metrics:
Type: Change files
Origin: ljharb/qs@c709f6e
Release Date: 2017-03-06
Fix Resolution: Replace or update the following files: parse.js, parse.js, utils.js
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/js-base64/.attic/test-moment/index.html
Path to vulnerable library: /2048/node_modules/js-base64/.attic/test-moment/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/tinycolor2/index.html
Path to vulnerable library: /2048/node_modules/tinycolor2/demo/jquery-1.9.1.js,/2048/node_modules/tinycolor2/test/../demo/jquery-1.9.1.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js
Path to dependency file: /tmp/ws-scm/2048/node_modules/vm-browserify/example/run/index.html
Path to vulnerable library: /2048/node_modules/vm-browserify/example/run/index.html
Dependency Hierarchy:
Found in HEAD commit: 3d66aea58ebd85a879a52006b5f871dc73085b72
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/sass-graph/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-10.1.0.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/critical/node_modules/yargs-parser/package.json
Dependency Hierarchy:
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-4.2.1.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/browser-sync/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 54f27c77aaf05ec3859ee7866fa4679fecde03a8
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. Parsing the argument --foo.proto.bar baz' adds a bar property with value baz to all objects. This is only exploitable if attackers have control over the arguments being passed to yargs-parser.
Publish Date: 2020-05-01
URL: WS-2020-0068
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/package/yargs-parser
Release Date: 2020-05-04
Fix Resolution: https://www.npmjs.com/package/yargs-parser/v/18.1.2,https://www.npmjs.com/package/yargs-parser/v/15.0.1
Step up your Open Source Security Game with WhiteSource here
ECMAScript parser
Library home page: https://registry.npmjs.org/acorn/-/acorn-6.4.0.tgz
Path to dependency file: /tmp/ws-scm/2048/package.json
Path to vulnerable library: /tmp/ws-scm/2048/node_modules/acorn/package.json
Dependency Hierarchy:
Found in HEAD commit: 5ff91286bf970b60fa51979d8978797bf4090698
acorn is vulnerable to REGEX DoS. A regex of the form /[x-\ud800]/u causes the parser to enter an infinite loop. attackers may leverage the vulnerability leading to a Denial of Service since the string is not valid UTF16 and it results in it being sanitized before reaching the parser.
Publish Date: 2020-03-08
URL: WS-2020-0042
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1488
Release Date: 2020-03-08
Fix Resolution: 7.1.1
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.