Node.js third-party modules
No technology is perfect, and Node.js believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in a third-party Node.js module, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
If you seek help, please ping us on our public Slack https://nodejs-security- wg.herokuapp.com/ .
Vulnerabilities in Node.js core should be reported via@nodejs
Thank you for helping keep the Node.js ecosystem safe!
| Scope Type | Scope Name |
|---|---|
| application | yarn |
| undefined | pino |
| undefined | fastify |
| undefined | lodash |
| undefined | seneca |
| undefined | gitlabhook |
| undefined | http_server |
| undefined | express |
| undefined | noble |
| undefined | url-parse |
| undefined | markdown-pdf |
| undefined | simplehttpserver |
| undefined | statics-server |
| undefined | node-red |
| undefined | mqtt-packet |
| undefined | express-cart |
| undefined | pdf-image |
| undefined | gatsby-remark-images-contentful |
| undefined | handlebars |
| undefined | finalhandler |
| undefined | atob |
| undefined | kill-port |
| undefined | dot |
| undefined | is-my-json-valid |
| undefined | pdf-officegen |
| undefined | node-tar |
| undefined | smart-extend |
| undefined | jQuery |
| undefined | bufferjs |
| undefined | http-sync |
| undefined | node-email |
| undefined | questor |
| undefined | node-buffer-builder |
| undefined | atlasboard-atlassian-package |
| undefined | zlib-browserify |
| undefined | kramed |
| undefined | whereis |
| undefined | merge-deep |
| undefined | assign-deep |
| undefined | crud-file-server |
| undefined | defaults-deep |
| undefined | bower |
| undefined | servey |
| undefined | just-extend |
| undefined | mpath |
| undefined | harp |
| undefined | flatmap-stream |
| undefined | zombie |
| undefined | tianma-static |
| undefined | morgan |
| undefined | send |
| undefined | ponse |
| undefined | node-xlsx |
| undefined | http-live-simulator |
| undefined | samlify |
| undefined | bruteser |
| undefined | knightjs |
| undefined | ascii-art |
| undefined | takeapeek |
| undefined | apex-publish-static-files |
| undefined | samsung-remote |
| undefined | cached-path-relative |
| undefined | ps |
| undefined | libnmap |
| undefined | egg-scripts |
| undefined | flintcms |
| undefined | win-spawn |
| undefined | extend |
| undefined | sql |
| undefined | exceljs |
| undefined | open |
| undefined | public |
| undefined | mcstatic |
| undefined | bracket-template |
| undefined | augustine |
| undefined | html-pages |
| undefined | grunt-serve |
| undefined | sexstatic |
| undefined | metascraper |
| undefined | react-marked-markdown |
| undefined | macaddress |
| undefined | base64url |
| undefined | ua-parser-js |
| undefined | useragent |
| undefined | byte |
| undefined | merge |
| undefined | njwt |
| undefined | canvas |
| undefined | formidable |
| undefined | command-exists |
| undefined | memjs |
| undefined | file-static-server |
| undefined | utile |
| undefined | getcookies |
| undefined | put |
| undefined | funcster |
| undefined | cryo |
| undefined | fs-path |
| undefined | stringstream |
| undefined | npmconf |
| undefined | entitlements |
| undefined | merge-objects |
| undefined | merge-options |
| undefined | merge-recursive |
| undefined | marked |
| undefined | deep-extend |
| undefined | deap |
| undefined | https-proxy-agent |
| undefined | typeorm |
| undefined | sshpk |
| undefined | protobufjs |
| undefined | stattic |
| undefined | resolve-path |
| undefined | mixin-deep |
| undefined | rgb2hex |
| undefined | foreman |
| undefined | concat-with-sourcemaps |
| undefined | hoek |
| undefined | superstatic |
| undefined | 626 |
| undefined | metascrapper |
| undefined | hekto |
| undefined | anywhere |
| undefined | general-file-server |
| undefined | angular-http-server |
| undefined | node-srv |
| undefined | simple-server |
| undefined | pullit |
| undefined | scrape-metadata |
| undefined | glance |
| undefined | http-proxy-agent |
| undefined | featurebook |
| undefined | html-janitor |
| undefined | lactate |
| undefined | serve-here |
| undefined | serve |
| undefined | multer |
| undefined | body-parser |
| undefined | m-server |
| undefined | pdfinfojs |
| undefined | buttle |
| undefined | cloudcmd |
| undefined | git-dummy-commit |
| undefined | tree-kill |
| undefined | express-useragent |
| undefined | treekill |
| undefined | node-static |
| undefined | node-df |
| undefined | kill-port-process |
| undefined | fileview |
| undefined | new-serve |
| undefined | seeftl |
| undefined | meta-git |
| undefined | hexo-admin |
| undefined | npm-git-publish |
| undefined | jimp |
| undefined | jpeg-js |
| undefined | devcert |
| undefined | Ghost |
| undefined | crypto-js |
| undefined | jison |
| undefined | logkitty |
| undefined | react-autolinker-wrapper |
| undefined | utils-extend |
| undefined | jsonpointer |
| undefined | Uppy |
| undefined | json-bigint |
| undefined | property-expr |
| undefined | i18next |
| undefined | json8-merge-patch |
| undefined | node-downloader-helper |
| undefined | json-stable-stringify |
| web_application | MQTT.js |
| web_application | node.extend |
| web_application | reveal.js |
| web_application | localhost-now |
| web_application | total.js |
| web_application | webpack-bundle-analyzer |
This program have been found on Hackerone on 2017-12-08.
FireBounty © 2015-2025
