This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is…

This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk’s internal network via directory traversal. Zafiyet ile…

This affects the package properties-reader before 2.2.0. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database

This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they…

This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they…

This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link. Zafiyet ile ilgili Genel Bilgi,…

This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped. Zafiyet ile ilgili…

This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) Zafiyet ile ilgili…

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National…

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function. Zafiyet ile ilgili Genel…