daemontoolz / locuste.dashboard.mobile Goto Github PK
View Code? Open in Web Editor NEWLOCUSTE : Interface graphique Mobile ANGULAR
License: MIT License
LOCUSTE : Interface graphique Mobile ANGULAR
License: MIT License
Fetch-based http client for use with npm registry APIs
Library home page: https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-4.0.4.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/npm-registry-fetch/package.json
Dependency Hierarchy:
Found in base branch: master
npm-registry-fetch before 4.0.5 and 8.1.1 is vulnerable to an information exposure vulnerability through log files.
Publish Date: 2020-07-07
URL: WS-2020-0127
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1544
Release Date: 2020-07-07
Fix Resolution (npm-registry-fetch): 4.0.5
Direct dependency fix Resolution (@angular/cli): 9.1.8
Step up your Open Source Security Game with Mend here
node.js realtime framework server
Library home page: https://registry.npmjs.org/socket.io/-/socket.io-2.1.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/socket.io/package.json
Dependency Hierarchy:
Found in base branch: master
In socket.io in versions 1.0.0 to 2.3.0 is vulnerable to Cross-Site Websocket Hijacking, it allows an attacker to bypass origin protection using special symbols include "`" and "$".
Publish Date: 2020-02-20
URL: WS-2020-0443
Base Score Metrics:
Type: Upgrade version
Origin: https://hackerone.com/reports/931197
Release Date: 2020-02-20
Fix Resolution (socket.io): 2.4.0
Direct dependency fix Resolution (karma): 5.0.8
Step up your Open Source Security Game with Mend here
JSON for humans.
Library home page: https://registry.npmjs.org/json5/-/json5-2.1.3.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/json5/package.json
Dependency Hierarchy:
JSON for humans.
Library home page: https://registry.npmjs.org/json5/-/json5-1.0.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/stylus-loader/node_modules/json5/package.json
Dependency Hierarchy:
Found in base branch: master
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The parse
method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named __proto__
, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse
and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse
. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. JSON5.parse
should restrict parsing of __proto__
keys when parsing JSON strings to objects. As a point of reference, the JSON.parse
method included in JavaScript ignores __proto__
keys. Simply changing JSON5.parse
to JSON.parse
in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.
Publish Date: 2022-12-24
URL: CVE-2022-46175
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-46175
Release Date: 2022-12-24
Fix Resolution (json5): 2.2.2
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Fix Resolution (json5): 2.2.2
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: /locuste-mobile/node_modules/selenium-webdriver/lib/test/data/selectableItems.html
Path to vulnerable library: /locuste-mobile/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Publish Date: 2013-03-08
URL: CVE-2011-4969
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2011-4969
Release Date: 2013-03-08
Fix Resolution: 1.6.3
Step up your Open Source Security Game with Mend here
W3C compliant EventSource client for Node.js and browser (polyfill)
Library home page: https://registry.npmjs.org/eventsource/-/eventsource-1.0.7.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/eventsource/package.json
Dependency Hierarchy:
Found in base branch: master
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
Publish Date: 2022-05-12
URL: CVE-2022-1650
Base Score Metrics:
Type: Upgrade version
Release Date: 2022-05-12
Fix Resolution (eventsource): 1.1.1
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in base branch: master
Forge (also called node-forge
) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check DigestInfo
for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in node-forge
version 1.3.0. There are currently no known workarounds.
Publish Date: 2022-03-18
URL: CVE-2022-24773
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773
Release Date: 2022-03-18
Fix Resolution (node-forge): 1.3.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 13.2.0
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: /locuste-mobile/node_modules/selenium-webdriver/lib/test/data/selectableItems.html
Path to vulnerable library: /locuste-mobile/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - 3.0.0
Step up your Open Source Security Game with Mend here
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in base branch: master
The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.
Publish Date: 2021-02-02
URL: CVE-2020-28498
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2020-28498
Release Date: 2021-02-02
Fix Resolution (elliptic): 6.5.4
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-1.9.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/mini-css-extract-plugin/node_modules/normalize-url/package.json
Dependency Hierarchy:
Normalize a URL
Library home page: https://registry.npmjs.org/normalize-url/-/normalize-url-3.3.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/normalize-url/package.json
Dependency Hierarchy:
Found in base branch: master
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
Publish Date: 2021-05-24
URL: CVE-2021-33502
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
Release Date: 2021-05-24
Fix Resolution: normalize-url - 4.5.1,5.3.1,6.0.1
Step up your Open Source Security Game with Mend here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in base branch: master
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Publish Date: 2020-09-01
URL: CVE-2020-7720
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-09-01
Fix Resolution (node-forge): 0.10.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-1.4.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/stylus-loader/node_modules/loader-utils/package.json
Dependency Hierarchy:
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/loader-utils/package.json
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
Publish Date: 2022-10-14
URL: CVE-2022-37603
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-3rfm-jhwj-7488
Release Date: 2022-10-14
Fix Resolution (loader-utils): 1.4.2
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Fix Resolution (loader-utils): 1.4.2
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.4.7.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/url-parse/package.json
Dependency Hierarchy:
Found in base branch: master
url-parse is vulnerable to URL Redirection to Untrusted Site
Publish Date: 2021-07-26
URL: CVE-2021-3664
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3664
Release Date: 2021-07-26
Fix Resolution (url-parse): 1.5.2
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
Higher-order functions and common patterns for asynchronous code
Library home page: https://registry.npmjs.org/async/-/async-2.6.3.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/async/package.json
Dependency Hierarchy:
Found in base branch: master
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
Publish Date: 2022-04-06
URL: CVE-2021-43138
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-43138
Release Date: 2022-04-06
Fix Resolution (async): 2.6.4
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
Spectacular Test Runner for JavaScript.
Library home page: https://registry.npmjs.org/karma/-/karma-4.4.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/karma/package.json
Dependency Hierarchy:
Found in base branch: master
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
Publish Date: 2022-02-25
URL: CVE-2021-23495
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23495
Release Date: 2022-02-25
Fix Resolution: 6.3.16
Step up your Open Source Security Game with Mend here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /tmp/ws-scm/locuste.dashboard.mobile/locuste-mobile/package.json
Path to vulnerable library: /tmp/ws-scm/locuste.dashboard.mobile/locuste-mobile/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype
Publish Date: 2020-04-28
URL: WS-2020-0070
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/lodash/package.json
Dependency Hierarchy:
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Publish Date: 2021-02-15
URL: CVE-2020-28500
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (karma): 5.0.0
Step up your Open Source Security Game with Mend here
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.12.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/browserslist/package.json
Dependency Hierarchy:
Found in base branch: master
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution (browserslist): 4.16.5
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.4.7.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/url-parse/package.json
Dependency Hierarchy:
Found in base branch: master
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
Publish Date: 2022-02-14
URL: CVE-2022-0512
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0512
Release Date: 2022-02-14
Fix Resolution (url-parse): 1.5.6
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
Publish Date: 2020-06-04
URL: CVE-2020-13822
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-07-02
Fix Resolution (elliptic): 6.5.3
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/loader-utils/package.json
Dependency Hierarchy:
Found in base branch: master
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
Publish Date: 2022-10-11
URL: CVE-2022-37599
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-hhq3-ff78-jv3g
Release Date: 2022-10-11
Fix Resolution (loader-utils): 2.0.3
Direct dependency fix Resolution (@angular-devkit/build-angular): 13.0.0
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: /locuste-mobile/node_modules/selenium-webdriver/lib/test/data/selectableItems.html
Path to vulnerable library: /locuste-mobile/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-q4m3-2j7h-f7xw
Release Date: 2020-05-19
Fix Resolution: jquery - 1.9.0
Step up your Open Source Security Game with Mend here
the mighty option parser used by yargs
Library home page: https://registry.npmjs.org/yargs-parser/-/yargs-parser-11.1.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/protractor/node_modules/yargs-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload.
Publish Date: 2020-03-16
URL: CVE-2020-7608
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-03-16
Fix Resolution (yargs-parser): 13.1.2
Direct dependency fix Resolution (protractor): 7.0.0
Step up your Open Source Security Game with Mend here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/lodash/package.json
Dependency Hierarchy:
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-35jh-r3h4-6jhm
Release Date: 2021-02-15
Fix Resolution (lodash): 4.17.21
Direct dependency fix Resolution (karma): 5.0.0
Step up your Open Source Security Game with Mend here
Serialize JavaScript to a superset of JSON that includes regular expressions and functions.
Library home page: https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-2.1.2.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/serialize-javascript/package.json
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
Publish Date: 2020-06-01
URL: CVE-2020-7660
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7660
Release Date: 2020-06-08
Fix Resolution (serialize-javascript): 3.1.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.9
Step up your Open Source Security Game with Mend here
XMLHttpRequest for Node
Library home page: https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/xmlhttprequest-ssl/package.json
Dependency Hierarchy:
Found in base branch: master
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
Publish Date: 2021-04-23
URL: CVE-2021-31597
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31597
Release Date: 2021-04-23
Fix Resolution (xmlhttprequest-ssl): 1.6.1
Direct dependency fix Resolution (socket.io-client): 2.4.0
Step up your Open Source Security Game with Mend here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/lodash/package.json
Dependency Hierarchy:
Found in base branch: master
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
Publish Date: 2020-07-15
URL: CVE-2020-8203
Base Score Metrics:
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/1523
Release Date: 2020-07-15
Fix Resolution (lodash): 4.17.19
Direct dependency fix Resolution (karma): 5.0.0
Step up your Open Source Security Game with Mend here
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.4.7.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/url-parse/package.json
Dependency Hierarchy:
Found in base branch: master
url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path.
Publish Date: 2021-02-22
URL: CVE-2021-27515
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27515
Release Date: 2021-02-22
Fix Resolution (url-parse): 1.5.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
EC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.2.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
all versions of elliptic are vulnerable to Timing Attack through side-channels.
Publish Date: 2019-11-13
URL: WS-2019-0424
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/WS-2019-0424
Release Date: 2019-11-13
Fix Resolution (elliptic): 6.5.3
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
Strips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/glob-parent/package.json
Dependency Hierarchy:
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/chokidar/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in base branch: master
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution (glob-parent): 5.1.2
Direct dependency fix Resolution (@angular-devkit/build-angular): 13.0.0
Fix Resolution (glob-parent): 5.1.2
Direct dependency fix Resolution (@angular/compiler-cli): 9.1.10
Step up your Open Source Security Game with Mend here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/optimist/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
Publish Date: 2020-03-11
URL: CVE-2020-7598
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-03-11
Fix Resolution (minimist): 0.2.1
Direct dependency fix Resolution (karma): 5.0.0
Step up your Open Source Security Game with Mend here
A better decodeURIComponent
Library home page: https://registry.npmjs.org/decode-uri-component/-/decode-uri-component-0.2.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/decode-uri-component/package.json
Dependency Hierarchy:
Found in base branch: master
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
Publish Date: 2022-11-28
URL: CVE-2022-38900
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-w573-4hg7-7wgq
Release Date: 2022-11-28
Fix Resolution (decode-uri-component): 0.2.1
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: /locuste-mobile/node_modules/selenium-webdriver/lib/test/data/selectableItems.html
Path to vulnerable library: /locuste-mobile/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
Found in base branch: master
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with Mend here
Strips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/glob-parent/package.json
Dependency Hierarchy:
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/chokidar/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 7af9ca13181870a5f6a0ab095c8b762fd0afbb09
The package glob-parent before 6.0.1 are vulnerable to Regular Expression Denial of Service (ReDoS)
Publish Date: 2021-06-22
URL: CVE-2021-35065
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-cj88-88mr-972w
Release Date: 2021-06-22
Fix Resolution (glob-parent): 6.0.1
Direct dependency fix Resolution (@angular-devkit/build-angular): 14.1.0
Step up your Open Source Security Game with Mend here
socket.io protocol parser
Library home page: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.2.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/socket.io-parser/package.json
Dependency Hierarchy:
socket.io protocol parser
Library home page: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.3.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/socket.io-client/node_modules/socket.io-parser/package.json
Dependency Hierarchy:
Found in base branch: master
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
Publish Date: 2021-01-08
URL: CVE-2020-36049
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-xfhh-g9f5-x4m4
Release Date: 2021-01-08
Fix Resolution (socket.io-parser): 3.3.2
Direct dependency fix Resolution (karma): 5.0.8
Fix Resolution (socket.io-parser): 3.3.2
Direct dependency fix Resolution (socket.io-client): 2.3.1
Step up your Open Source Security Game with Mend here
Spectacular Test Runner for JavaScript.
Library home page: https://registry.npmjs.org/karma/-/karma-4.4.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/karma/package.json
Dependency Hierarchy:
Found in base branch: master
Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
Publish Date: 2022-02-05
URL: CVE-2022-0437
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2022-0437
Release Date: 2022-02-05
Fix Resolution: 6.3.14
Step up your Open Source Security Game with Mend here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in base branch: master
Forge (also called node-forge
) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a DigestInfo
ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in node-forge
version 1.3.0. There are currently no known workarounds.
Publish Date: 2022-03-18
URL: CVE-2022-24772
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772
Release Date: 2022-03-18
Fix Resolution (node-forge): 1.3.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 13.2.0
Step up your Open Source Security Game with Mend here
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-1.4.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/stylus-loader/node_modules/loader-utils/package.json
Dependency Hierarchy:
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/loader-utils/package.json
Dependency Hierarchy:
Found in base branch: master
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils 2.0.0 via the name variable in parseQuery.js.
Publish Date: 2022-10-12
URL: CVE-2022-37601
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-76p3-8jx3-jpfq
Release Date: 2022-10-12
Fix Resolution (loader-utils): 1.4.1
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Fix Resolution (loader-utils): 1.4.1
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.4.7.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/url-parse/package.json
Dependency Hierarchy:
Found in base branch: master
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
Publish Date: 2022-02-17
URL: CVE-2022-0639
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0639
Release Date: 2022-02-17
Fix Resolution (url-parse): 1.5.7
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
node.js realtime framework server
Library home page: https://registry.npmjs.org/socket.io/-/socket.io-2.1.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/socket.io/package.json
Dependency Hierarchy:
Found in base branch: master
The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default.
Publish Date: 2021-01-19
URL: CVE-2020-28481
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28481
Release Date: 2021-01-19
Fix Resolution (socket.io): 2.4.0
Direct dependency fix Resolution (karma): 5.0.8
Step up your Open Source Security Game with Mend here
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-4.6.10.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/terser/package.json
Dependency Hierarchy:
Found in base branch: master
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: 2022-07-15
URL: CVE-2022-25858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: 2022-07-15
Fix Resolution (terser): 4.8.1
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.1001.0
Step up your Open Source Security Game with Mend here
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/minimist/package.json
Dependency Hierarchy:
parse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-0.0.10.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/optimist/node_modules/minimist/package.json
Dependency Hierarchy:
Found in base branch: master
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-xvch-5gv4-984h
Release Date: 2022-03-17
Fix Resolution (minimist): 1.2.6
Direct dependency fix Resolution (@angular/compiler-cli): 9.1.10
Fix Resolution (minimist): 1.2.6
Direct dependency fix Resolution (karma): 5.0.0
Step up your Open Source Security Game with Mend here
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.4.7.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/url-parse/package.json
Dependency Hierarchy:
Found in base branch: master
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
Publish Date: 2022-02-21
URL: CVE-2022-0691
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0691
Release Date: 2022-02-21
Fix Resolution (url-parse): 1.5.9
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/minimatch/package.json
Dependency Hierarchy:
Found in base branch: master
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: 2022-10-17
URL: CVE-2022-3517
Base Score Metrics:
Step up your Open Source Security Game with Mend here
XMLHttpRequest for Node
Library home page: https://registry.npmjs.org/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/xmlhttprequest-ssl/package.json
Dependency Hierarchy:
Found in base branch: master
This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.
Publish Date: 2021-03-05
URL: CVE-2020-28502
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-h4j5-c7cj-74xg
Release Date: 2021-03-05
Fix Resolution (xmlhttprequest-ssl): 1.6.1
Direct dependency fix Resolution (socket.io-client): 2.4.0
Step up your Open Source Security Game with Mend here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in base branch: master
The forge.debug API had a potential prototype pollution issue if called with untrusted input. The API was only used for internal debug purposes in a safe way and never documented or advertised. It is suspected that uses of this API, if any exist, would likely not have used untrusted inputs in a vulnerable way.
Publish Date: 2022-01-08
URL: WS-2022-0008
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5rrq-pxf6-6jx5
Release Date: 2022-01-08
Fix Resolution (node-forge): 1.0.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 13.2.0
Step up your Open Source Security Game with Mend here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in base branch: master
forge is vulnerable to URL Redirection to Untrusted Site
Publish Date: 2022-01-06
URL: CVE-2022-0122
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-gf8q-jrpm-jvxq
Release Date: 2022-01-06
Fix Resolution (node-forge): 1.0.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 13.2.0
Step up your Open Source Security Game with Mend here
JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.0.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in base branch: master
Forge (also called node-forge
) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in node-forge
version 1.3.0. There are currently no known workarounds.
Publish Date: 2022-03-18
URL: CVE-2022-24771
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771
Release Date: 2022-03-18
Fix Resolution (node-forge): 1.3.0
Direct dependency fix Resolution (@angular-devkit/build-angular): 13.2.0
Step up your Open Source Security Game with Mend here
Small footprint URL parser that works seamlessly across Node.js and browser environments
Library home page: https://registry.npmjs.org/url-parse/-/url-parse-1.4.7.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/url-parse/package.json
Dependency Hierarchy:
Found in base branch: master
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
Publish Date: 2022-02-20
URL: CVE-2022-0686
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0686
Release Date: 2022-02-20
Fix Resolution (url-parse): 1.5.8
Direct dependency fix Resolution (@angular-devkit/build-angular): 0.901.8
Step up your Open Source Security Game with Mend here
The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server
Library home page: https://registry.npmjs.org/engine.io/-/engine.io-3.2.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/engine.io/package.json
Dependency Hierarchy:
Found in base branch: master
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
Publish Date: 2021-01-08
URL: CVE-2020-36048
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36048
Release Date: 2021-01-08
Fix Resolution (engine.io): 3.6.0
Direct dependency fix Resolution (karma): 5.0.8
Step up your Open Source Security Game with Mend here
The realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server
Library home page: https://registry.npmjs.org/engine.io/-/engine.io-3.2.1.tgz
Path to dependency file: /locuste-mobile/package.json
Path to vulnerable library: /locuste-mobile/node_modules/engine.io/package.json
Dependency Hierarchy:
Found in base branch: master
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.
Publish Date: 2022-11-22
URL: CVE-2022-41940
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-r7qp-cfhv-p84w
Release Date: 2022-11-22
Fix Resolution (engine.io): 3.6.1
Direct dependency fix Resolution (karma): 5.0.8
Step up your Open Source Security Game with Mend here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.