Thesis at Computer Academy STEP. A cross-platform messenger consisting of a SPA application in Angular, as well as a native mobile application in Kotlin.
Home Page: https://www.youtube.com/watch?v=AHxxJGIcA14
License: Apache License 2.0
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
Vulnerable Libraries - ansi-regex-4.1.0.tgz, ansi-regex-3.0.0.tgz
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/@nrwl/workspace/node_modules/strip-ansi/node_modules/ansi-regex/package.json,wlodzimierz/src/Clients/web-spa/node_modules/firebase-tools/node_modules/strip-ansi/node_modules/ansi-regex/package.json,wlodzimierz/src/Clients/web-spa/node_modules/qrcode/node_modules/ansi-regex/package.json,wlodzimierz/src/Clients/web-spa/node_modules/@nrwl/tao/node_modules/strip-ansi/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/boxen/node_modules/ansi-regex/package.json,wlodzimierz/src/Clients/web-spa/node_modules/ansi-align/node_modules/ansi-regex/package.json,wlodzimierz/src/Clients/web-spa/node_modules/firebase-tools/node_modules/ansi-regex/package.json,wlodzimierz/src/Clients/web-spa/node_modules/@nrwl/workspace/node_modules/ansi-regex/package.json,wlodzimierz/src/Clients/web-spa/node_modules/@nrwl/tao/node_modules/ansi-regex/package.json,wlodzimierz/src/Clients/web-spa/node_modules/widest-line/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 7a72eaa0f1be73dbb66417f9a5d0876e63a3e5f1
Found in base branch: main
Vulnerability Details
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution: ansi-regex - 5.0.1,6.0.1
Step up your Open Source Security Game with WhiteSource here
Please install our new product, Sonatype Lift with advanced features
Vulnerable Library - xmldom-0.1.31.tgzA W3C Standard XML DOM(Level2 CORE) implementation and parser(DOMParser/XMLSerializer).
Library home page: https://registry.npmjs.org/xmldom/-/xmldom-0.1.31.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/xmldom/package.json
Dependency Hierarchy:
Found in HEAD commit: dd1a8125603f8270087b5e959fa71a65f2a0bc62
Found in base branch: main
Vulnerability Details
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.
Publish Date: 2021-03-12
URL: CVE-2021-21366
CVSS 3 Score Details (4.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-h6q6-9hqw-rwfv
Release Date: 2021-03-12
Fix Resolution: 0.5.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - json-bigint-0.3.1.tgzJSON.parse with bigints support
Library home page: https://registry.npmjs.org/json-bigint/-/json-bigint-0.3.1.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/firebase-tools/node_modules/json-bigint/package.json,wlodzimierz/src/Clients/web-spa/node_modules/google-gax/node_modules/json-bigint/package.json,wlodzimierz/src/Clients/web-spa/node_modules/@google-cloud/pubsub/node_modules/json-bigint/package.json
Dependency Hierarchy:
Found in HEAD commit: 5dce9501516f7b5db5bfd0b2a6f86de7769059fb
Found in base branch: main
Vulnerability Details
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
Publish Date: 2020-09-18
URL: CVE-2020-8237
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://hackerone.com/reports/916430
Release Date: 2020-07-21
Fix Resolution: v1.0.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - path-parse-1.0.6.tgzNode.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/path-parse/package.json
Dependency Hierarchy:
Found in HEAD commit: cbb9d81dd035ff4fa1f4ba5e9444b36ce8434362
Found in base branch: main
Vulnerability Details
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
CVSS 3 Score Details (7.5)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - dns-packet-1.3.1.tgzAn abstract-encoding compliant module for encoding / decoding DNS packets
Library home page: https://registry.npmjs.org/dns-packet/-/dns-packet-1.3.1.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/dns-packet/package.json
Dependency Hierarchy:
Found in HEAD commit: 3f8f52252853be9be57d083cd7004f210eb1e803
Found in base branch: main
Vulnerability Details
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
Publish Date: 2021-05-20
URL: CVE-2021-23386
CVSS 3 Score Details (7.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23386
Release Date: 2021-05-20
Fix Resolution: dns-packet - 5.2.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - newtonsoft.json.11.0.2.nupkgJson.NET is a popular high-performance JSON framework for .NET
Library home page: https://api.nuget.org/packages/newtonsoft.json.11.0.2.nupkg
Path to dependency file: /src/Layers/Infrastructure/Notifications/Infrastructure.Notifications.API/Infrastructure.Notifications.API.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/newtonsoft.json/11.0.2/newtonsoft.json.11.0.2.nupkg
Dependency Hierarchy:
Found in HEAD commit: 21f601ba78a3f5d408b9486a12520b0b20c63520
Found in base branch: main
Vulnerability Details
Improper Handling of Exceptional Conditions in Newtonsoft.Json.
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications.
Publish Date: 2022-06-22
URL: WS-2022-0161
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-06-22
Fix Resolution: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0
Step up your Open Source Security Game with Mend here
Vulnerable Library - lodash-4.17.20.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 822694615e21fabefcdf7f87c0510207e3a3527b
Found in base branch: main
Vulnerability Details
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. Steps to reproduce (provided by reporter Liyuan Chen): var lo = require('lodash'); function build_blank (n) { var ret = "1" for (var i = 0; i < n; i++) { ret += " " } return ret + "1"; } var s = build_blank(50000) var time0 = Date.now(); lo.trim(s) var time_cost0 = Date.now() - time0; console.log("time_cost0: " + time_cost0) var time1 = Date.now(); lo.toNumber(s) var time_cost1 = Date.now() - time1; console.log("time_cost1: " + time_cost1) var time2 = Date.now(); lo.trimEnd(s) var time_cost2 = Date.now() - time2; console.log("time_cost2: " + time_cost2)
Publish Date: 2021-02-15
URL: CVE-2020-28500
CVSS 3 Score Details (5.3)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - system.drawing.common.5.0.0.nupkgProvides access to GDI+ graphics functionality.
Commonly Used Types:
System.Drawing.Bitmap
System.D...
Library home page: https://api.nuget.org/packages/system.drawing.common.5.0.0.nupkg
Path to dependency file: /src/Layers/Application/Storage/Application.Storage.UnitTests/Application.Storage.UnitTests.csproj
Path to vulnerable library: /tmp/ws-ua_20230214040823_TBDBVU/dotnet_JAMQJI/20230214040823/system.drawing.common/5.0.0/system.drawing.common.5.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 21f601ba78a3f5d408b9486a12520b0b20c63520
Found in base branch: main
Vulnerability Details
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.
Publish Date: 2021-02-25
URL: CVE-2021-24112
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-rxg9-xrhp-64gj
Release Date: 2021-02-25
Fix Resolution: System.Drawing.Common - 4.7.2,5.0.3
Step up your Open Source Security Game with Mend here
Vulnerable Library - lodash-4.17.20.tgzLodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: 822694615e21fabefcdf7f87c0510207e3a3527b
Found in base branch: main
Vulnerability Details
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.
Publish Date: 2021-02-15
URL: CVE-2021-23337
CVSS 3 Score Details (7.2)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - nth-check-1.0.2.tgzperformant nth-check parser & compiler
Library home page: https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/nth-check/package.json
Dependency Hierarchy:
Found in HEAD commit: fa210d835bdf0b258238a3d2e49bfb1dc1d664ba
Found in base branch: main
Vulnerability Details
nth-check is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3803
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: fb55/nth-check@v2.0.0...v2.0.1
Release Date: 2021-09-17
Fix Resolution: nth-check - v2.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - is-svg-3.0.0.tgzCheck if a string or buffer is SVG
Library home page: https://registry.npmjs.org/is-svg/-/is-svg-3.0.0.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/is-svg/package.json
Dependency Hierarchy:
Found in HEAD commit: dd1a8125603f8270087b5e959fa71a65f2a0bc62
Found in base branch: main
Vulnerability Details
The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.
Publish Date: 2021-03-12
URL: CVE-2021-28092
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28092
Release Date: 2021-03-12
Fix Resolution: v4.2.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-1.8.1.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js
Path to dependency file: wlodzimierz/src/Clients/web-spa/node_modules/redeyed/examples/browser/index.html
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/redeyed/examples/browser/index.html
Dependency Hierarchy:
Found in HEAD commit: 5dce9501516f7b5db5bfd0b2a6f86de7769059fb
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - glob-parent-3.1.0.tgzStrips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/webpack-dev-server/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 4e25ceedc42be5dd3c6071b5c5e29930bf6a5e24
Found in base branch: main
Vulnerability Details
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - ansi-html-0.0.7.tgzAn elegant lib that converts the chalked (ANSI) text to HTML.
Library home page: https://registry.npmjs.org/ansi-html/-/ansi-html-0.0.7.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/ansi-html/package.json
Dependency Hierarchy:
Found in HEAD commit: 22e977b1f14e844195820eb5994ad6a7c96820f4
Found in base branch: main
Vulnerability Details
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
Publish Date: 2021-08-18
URL: CVE-2021-23424
CVSS 3 Score Details (7.5)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - ssri-6.0.1.tgzStandard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.
Library home page: https://registry.npmjs.org/ssri/-/ssri-6.0.1.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/webpack/node_modules/ssri/package.json
Dependency Hierarchy:
Found in HEAD commit: dd1a8125603f8270087b5e959fa71a65f2a0bc62
Found in base branch: main
Vulnerability Details
ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a denial of service. Malicious SRIs could take an extremely long time to process, leading to denial of service. This issue only affects consumers using the strict option.
Publish Date: 2021-03-12
URL: CVE-2021-27290
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27290
Release Date: 2021-03-12
Fix Resolution: v8.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - postcss-7.0.35.tgzTool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/postcss-custom-media/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-font-variant/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-hex-alpha/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-attribute-case-insensitive/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/css-has-pseudo/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-overflow-shorthand/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-logical/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-nesting/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-replace-overflow-wrap/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-image-set-function/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-custom-selectors/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-preset-env/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-initial/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/css-prefers-color-scheme/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-lab-function/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/resolve-url-loader/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-mod-function/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-page-break/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-selector-not/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-media-minmax/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-focus-within/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-double-position-gradients/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-custom-properties/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-env-function/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/autoprefixer/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-rebeccapurple/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-place/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-gap-properties/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-dir-pseudo-class/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/css-blank-pseudo/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-pseudo-class-any-link/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-functional-notation/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-gray/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-selector-matches/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-focus-visible/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: c6e213090adc3de2db8ae4ee656b5cf9d00e3082
Found in base branch: main
Vulnerability Details
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - marked-0.7.0.tgzA markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.7.0.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 9c85e32f7aeee87ced6b620ffc6ae60dc2e49e2f
Found in base branch: main
Vulnerability Details
marked before 1.1.1 is vulnerable to Regular Expression Denial of Service (REDoS). rules.js have multiple unused capture groups which can lead to a Denial of Service.
Publish Date: 2020-07-02
URL: WS-2020-0163
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/markedjs/marked/releases/tag/v1.1.1
Release Date: 2020-07-02
Fix Resolution: marked - 1.1.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - socket.io-parser-3.3.1.tgzsocket.io protocol parser
Library home page: https://registry.npmjs.org/socket.io-parser/-/socket.io-parser-3.3.1.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/socket.io-client/node_modules/socket.io-parser/package.json
Dependency Hierarchy:
Found in HEAD commit: c35cbb0f1f17799f1abc7b9eae6874cf7ad49243
Found in base branch: main
Vulnerability Details
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
Publish Date: 2021-01-08
URL: CVE-2020-36049
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36049
Release Date: 2021-01-08
Fix Resolution: socket.io-parser - 3.4.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-1.8.1.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.8.1/jquery.min.js
Path to dependency file: wlodzimierz/src/Clients/web-spa/node_modules/redeyed/examples/browser/index.html
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/redeyed/examples/browser/index.html
Dependency Hierarchy:
Found in HEAD commit: 5dce9501516f7b5db5bfd0b2a6f86de7769059fb
Found in base branch: main
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-1.4.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: wlodzimierz/src/Clients/web-spa/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: aaecd075cabf808fffd99b1e3c065ac07da3bb6b
Found in base branch: main
Vulnerability Details
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Publish Date: 2013-03-08
URL: CVE-2011-4969
CVSS 2 Score Details (4.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2011-4969
Release Date: 2013-03-08
Fix Resolution: 1.6.3
Step up your Open Source Security Game with WhiteSource here
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates are currently rate-limited. Click on a checkbox below to force their creation now.
Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore, Microsoft.AspNetCore.Identity.EntityFrameworkCore, Microsoft.EntityFrameworkCore, Microsoft.EntityFrameworkCore.Design, Microsoft.EntityFrameworkCore.InMemory, Microsoft.EntityFrameworkCore.SqlServer, Microsoft.EntityFrameworkCore.Tools, Microsoft.Extensions.Caching.StackExchangeRedis, Microsoft.Extensions.Configuration.Binder, Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore)@angular/animations, @angular/common, @angular/compiler, @angular/compiler-cli, @angular/core, @angular/forms, @angular/language-service, @angular/localize, @angular/platform-browser, @angular/platform-browser-dynamic, @angular/router, zone.js)@angular-devkit/build-angular, @angular/cli)@angular-eslint/eslint-plugin, @angular-eslint/eslint-plugin-template, @angular-eslint/template-parser)@types/jest, jest, ts-jest)@angular/animations, @angular/common, @angular/compiler, @angular/compiler-cli, @angular/core, @angular/forms, @angular/language-service, @angular/localize, @angular/platform-browser, @angular/platform-browser-dynamic, @angular/router)@fortawesome/fontawesome-svg-core, @fortawesome/free-regular-svg-icons, @fortawesome/free-solid-svg-icons)@ngrx/component-store, @ngrx/effects, @ngrx/entity, @ngrx/router-store, @ngrx/schematics, @ngrx/store, @ngrx/store-devtools)These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
@angular-devkit/architect, @angular-devkit/build-angular, @angular/cli)@types/jest, jest)@typescript-eslint/eslint-plugin, @typescript-eslint/parser)@nrwl/cli, @nrwl/cypress, @nrwl/eslint-plugin-nx, @nrwl/jest, @nrwl/tao, @nrwl/workspace)These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.
src/docker-compose.core.yml
mcr.microsoft.com/mssql/server 2019-latestredis 6.2.10src/docker-compose.dev.yml
mcr.microsoft.com/mssql/server 2019-latestredis 6.2.10
src/Layers/Presentation/Presentation.API/Dockerfile
mcr.microsoft.com/dotnet/aspnet 6.0mcr.microsoft.com/dotnet/sdk 6.0src/Layers/Presentation/Presentation.API/Dockerfile.dev
mcr.microsoft.com/dotnet/aspnet 6.0mcr.microsoft.com/dotnet/sdk 6.0
.github/workflows/codeql-analysis.yml
actions/checkout v3github/codeql-action v1github/codeql-action v1github/codeql-action v1.github/workflows/docker-dev-build.yml
actions/checkout v3.github/workflows/сlassic-build.yml
actions/checkout v2actions/setup-dotnet v1
src/Clients/web-spa/package.json
@angular-devkit/architect 0.1501.4@angular/animations 13.3.12@angular/common 13.3.12@angular/compiler 13.3.12@angular/core 13.3.12@angular/fire 7.4.1@angular/forms 13.3.12@angular/localize 13.3.12@angular/platform-browser 13.3.12@angular/platform-browser-dynamic 13.3.12@angular/router 13.3.12@aspnet/signalr 1.1.4@fortawesome/angular-fontawesome 0.11.1@fortawesome/fontawesome-svg-core 1.3.0@fortawesome/free-regular-svg-icons 5.15.4@fortawesome/free-solid-svg-icons 5.15.4@ng-bootstrap/ng-bootstrap 10.0.0@ngrx/component-store 12.5.1@ngrx/effects 12.5.1@ngrx/entity 12.5.1@ngrx/router-store 12.5.1@ngrx/store 12.5.1@ngrx/store-devtools 12.5.1angularx-qrcode ^12.0.0@nrwl/angular 9999.0.0bootstrap 5.2.3es6-promisify 7.0.0firebase 9.13.0JSONStream 1.3.5ngx-cookie-service 13.2.1rxjs 7.4.0sweetalert2 11.6.16tslib 2.1.0zone.js 0.12.0@angular-devkit/architect 0.1501.4@angular-devkit/build-angular 13.3.10@angular-eslint/eslint-plugin 12.7.0@angular-eslint/eslint-plugin-template 12.7.0@angular-eslint/template-parser 12.7.0@angular/cli 13.3.10@angular/compiler-cli 13.3.12@angular/language-service 13.3.12@ngrx/schematics 12.5.1@ngrx/store-devtools 12.5.1@nrwl/cli 11.6.3@nrwl/cypress 11.6.3@nrwl/eslint-plugin-nx 11.6.3@nrwl/jest 11.6.3@nrwl/tao 11.6.3@nrwl/workspace 11.6.3@types/jest 27.0.2@types/node 16.11.64@typescript-eslint/eslint-plugin 5.8.1@typescript-eslint/parser 5.8.1codelyzer 6.0.2cypress 8.7.0dotenv 10.0.0eslint 8.34.0eslint-config-prettier 6.15.0eslint-plugin-cypress 2.11.2firebase-tools 7.16.2fuzzy 0.1.3inquirer 8.2.5inquirer-autocomplete-prompt 1.4.0jest 27.0.5jest-preset-angular 10.1.0open 8.0.5prettier 2.7.1ts-jest 27.1.5ts-node 10.9.1tslint 6.1.3typescript ^4.1.5
src/Layers/Application/Filtration/Application.Filtration.API/Application.Filtration.API.csproj
src/Layers/Application/Infrastructure/Caching/Application.Infrastructure.Caching.API/Application.Infrastructure.Caching.API.csproj
src/Layers/Application/Infrastructure/Identity/Application.Infrastructure.Identity.API/Application.Infrastructure.Identity.API.csproj
Microsoft.AspNetCore.Identity.EntityFrameworkCore 7.0.2MediatR 11.1.0src/Layers/Application/Infrastructure/Notifications/Application.Infrastructure.Notifications.API/Application.Infrastructure.Notifications.API.csproj
Microsoft.Extensions.Logging.Abstractions 7.0.0MediatR 11.1.0src/Layers/Application/Infrastructure/Persistence/Application.Infrastructure.Persistence.API/Application.Infrastructure.Persistence.API.csproj
Microsoft.EntityFrameworkCore 7.0.2src/Layers/Application/Paging/Application.Paging.API/Application.Paging.API.csproj
Microsoft.Extensions.Configuration.Abstractions 7.0.0Microsoft.EntityFrameworkCore 7.0.2AutoMapper 12.0.1src/Layers/Application/Storage/Application.Storage.API/Application.Storage.API.csproj
Microsoft.Extensions.Caching.StackExchangeRedis 7.0.2Microsoft.EntityFrameworkCore 7.0.2Microsoft.AspNetCore.Identity.EntityFrameworkCore 7.0.2MediatR.Extensions.Microsoft.DependencyInjection 11.0.0MediatR 11.1.0LinqKit 1.2.3FluentValidation.DependencyInjectionExtensions 11.4.0FluentValidation 11.5.0AutoMapper.Extensions.Microsoft.DependencyInjection 12.0.0src/Layers/Application/Storage/Application.Storage.UnitTests/Application.Storage.UnitTests.csproj
Microsoft.NET.Test.Sdk 17.4.1NUnit3TestAdapter 4.3.1NUnit 3.13.3Moq 4.18.4FluentAssertions 6.9.0AutoMapper 12.0.1src/Layers/Application/Validation/Application.Validation.API/Application.Validation.API.csproj
Microsoft.Extensions.DependencyInjection.Abstractions 7.0.0MediatR 11.1.0FluentValidation 11.5.0AutoMapper 12.0.1src/Layers/Domain/Domain.API/Domain.API.csproj
src/Layers/Infrastructure/Caching/Infrastructure.Caching.API/Infrastructure.Caching.API.csproj
Newtonsoft.Json 13.0.2src/Layers/Infrastructure/EntityFramework/Infrastructure.EntityFramework.API/Infrastructure.EntityFramework.API.csproj
Microsoft.Extensions.Configuration.Json 7.0.0Microsoft.Extensions.Configuration.FileExtensions 7.0.0Microsoft.EntityFrameworkCore.Tools 7.0.2Microsoft.EntityFrameworkCore.SqlServer 7.0.2Microsoft.EntityFrameworkCore 7.0.2src/Layers/Infrastructure/Identity/Infrastructure.Identity.API/Infrastructure.Identity.API.csproj
Microsoft.EntityFrameworkCore.SqlServer 7.0.2Microsoft.EntityFrameworkCore.InMemory 7.0.2Microsoft.EntityFrameworkCore.Design 7.0.2Microsoft.EntityFrameworkCore 7.0.2Microsoft.AspNetCore.Authentication.JwtBearer 7.0.2AutoMapper 12.0.1src/Layers/Infrastructure/Notifications/Infrastructure.Notifications.API/Infrastructure.Notifications.API.csproj
Microsoft.Extensions.DependencyInjection.Abstractions 7.0.0Microsoft.AspNetCore.SignalR.Core 1.1.0MediatR.Extensions.Microsoft.DependencyInjection 11.0.0src/Layers/Infrastructure/Persistence/Infrastructure.Persistence.API/Infrastructure.Persistence.API.csproj
Microsoft.Extensions.DependencyInjection.Abstractions 7.0.0Microsoft.Extensions.Configuration.Binder 7.0.2Microsoft.EntityFrameworkCore.SqlServer 7.0.2Microsoft.EntityFrameworkCore.InMemory 7.0.2src/Layers/Presentation/Presentation.API/Presentation.API.csproj
Serilog.Sinks.Seq 5.2.2Serilog.Sinks.MSSqlServer 6.2.0Serilog.Sinks.File 5.0.0Serilog.Sinks.Console 4.1.0Serilog.Enrichers.Thread 3.1.0Serilog.Enrichers.Process 2.0.2Serilog.Enrichers.Environment 2.2.0Serilog.AspNetCore 6.1.0NSwag.AspNetCore 13.18.2Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore 7.0.2Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore 7.0.2MediatR 11.1.0FluentValidation.AspNetCore 11.2.2
Vulnerable Library - axios-0.21.1.tgzPromise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.21.1.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/axios/package.json
Dependency Hierarchy:
Found in HEAD commit: 47feaf6c64cd0883a653a67f7053023bb4d8ac07
Found in base branch: main
Vulnerability Details
axios is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-08-31
URL: CVE-2021-3749
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/axios/axios/releases/tag/v0.21.2
Release Date: 2021-08-31
Fix Resolution: axios - 0.21.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - node-forge-0.9.2.tgzJavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.2.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/@google-cloud/pubsub/node_modules/node-forge/package.json,wlodzimierz/src/Clients/web-spa/node_modules/google-gax/node_modules/node-forge/package.json,wlodzimierz/src/Clients/web-spa/node_modules/firebase-tools/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in HEAD commit: 9c85e32f7aeee87ced6b620ffc6ae60dc2e49e2f
Found in base branch: main
Vulnerability Details
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Publish Date: 2020-09-01
URL: CVE-2020-7720
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
Release Date: 2020-09-13
Fix Resolution: node-forge - 0.10.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - system.text.regularexpressions.4.1.0.nupkgProvides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...
Library home page: https://api.nuget.org/packages/system.text.regularexpressions.4.1.0.nupkg
Path to dependency file: /src/Layers/Application/Storage/Application.Storage.UnitTests/Application.Storage.UnitTests.csproj
Path to vulnerable library: /tmp/ws-ua_20221109021528_DCJENC/dotnet_QMIIOF/20221109021528/system.text.regularexpressions/4.1.0/system.text.regularexpressions.4.1.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 21f601ba78a3f5d408b9486a12520b0b20c63520
Found in base branch: main
Vulnerability Details
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Mend Note: After conducting further research, Mend has determined that CVE-2019-0820 only affects environments with versions 4.3.0 and 4.3.1 only on netcore50 environment of system.text.regularexpressions.nupkg.
Publish Date: 2019-05-16
URL: CVE-2019-0820
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-cmhx-cq75-c4mj
Release Date: 2019-05-16
Fix Resolution: System.Text.RegularExpressions - 4.3.1
Step up your Open Source Security Game with Mend here
Vulnerable Library - json-schema-0.2.3.tgzJSON Schema validation and specifications
Library home page: https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/json-schema/package.json
Dependency Hierarchy:
Found in HEAD commit: 2c268445b99ea5f23c2b8ec47bb21befe842ffd0
Found in base branch: main
Vulnerability Details
json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Publish Date: 2021-11-13
URL: CVE-2021-3918
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2021-3918
Release Date: 2021-11-13
Fix Resolution: json-schema - 0.4.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - marked-0.7.0.tgzA markdown parser built for speed
Library home page: https://registry.npmjs.org/marked/-/marked-0.7.0.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/marked/package.json
Dependency Hierarchy:
Found in HEAD commit: 5dce9501516f7b5db5bfd0b2a6f86de7769059fb
Found in base branch: main
Vulnerability Details
marked before 1.1.1 is vulnerable to Regular Expression Denial of Service (REDoS). rules.js have multiple unused capture groups which can lead to a Denial of Service.
Publish Date: 2020-07-02
URL: WS-2020-0163
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/markedjs/marked/releases/tag/v1.1.1
Release Date: 2020-07-02
Fix Resolution: marked - 1.1.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - ua-parser-js-0.7.21.tgzLightweight JavaScript-based user-agent string parser
Library home page: https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.21.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/ua-parser-js/package.json
Dependency Hierarchy:
Found in HEAD commit: aaecd075cabf808fffd99b1e3c065ac07da3bb6b
Found in base branch: main
Vulnerability Details
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
Publish Date: 2020-12-11
URL: CVE-2020-7793
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: faisalman/ua-parser-js@6d1f26d
Release Date: 2020-12-11
Fix Resolution: 0.7.23
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-1.4.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: wlodzimierz/src/Clients/web-spa/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: aaecd075cabf808fffd99b1e3c065ac07da3bb6b
Found in base branch: main
Vulnerability Details
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Publish Date: 2020-05-19
URL: CVE-2020-7656
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: rails/jquery-rails@8f601cb
Release Date: 2020-05-19
Fix Resolution: jquery-rails - 2.2.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - node-forge-0.9.2.tgzJavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.
Library home page: https://registry.npmjs.org/node-forge/-/node-forge-0.9.2.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/@google-cloud/pubsub/node_modules/node-forge/package.json,wlodzimierz/src/Clients/web-spa/node_modules/google-gax/node_modules/node-forge/package.json,wlodzimierz/src/Clients/web-spa/node_modules/firebase-tools/node_modules/node-forge/package.json
Dependency Hierarchy:
Found in HEAD commit: 5dce9501516f7b5db5bfd0b2a6f86de7769059fb
Found in base branch: main
Vulnerability Details
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
Publish Date: 2020-09-01
URL: CVE-2020-7720
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
Release Date: 2020-09-13
Fix Resolution: node-forge - 0.10.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - xmldom-0.6.0.tgzA pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.
Library home page: https://registry.npmjs.org/xmldom/-/xmldom-0.6.0.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/xmldom/package.json
Dependency Hierarchy:
Found in HEAD commit: 53d4dacb505cb801aae7fa1de09d88e1df5aa8f6
Found in base branch: main
Vulnerability Details
xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.
Publish Date: 2021-07-27
URL: CVE-2021-32796
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-5fg8-2547-mr8q
Release Date: 2021-07-27
Fix Resolution: xmldom - 0.7.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - glob-parent-3.1.0.tgzStrips glob magic from a string to provide the parent directory path
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-3.1.0.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/webpack-dev-server/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 2441ac730b29324bcb9bf3c62a470e962ace36fc
Found in base branch: main
Vulnerability Details
Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.
Publish Date: 2021-01-27
URL: WS-2021-0154
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
Release Date: 2021-01-27
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Libraries - grpc-js-0.6.18.tgz, grpc-js-1.0.5.tgz
gRPC Library for Node - pure JS implementation
Library home page: https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-0.6.18.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/google-gax/node_modules/@grpc/grpc-js/package.json
Dependency Hierarchy:
gRPC Library for Node - pure JS implementation
Library home page: https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.0.5.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/@google-cloud/pubsub/node_modules/@grpc/grpc-js/package.json
Dependency Hierarchy:
Found in HEAD commit: 5dce9501516f7b5db5bfd0b2a6f86de7769059fb
Found in base branch: main
Vulnerability Details
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
Publish Date: 2020-11-11
URL: CVE-2020-7768
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7768
Release Date: 2020-07-21
Fix Resolution: grpc 1.24.4, grpc-js 1.1.8
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - css-what-2.1.3.tgza CSS selector parser
Library home page: https://registry.npmjs.org/css-what/-/css-what-2.1.3.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/css-what/package.json
Dependency Hierarchy:
Found in HEAD commit: 7038c0baf7b2517b6f75dcd321206eae5f878d7b
Found in base branch: main
Vulnerability Details
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.
Publish Date: 2021-05-28
URL: CVE-2021-33587
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33587
Release Date: 2021-05-28
Fix Resolution: css-what - 5.0.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - postcss-7.0.35.tgzTool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/postcss-custom-media/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-font-variant/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-hex-alpha/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-attribute-case-insensitive/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/css-has-pseudo/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-overflow-shorthand/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-logical/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-nesting/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-replace-overflow-wrap/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-image-set-function/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-custom-selectors/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-preset-env/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-initial/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/css-prefers-color-scheme/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-lab-function/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/resolve-url-loader/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-mod-function/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-page-break/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-selector-not/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-media-minmax/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-focus-within/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-double-position-gradients/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-custom-properties/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-env-function/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/autoprefixer/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-rebeccapurple/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-place/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-gap-properties/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-dir-pseudo-class/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/css-blank-pseudo/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-pseudo-class-any-link/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-functional-notation/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-color-gray/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-selector-matches/node_modules/postcss/package.json,wlodzimierz/src/Clients/web-spa/node_modules/postcss-focus-visible/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: c6e213090adc3de2db8ae4ee656b5cf9d00e3082
Found in base branch: main
Vulnerability Details
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution: postcss -8.2.10
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-1.4.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: wlodzimierz/src/Clients/web-spa/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: aaecd075cabf808fffd99b1e3c065ac07da3bb6b
Found in base branch: main
Vulnerability Details
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.
Publish Date: 2018-01-18
URL: CVE-2012-6708
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-6708
Release Date: 2018-01-18
Fix Resolution: jQuery - v1.9.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - jquery-1.4.4.min.jsJavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.4.4/jquery.min.js
Path to dependency file: wlodzimierz/src/Clients/web-spa/node_modules/selenium-webdriver/lib/test/data/droppableItems.html
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/selenium-webdriver/lib/test/data/js/jquery-1.4.4.min.js
Dependency Hierarchy:
Found in HEAD commit: aaecd075cabf808fffd99b1e3c065ac07da3bb6b
Found in base branch: main
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - elliptic-6.5.3.tgzEC cryptography
Library home page: https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/elliptic/package.json
Dependency Hierarchy:
Found in HEAD commit: f5ab093a2b1d85a54961eb4e9aa06d1ce7e25134
Found in base branch: main
Vulnerability Details
All versions of package elliptic are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.
Publish Date: 2021-02-02
URL: CVE-2020-28498
CVSS 3 Score Details (6.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28498
Release Date: 2021-02-02
Fix Resolution: v6.5.4
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - core-9.0.0.tgzAngular - the core framework
Library home page: https://registry.npmjs.org/@angular/core/-/core-9.0.0.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/codelyzer/node_modules/@angular/core/package.json
Dependency Hierarchy:
Found in HEAD commit: dd1a8125603f8270087b5e959fa71a65f2a0bc62
Found in base branch: main
Vulnerability Details
Cross-Site Scripting (XSS) vulnerability was found in @angular/core before 11.1.1. HTML doesn't specify any way to escape comment end text inside the comment.
Publish Date: 2021-01-26
URL: WS-2021-0039
CVSS 3 Score Details (3.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/angular/angular/releases/tag/11.1.1
Release Date: 2021-01-26
Fix Resolution: @angular/core - 11.1.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - Chart-2.8.0.min.jsSimple HTML5 charts using the canvas element.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.8.0/Chart.min.js
Path to dependency file: wlodzimierz/src/Clients/web-spa/node_modules/hdr-histogram-js/benchmark/results/decoding.chart.html
Path to vulnerable library: /src/Clients/web-spa/node_modules/hdr-histogram-js/benchmark/results/decoding.chart.html
Dependency Hierarchy:
Found in HEAD commit: cc025af914fa75249ee9950173a4385a5820bf51
Found in base branch: main
Vulnerability Details
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
Publish Date: 2020-10-29
URL: CVE-2020-7746
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7746
Release Date: 2020-10-29
Fix Resolution: chart.js - 2.9.4
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - system.data.sqlclient.4.7.0.nupkgProvides the data provider for SQL Server. These classes provide access to versions of SQL Server an...
Library home page: https://api.nuget.org/packages/system.data.sqlclient.4.7.0.nupkg
Path to dependency file: /src/Layers/Application/Storage/Application.Storage.UnitTests/Application.Storage.UnitTests.csproj
Path to vulnerable library: /tmp/ws-ua_20230214040823_TBDBVU/dotnet_JAMQJI/20230214040823/system.data.sqlclient/4.7.0/system.data.sqlclient.4.7.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: 21f601ba78a3f5d408b9486a12520b0b20c63520
Found in base branch: main
Vulnerability Details
.NET Framework Information Disclosure Vulnerability.
Publish Date: 2022-11-09
URL: CVE-2022-41064
CVSS 3 Score Details (5.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8g2p-5pqh-5jmc
Release Date: 2022-11-09
Fix Resolution: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5
Step up your Open Source Security Game with Mend here
Vulnerable Library - hosted-git-info-2.8.8.tgzProvides metadata and conversions from repository urls for Github, Bitbucket and Gitlab
Library home page: https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/hosted-git-info/package.json
Dependency Hierarchy:
Found in HEAD commit: 2523e13773e4891b5a0f7222344b5ee39a762a47
Found in base branch: main
Vulnerability Details
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via shortcutMatch in fromUrl().
Publish Date: 2021-03-23
URL: CVE-2021-23362
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/npm/hosted-git-info/releases/tag/v3.0.8
Release Date: 2021-03-23
Fix Resolution: hosted-git-info - 3.0.8
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - axios-0.18.1.tgzPromise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.18.1.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/google-auto-auth/node_modules/axios/package.json
Dependency Hierarchy:
Found in HEAD commit: c77cb7cb2648c529fe2b8a3a60c3f99109f55cf8
Found in base branch: main
Vulnerability Details
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Publish Date: 2020-11-06
URL: CVE-2020-28168
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: axios/axios@c7329fe
Release Date: 2020-11-06
Fix Resolution: axios - 0.21.1
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - ua-parser-js-0.7.21.tgzLightweight JavaScript-based user-agent string parser
Library home page: https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.21.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/ua-parser-js/package.json
Dependency Hierarchy:
Found in HEAD commit: aaecd075cabf808fffd99b1e3c065ac07da3bb6b
Found in base branch: main
Vulnerability Details
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
Publish Date: 2020-09-16
URL: CVE-2020-7733
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7733
Release Date: 2020-07-21
Fix Resolution: 0.7.22
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - engine.io-3.4.2.tgzThe realtime engine behind Socket.IO. Provides the foundation of a bidirectional connection between client and server
Library home page: https://registry.npmjs.org/engine.io/-/engine.io-3.4.2.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/engine.io/package.json
Dependency Hierarchy:
Found in HEAD commit: c35cbb0f1f17799f1abc7b9eae6874cf7ad49243
Found in base branch: main
Vulnerability Details
Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
Publish Date: 2021-01-08
URL: CVE-2020-36048
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36048
Release Date: 2021-01-08
Fix Resolution: engine.io - 4.0.0
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - browserslist-4.16.3.tgzShare target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.16.3.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/browserslist/package.json
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - ws-6.2.1.tgzSimple to use, blazing fast and thoroughly tested websocket client and server for Node.js
Library home page: https://registry.npmjs.org/ws/-/ws-6.2.1.tgz
Path to dependency file: wlodzimierz/src/Clients/web-spa/package.json
Path to vulnerable library: wlodzimierz/src/Clients/web-spa/node_modules/ws/package.json
Dependency Hierarchy:
Found in HEAD commit: 26e6facc948f7ec5f7bc07c920bcf8efe9b9e939
Found in base branch: main
Vulnerability Details
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected] (websockets/ws@00c425e). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options.
Publish Date: 2021-05-25
URL: CVE-2021-32640
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-6fc8-4gx4-v693
Release Date: 2021-05-25
Fix Resolution: ws - 7.4.6
Step up your Open Source Security Game with WhiteSource here
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.