Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

Node.js Google Summer of Code

This collective is intended to support the Node.js project's participation in Google's Summer Of Code program.
Collective - Host: opensource - https://opencollective.com/nodejs-google-summer-of-code - Code: https://github.com/nodejs

Low
undici: GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()
Ecosystems: npm
Packages: undici
Source: github
Published: 7 months ago
Low
undici: GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Ecosystems: npm
Packages: undici
Source: github
Published: 10 months ago
Low
undici: GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Ecosystems: npm
Packages: undici
Source: github
Published: 10 months ago
Low
undici: GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Ecosystems: npm
Packages: undici
Source: github
Published: 11 months ago
Moderate
undici: GSA_kwCzR0hTQS05ZjI0LWpxaG0tamZjd84AA5Vf
fetch(url) leads to a memory leak in undici
Ecosystems: npm
Packages: undici
Source: github
Published: 11 months ago
Low
undici: GSA_kwCzR0hTQS13cXE0LTV3cHYtbXgyZ84AA2eY
Undici's cookie header not cleared on cross-origin redirect in fetch
Ecosystems: npm
Packages: undici
Source: github
Published: over 1 year ago
High
llhttp: GSA_kwCzR0hTQS1jZ2doLXBxNDUtNmg5eM4AA0Ks
llhttp vulnerable to HTTP request smuggling
Ecosystems: npm
Packages: llhttp
Source: github
Published: over 1 year ago
Moderate
undici: GSA_kwCzR0hTQS01cjlnLXFoNm0tanhmZs4AAxq9
CRLF Injection in Nodejs ‘undici’ via host
Ecosystems: npm
Packages: undici
Source: github
Published: almost 2 years ago
High
undici: GSA_kwCzR0hTQS1yNmNoLW1xZjktcWM5d84AAxq-
Regular Expression Denial of Service in Headers
Ecosystems: npm
Packages: undici
Source: github
Published: almost 2 years ago
Moderate
undici: GSA_kwCzR0hTQS1mNzcyLTY2ZzgtcTVoM84AAuFo
Nodejs ‘undici’ vulnerable to CRLF Injection via Content-Type
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
Moderate
undici: GSA_kwCzR0hTQS04cXI0LXhndzYtd21yM84AAuFj
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
Low
undici: GSA_kwCzR0hTQS1xNzY4LXg5bTYtbTlxcM4AAtkI
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
Moderate
undici: GSA_kwCzR0hTQS0zY3ZyLTgyMnItcnFjY84AAtkH
undici before v5.8.0 vulnerable to CRLF injection in request headers
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
Critical
llhttp: GSA_kwCzR0hTQS01Njg5LXY4OGctZzZyds4AAtZL
llhttp allows HTTP Request Smuggling via Flawed Parsing of Transfer-Encoding
Ecosystems: npm
Packages: llhttp
Source: github
Published: over 2 years ago
Critical
llhttp: GSA_kwCzR0hTQS1xNXZ4LTQ0djQtZ2NoNM4AAtZv
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
Ecosystems: npm
Packages: llhttp
Source: github
Published: over 2 years ago
High
undici: GSA_kwCzR0hTQS1wZ3c3LXd4N3ctMnczM84AArtC
ProxyAgent vulnerable to MITM
Ecosystems: npm
Packages: undici
Source: github
Published: over 2 years ago
High
node: GSA_kwCzR0hTQS13cTRjLXdtNngtanc0NM3vDg
Withdrawn Advisory: Node.js Inspector RCE via DNS Rebinding
Ecosystems: npm
Packages: node-inspector
Source: github
Published: over 2 years ago
High
node: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2NjMtYzk2My0yZ3Fn
DoS due to excessively large websocket message in ws
Ecosystems: npm
Packages: ws
Source: github
Published: almost 6 years ago