CVE-2021-23385
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user...
CVE-2020-28434
This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. Read More
CVE-2020-28437
This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. Read More
CVE-2020-28453
This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. Read More
CVE-2020-7795
The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js. Read More