Vulnerability Directory

If you’re currently using these frameworks in your application’s tech stack, your application could be vulnerable.

Secure drop-in replacements for open source software from HeroDevs helps you stay secure, compliant, and compatible while you migrate.

Switch to Never-Ending Support from HeroDevs to immediately mitigate these vulnerabilities.
Arrow down
Search here
Clear
Filter by Severity
Clear
Filter by Technology
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
High
Spring
Spring Framework
Path Traversal
>= 6.1.0, < 6.1.14 >= 6.0.0, < 6.0.25 < 5.3.41
Oct 30, 2024
Medium
Express
Express
Resource Injection
<=3.21.4
Oct 29, 2024
Critical
Spring
Spring
Authorization Bypass
>= 6.3.0, < 6.3.4 >= 6.2.0, < 6.2.7 >= 6.1.0, < 6.1.11 >= 6.0.0, < 6.0.13 >= 5.8.0, < 5.8.15 >= 5.7.0, <= < 5.7.13
Oct 25, 2024
Low
Spring
Spring Framework
Remote Code Execution
>= 6.1.0, < 6.1.14 >= 6.0.0, < 6.0.25 < 5.3.41
Oct 23, 2024
Medium
Express
Express
Resource Injection
>=3.0.0-alpha1 <=3.21.2, >=4.0.0-rc1 <4.21.1, >=5.0.0-alpha.1 <5.0.1
Oct 17, 2024
High
Node.js
Node.js
HTTP Request Smuggling
4.21.3 LTS
Oct 16, 2024
Medium
Node.js
Node.js
Denial of Service
14.21.3 LTS 16.20.2 LTS
Oct 15, 2024
Low
Node.js
Node.js
Information Exposure
16.20.2 LTS
Oct 15, 2024
Low
Vue 2
Vue
ReDoS Vulnerability
>=2.0.0 <3.0.0
Oct 14, 2024
High
Vue 2, Nuxt 2
Command Injection
Vue 2.6, Vue 2.7, and Nuxt 2
Oct 8, 2024
Medium
Express
Express
URL Redirect/Open Redirect
>=3.4.5 <4.0.0
Oct 3, 2024
High
Spring
Spring Framework
Path Traversal
>=5.3.0, <=5.3.39 >=6.0.0, <=6.0.23 >=6.1.0, <=6.1.12
Sep 12, 2024
Medium
Express
Express
Cross-Site Scripting
>=3.0.0-alpha1, <=3.21.2, >=4.0.0-rc1, <4.20.0, >=5.0.0-alpha.1 <5.0.0
Sep 10, 2024
Medium
AngularJS
AngularJS
Content Spoofing
>=1.3.0-rc.4
Sep 9, 2024
Medium
AngularJS
AngularJS
Content Spoofing
>=1.3.0-rc.4
Sep 9, 2024
Medium
Spring
Spring Boot
Signature Forgery
>=2.7.0, <=2.7.21 >=3.0.0, <=3.0.16 >=3.1.0, <=3.1.12 >=3.2.0, <=3.2.8 >=3.3.0, <=3.3.2
Aug 23, 2024
Medium
Vue 2
Vue
Cross-Site Scripting
>=2.0.0 <3.0.0
Jul 23, 2024
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=4.0.0 <=4.6.2
Jul 11, 2024
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=2.0.0 <=3.4.1
Jul 11, 2024
Medium
Bootstrap
Bootstrap
Cross-Site Scripting
>=1.4.0 <=3.4.1
Jul 11, 2024
Medium
AngularJS
Angular Translate
Cross-Site Scripting
>=2.19.1
Apr 25, 2024
High
AngularJS
AngularJS
ReDoS Vulnerability
>=1.3.0
Feb 10, 2024
Medium
AngularJS
AngularJS
ReDoS Vulnerability
>=1.2.21
Mar 30, 2023
Medium
AngularJS
AngularJS
ReDoS Vulnerability
>=1.0.0
Mar 30, 2023
Medium
AngularJS
AngularJS
ReDoS Vulnerability
>=1.4.9
Mar 30, 2023
Medium
AngularJS
AngularJS
Cross-Site Scripting
<=1.8.3
Jul 15, 2022
Medium
Angular
Angular
Cross-Site Scripting
<=11.1.0
May 26, 2022
Medium
AngularJS
AngularJS
Cross-Site Scripting
>=1.8
May 1, 2022
Medium
AngularJS
Angular JS
Cross-Site Scripting
<1.8.0
Jun 8, 2020
Medium
jQuery
jQuery
Cross-Site Scripting
<1.9.0
May 19, 2020
Medium
jQuery
jQuery
Cross-Site Scripting
>=1.2.0 <3.5.0
Apr 29, 2020
Medium
jQuery
jQuery
Cross-Site Scripting
>=1.0.3 <3.5.0
Apr 29, 2020
Critical
AngularJS
AngularJS
Cross-Site Scripting
<1.7.9
Nov 19, 2019
Medium
jQuery
jQuery
Cross-Site Scripting
>=1.1.4 <3.4.0
Apr 19, 2019
Medium
jQuery
jQuery
Cross-Site Scripting
<1.12.2 >=1.12.3 <3.0.0
Jan 18, 2018
Exclamation icon
No results found

Please enter a valid Vulnerability ID number or Technology name.

Paper plane icon

Sign up for alerts

Get alerted whenever a new vulnerability is fixed in the open source software we support.

Thanks for signing up for our Newsletter! We look forward to connecting with you.
Please enter a company email.