shop.grindmodecypher.com
This is the repository for shop.grindmodecypher.com. A website I have built, and maintain for the music group I am in called Grind Mode Cypher.
This is the repository for shop.grindmodecypher.com. A website I have built, and maintain for the music group I am in called Grind Mode Cypher.
Home Page: https://shop.grindmodecypher.com
License: GNU General Public License v3.0
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-6.0.23.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/rtlcss/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-css-variables/node_modules/postcss/package.json
Dependency Hierarchy:
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: f76eb45f05fc57f4d5bec69ba3676f8e8599072d
Found in base branch: master
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Regular expression for matching ANSI escape codes
Library home page: https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.0.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/stylelint/node_modules/ansi-regex/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-cli/node_modules/ansi-regex/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/table/node_modules/ansi-regex/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/eslint/node_modules/ansi-regex/package.json
Dependency Hierarchy:
Found in HEAD commit: 791ab6f4f26321203d0ec54e7ab2a311ee8a55de
Found in base branch: master
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3807
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994/
Release Date: 2021-09-17
Fix Resolution: ansi-regex - 5.0.1,6.0.1
Step up your Open Source Security Game with WhiteSource here
PHP Secure Communications Library
Dependency Hierarchy:
Found in HEAD commit: f76eb45f05fc57f4d5bec69ba3676f8e8599072d
Found in base branch: master
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
Publish Date: 2021-04-06
URL: CVE-2021-30130
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130
Release Date: 2021-04-06
Fix Resolution: 2.0.31, 3.0.7
Step up your Open Source Security Game with WhiteSource here
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/4.6.5/tinymce.min.js
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Dependency Hierarchy:
Found in HEAD commit: 71aa041ac41d7e5c1657a2d660e0f48c6fc21e2f
Found in base branch: master
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
Publish Date: 2020-08-14
URL: CVE-2020-12648
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12648
Release Date: 2020-07-21
Fix Resolution: 4.9.11,5.4.1
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to vulnerable library: /wp-content/plugins/official-facebook-pixel/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution: jquery - 3.4.0
Step up your Open Source Security Game with Mend here
Node.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/path-parse/package.json
Dependency Hierarchy:
Found in HEAD commit: c72f51dc0842d9bbf6ebb749b3217b005da6b45c
Found in base branch: master
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
Base Score Metrics:
Type: Upgrade version
Origin: jbgutierrez/path-parse#8
Release Date: 2021-05-04
Fix Resolution: path-parse - 1.0.7
Step up your Open Source Security Game with WhiteSource here
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to vulnerable library: /wp-content/plugins/official-facebook-pixel/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
Publish Date: 2019-01-09
URL: CVE-2018-20676
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20676
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0
Step up your Open Source Security Game with Mend here
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware.
Publish Date: 2022-05-25
URL: CVE-2022-29248
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29248
Release Date: 2022-05-25
Fix Resolution: guzzlehttp/guzzle - 6.5.6,guzzlehttp/guzzle - 7.4.3
Step up your Open Source Security Game with Mend here
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
Guzzle, an extensible PHP HTTP client. Authorization
and Cookie
headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization
and Cookie
headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together.
Publish Date: 2022-06-27
URL: CVE-2022-31091
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31091
Release Date: 2022-06-27
Fix Resolution: 6.5.8,7.4.5
Step up your Open Source Security Game with Mend here
Node.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/path-parse/package.json
Dependency Hierarchy:
Found in HEAD commit: f76eb45f05fc57f4d5bec69ba3676f8e8599072d
Found in base branch: master
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to vulnerable library: /wp-content/plugins/official-facebook-pixel/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
Publish Date: 2019-01-09
URL: CVE-2018-20677
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20677
Release Date: 2019-01-09
Fix Resolution: Bootstrap - v3.4.0;NorDroN.AngularTemplate - 0.1.6;Dynamic.NET.Express.ProjectTemplates - 0.8.0;dotnetng.template - 1.0.0.4;ZNxtApp.Core.Module.Theme - 1.0.9-Beta;JMeter - 5.0.0
Step up your Open Source Security Game with Mend here
Simple HTML5 charts using the canvas element.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/Chart.js/1.0.2/Chart.min.js
Path to vulnerable library: /wp-content/themes/Divi/includes/builder/scripts/ext/chart.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.
Publish Date: 2020-10-29
URL: CVE-2020-7746
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7746
Release Date: 2020-10-29
Fix Resolution: chart.js - 2.9.4
Step up your Open Source Security Game with Mend here
In-browser code editing made bearable
Library home page: https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.18.0/mode/javascript/javascript.js
Path to dependency file: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/javascript/typescript.html
Path to vulnerable library: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pug/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pegjs/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/htmlembedded/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/soy/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haml/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/gfm/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ebnf/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/htmlmixed/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vue/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/jsx/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/php/../javascript/javascript.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/slim/../javascript/javascript.js
Dependency Hierarchy:
In-browser code editing made bearable
Library home page: https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.18.2/codemirror.js
Path to dependency file: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/yacas/index.html
Path to vulnerable library: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/yacas/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pug/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/velocity/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/textile/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haxe/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/protobuf/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/idl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/nginx/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/solr/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/q/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/powershell/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/yaml-frontmatter/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/soy/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sas/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/d/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/javascript/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/slim/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/dylan/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/handlebars/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sass/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/toml/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/cypher/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/elm/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/julia/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mllike/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/tcl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/oz/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/modelica/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/rust/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mscgen/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mathematica/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/rst/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/livescript/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haml/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sieve/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ebnf/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/xquery/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/commonlisp/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/twig/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/smarty/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/cobol/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vb/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/smalltalk/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/lua/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/dart/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vue/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ntriples/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pascal/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/scheme/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pegjs/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/stex/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/asn.1/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/tiddlywiki/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ruby/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haskell-literate/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/htmlmixed/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/nsis/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sql/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/pig/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/perl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/haskell/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/erlang/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/brainfuck/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/diff/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/jinja2/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/asciiarmor/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/xml/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/django/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mirc/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/rpm/changes/../../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/htmlembedded/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ecl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clojure/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ttcn-cfg/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vhdl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/gfm/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/http/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/crystal/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/properties/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/coffeescript/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/markdown/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/css/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/shell/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/factor/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/apl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/z80/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/spreadsheet/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/fcl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/python/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/dtd/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/dockerfile/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/stylus/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/go/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/eiffel/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/verilog/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/troff/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/webidl/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/turtle/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/tornado/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/swift/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/forth/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/ttcn/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/rpm/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/yaml/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/fortran/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/octave/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/tiki/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/gas/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mumps/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/vbscript/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/sparql/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/php/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/asterisk/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/puppet/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/jsx/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/r/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/groovy/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/mbox/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/gherkin/../../lib/codemirror.js,shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/cmake/../../lib/codemirror.js
Dependency Hierarchy:
Found in HEAD commit: 71aa041ac41d7e5c1657a2d660e0f48c6fc21e2f
Found in base branch: master
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)
Publish Date: 2020-10-30
URL: CVE-2020-7760
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
Release Date: 2020-07-21
Fix Resolution: codemirror - 5.58.2
Step up your Open Source Security Game with WhiteSource here
A Parser for CSS Files written in PHP. Allows extraction of CSS files into a data structure, manipulation of said structure and output as (optimized) CSS
Dependency Hierarchy:
Found in HEAD commit: f0bccabe236973e3c6d0f68063dabd3ea99e1449
Found in base branch: master
Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors() or getSelectorsBySpecificity() is called with input from an attacker.
Publish Date: 2020-06-03
URL: CVE-2020-13756
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13756
Release Date: 2020-06-03
Fix Resolution: 8.3.1
Step up your Open Source Security Game with WhiteSource here
A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.
Library home page: https://api.github.com/repos/firebase/php-jwt/zipball/9984a4d3a32ae7673d6971ea00bae9d0a1abba0e
Dependency Hierarchy:
Found in HEAD commit: b5d1663104befcba587f62224d1b86d2e9c8e2dd
Found in base branch: master
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in OC.Notification.show
.
Publish Date: 2021-03-03
URL: CVE-2021-22878
Base Score Metrics:
Type: Upgrade version
Origin: https://nextcloud.com/security/advisory/?id=NC-SA-2021-005
Release Date: 2021-03-03
Fix Resolution: v20.0.6
Step up your Open Source Security Game with WhiteSource here
Client-side form validation made easy
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.13.1/jquery.validate.min.js
Path to vulnerable library: /wp-content/plugins/post-smtp/script/jquery-validate/jquery.validate.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
Publish Date: 2021-01-13
URL: CVE-2021-21252
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-jxwx-85vp-gvwm
Release Date: 2021-01-13
Fix Resolution: jquery-validation - 1.19.3
Step up your Open Source Security Game with Mend here
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to vulnerable library: /wp-content/plugins/official-facebook-pixel/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
Publish Date: 2019-01-09
URL: CVE-2016-10735
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10735
Release Date: 2019-01-09
Fix Resolution: bootstrap - 3.4.0, 4.0.0-beta.2
Step up your Open Source Security Game with Mend here
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-scss/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/stylelint/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-less/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-safe-parser/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-sass/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/sugarss/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-focus-within/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: c72f51dc0842d9bbf6ebb749b3217b005da6b45c
Found in base branch: master
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).
Publish Date: 2021-04-26
URL: CVE-2021-23382
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23382
Release Date: 2021-04-26
Fix Resolution: postcss - 8.2.13
Step up your Open Source Security Game with WhiteSource here
PSR-7 message implementation that also provides common utility methods
Library home page: https://api.github.com/repos/guzzle/psr7/zipball/f5b8a8512e2b58b0071a7280e39f14f72e05d87c
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.
Publish Date: 2022-03-21
URL: CVE-2022-24775
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-q7rv-6hp3-vh96
Release Date: 2022-03-21
Fix Resolution: 1.8.4,2.1.1
Step up your Open Source Security Game with Mend here
Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-env-preset
Library home page: https://registry.npmjs.org/browserslist/-/browserslist-4.14.7.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/browserslist/package.json
Dependency Hierarchy:
Found in base branch: master
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-scss/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/stylelint/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-less/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-safe-parser/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-sass/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/sugarss/node_modules/postcss/package.json,shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss-focus-within/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: c72f51dc0842d9bbf6ebb749b3217b005da6b45c
Found in base branch: master
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution: postcss -8.2.10
Step up your Open Source Security Game with WhiteSource here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: c72f51dc0842d9bbf6ebb749b3217b005da6b45c
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
Publish Date: 2021-02-15
URL: CVE-2021-23337
Base Score Metrics:
Type: Upgrade version
Origin: lodash/lodash@3469357
Release Date: 2021-02-15
Fix Resolution: lodash - 4.17.21
Step up your Open Source Security Game with WhiteSource here
Python package for providing Mozilla's CA Bundle.
Library home page: https://files.pythonhosted.org/packages/e9/06/d3d367b7af6305b16f0d28ae2aaeb86154fa91f144f036c2d5002a5a202b/certifi-2022.6.15-py3-none-any.whl
Path to dependency file: /wp-content/plugins/google-site-kit/third-party/guzzlehttp/ringphp/docs/requirements.txt
Path to vulnerable library: /wp-content/plugins/google-site-kit/third-party/guzzlehttp/ringphp/docs/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.
Publish Date: 2022-12-07
URL: CVE-2022-23491
Base Score Metrics:
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2022-23491
Release Date: 2022-12-07
Fix Resolution: certifi - 2022.12.07
Step up your Open Source Security Game with Mend here
Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab
Library home page: https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/hosted-git-info/package.json
Dependency Hierarchy:
Found in HEAD commit: f76eb45f05fc57f4d5bec69ba3676f8e8599072d
Found in base branch: master
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Publish Date: 2021-03-23
URL: CVE-2021-23362
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/npm/hosted-git-info/releases/tag/v3.0.8
Release Date: 2021-03-23
Fix Resolution: hosted-git-info - 3.0.8
Step up your Open Source Security Game with WhiteSource here
A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.0/jquery-ui.min.js
Path to dependency file: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/slim/index.html
Path to vulnerable library: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/slim/index.html
Dependency Hierarchy:
Found in HEAD commit: f0bccabe236973e3c6d0f68063dabd3ea99e1449
Found in base branch: master
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Publish Date: 2017-03-15
URL: CVE-2016-7103
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-7103
Release Date: 2017-03-15
Fix Resolution: 1.12.0
Step up your Open Source Security Game with WhiteSource here
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
Guzzle, an extensible PHP HTTP client. Authorization
headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the CURLOPT_HTTPAUTH
option to specify an Authorization
header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the CURLOPT_HTTPAUTH
option before continuing, stopping curl from appending the Authorization
header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl.
Publish Date: 2022-06-27
URL: CVE-2022-31090
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-25mq-v84q-4j7r
Release Date: 2022-05-19
Fix Resolution: 6.5.8,7.4.5
Step up your Open Source Security Game with Mend here
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/4.9.11/tinymce.min.js
Path to vulnerable library: /wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
A cross-site scripting (XSS) vulnerability was discovered in the URL processing logic of the image and link plugins. The vulnerability allowed arbitrary JavaScript execution when updating an image or link using a specially crafted URL. This issue only impacted users while editing and the dangerous URLs were stripped in any content extracted from the editor. This impacts all users who are using TinyMCE 5.9.2 or lower.
Publish Date: 2021-11-02
URL: WS-2021-0413
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-r8hm-w5f7-wj39
Release Date: 2021-11-02
Fix Resolution: TinyMCE - 5.10.0, tinymce/tinymce - 5.10.0, TinyMCE - 5.10.0
Step up your Open Source Security Game with Mend here
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 2c0aa98e22331ca8beb0c1f31a60ac1f7976a796
Found in base branch: master
This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.
Publish Date: 2021-06-03
URL: CVE-2020-28469
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28469
Release Date: 2021-06-03
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
Extract the non-magic parent path from a glob string.
Library home page: https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.1.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/glob-parent/package.json
Dependency Hierarchy:
Found in HEAD commit: 2c0aa98e22331ca8beb0c1f31a60ac1f7976a796
Found in base branch: master
Regular Expression Denial of Service (ReDoS) vulnerability was found in glob-parent before 5.1.2.
Publish Date: 2021-01-27
URL: WS-2021-0154
Base Score Metrics:
Type: Upgrade version
Origin: https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
Release Date: 2021-01-27
Fix Resolution: glob-parent - 5.1.2
Step up your Open Source Security Game with WhiteSource here
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to vulnerable library: /wp-content/plugins/official-facebook-pixel/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
Publish Date: 2019-02-20
URL: CVE-2019-8331
Base Score Metrics:
Type: Upgrade version
Release Date: 2019-02-20
Fix Resolution: bootstrap - 3.4.1,4.3.1;bootstrap-sass - 3.4.1,4.3.1
Step up your Open Source Security Game with Mend here
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/4.9.11/tinymce.min.js
Path to vulnerable library: /wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
Cross-site scripting vulnerability was found in TinyMCE before 5.7.1. A cross-site scripting (XSS) vulnerability was discovered in the URL sanitization logic of the core parser for form elements. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or APIs, and then submitting the form. However, as TinyMCE does not allow forms to be submitted while editing, the vulnerability could only be triggered when the content was previewed or rendered outside of the editor.
Publish Date: 2021-05-28
URL: WS-2021-0133
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5vm8-hhgr-jcjp
Release Date: 2021-05-28
Fix Resolution: tinymce - 5.7.1
Step up your Open Source Security Game with Mend here
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/4.9.11/tinymce.min.js
Path to vulnerable library: /wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
A cross-site scripting (XSS) vulnerability was discovered in the URL sanitization logic of the core parser of TinyMCE. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or APIs. This impacts all users who are using TinyMCE 5.5.1 or lower.
The issue has been fixed in TinyMCE 5.6.0.
Publish Date: 2021-02-19
URL: WS-2021-0025
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-w7jx-j77m-wp65
Release Date: 2021-02-19
Fix Resolution: tinymce - 5.6.0
Step up your Open Source Security Game with Mend here
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/4.9.11/tinymce.min.js
Path to vulnerable library: /wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
A regex denial of service (ReDoS) vulnerability was discovered in a dependency of the codesample plugin. The vulnerability allowed poorly formed ruby code samples to lock up the browser while performing syntax highlighting. This impacts users of the codesample plugin using TinyMCE 5.5.1 or lower.
This vulnerability has been patched in TinyMCE 5.6.0 by upgrading to a version of the dependency without the vulnerability.
Publish Date: 2021-01-05
URL: WS-2021-0001
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-h96f-fc7c-9r55
Release Date: 2021-01-05
Fix Resolution: tinymce - 5.6.0
Step up your Open Source Security Game with Mend here
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to vulnerable library: /wp-content/plugins/official-facebook-pixel/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
Publish Date: 2018-07-13
URL: CVE-2018-14042
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2.org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with Mend here
shop.grindmodecypher.com/wp-content/plugins/w3-total-cache/Util_Ui.php
Lines 162 to 167 in c503895
todo
comment in c503895. It's been assigned to @loftwah because they committed the code.A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.
Library home page: https://api.github.com/repos/firebase/php-jwt/zipball/9984a4d3a32ae7673d6971ea00bae9d0a1abba0e
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.
Publish Date: 2022-03-29
URL: CVE-2021-46743
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46743
Release Date: 2022-03-29
Fix Resolution: v6.0.0
Step up your Open Source Security Game with Mend here
Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab
Library home page: https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.8.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/hosted-git-info/package.json
Dependency Hierarchy:
Found in HEAD commit: c72f51dc0842d9bbf6ebb749b3217b005da6b45c
Found in base branch: master
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Publish Date: 2021-03-23
URL: CVE-2021-23362
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-43f8-2h32-f4cj
Release Date: 2021-03-23
Fix Resolution: hosted-git-info - 2.8.9,3.0.8
Step up your Open Source Security Game with WhiteSource here
Tool for transforming styles with JS plugins
Library home page: https://registry.npmjs.org/postcss/-/postcss-7.0.35.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/postcss/package.json
Dependency Hierarchy:
Found in HEAD commit: f76eb45f05fc57f4d5bec69ba3676f8e8599072d
Found in base branch: master
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Publish Date: 2021-04-12
URL: CVE-2021-23368
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Release Date: 2021-04-12
Fix Resolution: postcss -8.2.10
Step up your Open Source Security Game with WhiteSource here
PHP Secure Communications Library - Pure-PHP implementations of RSA, AES, SSH2, SFTP, X.509 etc.
Library home page: https://api.github.com/repos/phpseclib/phpseclib/zipball/d305b780829ea4252ed9400b3f5937c2c99b51d4
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
Publish Date: 2021-04-06
URL: CVE-2021-30130
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30130
Release Date: 2021-04-06
Fix Resolution: 2.0.31, 3.0.7
Step up your Open Source Security Game with Mend here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: f76eb45f05fc57f4d5bec69ba3676f8e8599072d
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Publish Date: 2021-02-15
URL: CVE-2020-28500
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution: lodash-4.17.21
Step up your Open Source Security Game with WhiteSource here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to vulnerable library: /wp-content/plugins/official-facebook-pixel/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
Base Score Metrics:
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution: jquery - 3.5.0;jquery-rails - 4.4.0
Step up your Open Source Security Game with Mend here
Trim newlines from the start and/or end of a string
Library home page: https://registry.npmjs.org/trim-newlines/-/trim-newlines-3.0.0.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/trim-newlines/package.json
Dependency Hierarchy:
Found in HEAD commit: 2c0aa98e22331ca8beb0c1f31a60ac1f7976a796
Found in base branch: master
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
Publish Date: 2021-05-28
URL: CVE-2021-33623
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623
Release Date: 2021-05-28
Fix Resolution: trim-newlines - 3.0.1, 4.0.1
Step up your Open Source Security Game with WhiteSource here
TinyMCE rich text editor
Library home page: https://cdnjs.cloudflare.com/ajax/libs/tinymce/4.9.11/tinymce.min.js
Path to vulnerable library: /wp-content/themes/Divi/includes/builder/frontend-builder/assets/vendors/tinymce.min.js
Dependency Hierarchy:
Found in base branch: master
A cross-site scripting (XSS) vulnerability was discovered in the schema validation logic of the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor using the clipboard or editor APIs. This malicious content could then end up in content published outside the editor, if no server-side sanitization was performed. This impacts all users who are using TinyMCE 5.8.2 or lower.
Publish Date: 2021-10-22
URL: WS-2021-0406
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5h9g-x5rv-25wg
Release Date: 2021-10-22
Fix Resolution: TinyMCE - 5.9.0, tinymce - 5.9.0, tinymce/tinymce - 5.9.0
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
Path to vulnerable library: /wp-content/plugins/official-facebook-pixel/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Step up your Open Source Security Game with Mend here
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
Guzzle is an open source PHP HTTP client. In affected versions the Cookie
headers on requests are sensitive information. On making a request using the https
scheme to a server which responds with a redirect to a URI with the http
scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the Cookie
header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any Cookie
header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together.
Publish Date: 2022-06-10
URL: CVE-2022-31042
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-f2wf-25xc-69c9
Release Date: 2022-06-10
Fix Resolution: 6.5.7,7.4.4
Step up your Open Source Security Game with Mend here
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Guzzle, an extensible PHP HTTP client
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
Guzzle is an open source PHP HTTP client. In affected versions Authorization
headers on requests are sensitive information. On making a request using the https
scheme to a server which responds with a redirect to a URI with the http
scheme, we should not forward the Authorization
header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, https
to http
downgrades did not result in the Authorization
header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required.
Publish Date: 2022-06-10
URL: CVE-2022-31043
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-w248-ffj2-4v5q
Release Date: 2022-06-10
Fix Resolution: 6.5.7,7.4.4
Step up your Open Source Security Game with Mend here
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
Path to dependency file: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/slim/index.html
Path to vulnerable library: shop.grindmodecypher.com/wp-content/plugins/wp-file-manager/lib/codemirror/mode/slim/index.html
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.3/jquery.min.js
Path to vulnerable library: shop.grindmodecypher.com/wp-content/plugins/woocommerce-admin/vendor/composer/installers/vendor/phpunit/php-code-coverage/src/CodeCoverage/Report/HTML/Renderer/Template/js/jquery.min.js
Dependency Hierarchy:
Found in HEAD commit: f0bccabe236973e3c6d0f68063dabd3ea99e1449
Found in base branch: master
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
Base Score Metrics:
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution: jQuery - v3.0.0
Step up your Open Source Security Game with WhiteSource here
The most popular front-end framework for developing responsive, mobile first projects on the web.
Library home page: https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js
Path to vulnerable library: /wp-content/plugins/official-facebook-pixel/vendor/phpunit/php-code-coverage/src/Report/Html/Renderer/Template/js/bootstrap.min.js
Dependency Hierarchy:
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
Publish Date: 2018-07-13
URL: CVE-2018-14040
Base Score Metrics:
Type: Upgrade version
Release Date: 2018-07-13
Fix Resolution: org.webjars.npm:bootstrap:4.1.2,org.webjars:bootstrap:3.4.0
Step up your Open Source Security Game with Mend here
Lodash modular utilities.
Library home page: https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/lodash/package.json
Dependency Hierarchy:
Found in HEAD commit: c72f51dc0842d9bbf6ebb749b3217b005da6b45c
Found in base branch: master
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
Publish Date: 2021-02-15
URL: CVE-2020-28500
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
Release Date: 2021-02-15
Fix Resolution: lodash-4.17.21
Step up your Open Source Security Game with WhiteSource here
An ini encoder/decoder for node
Library home page: https://registry.npmjs.org/ini/-/ini-1.3.5.tgz
Path to dependency file: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/package.json
Path to vulnerable library: shop.grindmodecypher.com/wp-content/themes/twentytwentyone/node_modules/ini/package.json
Dependency Hierarchy:
Found in HEAD commit: 71aa041ac41d7e5c1657a2d660e0f48c6fc21e2f
Found in base branch: master
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
Publish Date: 2020-12-11
URL: CVE-2020-7788
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
Release Date: 2020-12-11
Fix Resolution: v1.3.6
Step up your Open Source Security Game with WhiteSource here
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.