This project forked from mcld/greatreadingadventure
:books: The Great Reading Adventure is an open-source tool for managing dynamic library reading programs
Home Page: http://www.greatreadingadventure.com/
License: MIT License
![atomist[bot] avatar](https://avatars.githubusercontent.com/in/407?v=4 "atomist[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![imgbot[bot] avatar](https://avatars.githubusercontent.com/in/4706?v=4 "imgbot[bot]")
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "mend-for-github-com[bot]")
Vulnerable Libraries - moment-timezone-0.5.33.tgz, moment-timezone-0.4.1.tgz
Parse and display moments in any timezone.
Library home page: https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.33.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment-timezone/package.json
Dependency Hierarchy:
Parse and display moments in any timezone.
Library home page: https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.4.1.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Command Injection in moment-timezone before 0.5.35.
Publish Date: 2022-08-30
URL: WS-2022-0280
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-56x4-j7p9-fcf9
Release Date: 2022-08-30
Fix Resolution: 0.5.35
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Libraries - jquery-2.1.4.tgz, jquery-1.12.4.js
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-2.1.4.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/bootstrap-multiselect/node_modules/jquery/package.json
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/index.html
Path to vulnerable library: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution (jquery): 3.4.0
Direct dependency fix Resolution (bootstrap-multiselect): 1.1.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - system.net.http.4.3.0.nupkgProvides a programming interface for modern HTTP applications, including HTTP client components that...
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /test/GRA.Test/GRA.Test.csproj
Path to vulnerable library: /usr/share/dotnet/sdk/NuGetFallbackFolder/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
Publish Date: 2017-05-12
URL: CVE-2017-0247
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2017-05-12
Fix Resolution: System.Text.Encodings.Web - 4.0.1,4.3.1;System.Net.Http - 4.1.2,4.3.2;System.Net.Http.WinHttpHandler - 4.0.2,4.5.4;System.Net.Security - 4.0.1,4.3.1;System.Net.WebSockets.Client - 4.0.1,4.3.1;Microsoft.AspNetCore.Mvc - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Core - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Abstractions - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.ApiExplorer - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Cors - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Localization - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Razor.Host - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Razor - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.TagHelpers - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.0.4,1.1.3
Vulnerable Library - minimist-1.2.5.tgzparse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/minimist/package.json
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-03-17
Fix Resolution: minimist - 1.2.6
Vulnerable Library - activesupport-3.2.22.5.gemA toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
Library home page: https://rubygems.org/gems/activesupport-3.2.22.5.gem
Path to dependency file: /docs/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activesupport-3.2.22.5.gem
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
Publish Date: 2015-07-26
URL: CVE-2015-3226
CVSS 3 Score Details (3.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-3226
Release Date: 2015-07-26
Fix Resolution: 4.1.11,4.2.2
Vulnerable Library - microsoft.data.sqlclient.2.0.1.nupkgProvides the data provider for SQL Server. These classes provide access to versions of SQL Server an...
Library home page: https://api.nuget.org/packages/microsoft.data.sqlclient.2.0.1.nupkg
Path to dependency file: /src/GRA.Data.SqlServer/GRA.Data.SqlServer.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/2.0.1/microsoft.data.sqlclient.2.0.1.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
.NET Framework Information Disclosure Vulnerability
Mend Note: Converted from WS-2022-0377, on 2022-11-10.
Publish Date: 2022-11-09
URL: CVE-2022-41064
CVSS 3 Score Details (5.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8g2p-5pqh-5jmc
Release Date: 2022-11-09
Fix Resolution: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5
Vulnerable Library - system.net.http.4.3.0.nupkgProvides a programming interface for modern HTTP applications, including HTTP client components that...
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /test/GRA.Test/GRA.Test.csproj
Path to vulnerable library: /usr/share/dotnet/sdk/NuGetFallbackFolder/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Publish Date: 2017-05-12
URL: CVE-2017-0256
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-0256
Release Date: 2017-05-12
Fix Resolution: Microsoft.AspNetCore.Mvc.ApiExplorer - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.Abstractions - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.Core - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Cors - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Localization - 1.1.3,1.0.4;System.Net.Http - 4.1.2,4.3.2;Microsoft.AspNetCore.Mvc.Razor - 1.1.3,1.0.4;System.Net.Http.WinHttpHandler - 4.0.2,4.3.0-preview1-24530-04;System.Net.Security - 4.3.0-preview1-24530-04,4.0.1;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.TagHelpers - 1.0.4,1.1.3;System.Text.Encodings.Web - 4.3.0-preview1-24530-04,4.0.1;Microsoft.AspNetCore.Mvc.Razor.Host - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.0.4,1.1.3;System.Net.WebSockets.Client - 4.3.0-preview1-24530-04,4.0.1;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.1.3,1.0.4;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.0.4,1.1.3
Vulnerable Library - system.drawing.common.5.0.0.nupkgProvides access to GDI+ graphics functionality.
Commonly Used Types:
System.Drawing.Bitmap
System.D...
Library home page: https://api.nuget.org/packages/system.drawing.common.5.0.0.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/5.0.0/system.drawing.common.5.0.0.nupkg
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26701.
Publish Date: 2021-02-25
URL: CVE-2021-24112
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-rxg9-xrhp-64gj
Release Date: 2021-02-25
Fix Resolution: System.Drawing.Common - 4.7.2,5.0.3
Vulnerable Library - buildbundlerminifier.3.2.449.nupkgBundles and minifies CSS, JS and HTML files
Library home page: https://api.nuget.org/packages/buildbundlerminifier.3.2.449.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/buildbundlerminifier/3.2.449/buildbundlerminifier.3.2.449.nupkg
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Improper Handling of Exceptional Conditions in Newtonsoft.Json.
Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications.
Publish Date: 2022-06-22
URL: WS-2022-0161
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2022-06-22
Fix Resolution: Newtonsoft.Json - 13.0.1;Microsoft.Extensions.ApiDescription.Server - 6.0.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Libraries - jquery-2.1.4.tgz, jquery-1.12.4.js
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-2.1.4.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/bootstrap-multiselect/node_modules/jquery/package.json
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/index.html
Path to vulnerable library: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution (jquery): 3.5.0
Direct dependency fix Resolution (bootstrap-multiselect): 1.1.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - system.text.regularexpressions.4.3.0.nupkgProvides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...
Library home page: https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Mend Note: After conducting further research, Mend has determined that CVE-2019-0820 only affects environments with versions 4.3.0 and 4.3.1 only on netcore50 environment of system.text.regularexpressions.nupkg.
Publish Date: 2019-05-16
URL: CVE-2019-0820
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-cmhx-cq75-c4mj
Release Date: 2019-05-16
Fix Resolution: System.Text.RegularExpressions - 4.3.1
Vulnerable Library - buildbundlerminifier.3.2.449.nupkgBundles and minifies CSS, JS and HTML files
Library home page: https://api.nuget.org/packages/buildbundlerminifier.3.2.449.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/buildbundlerminifier/3.2.449/buildbundlerminifier.3.2.449.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
Publish Date: 2024-01-03
URL: CVE-2024-21907
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-5crp-9r3c-p9vr
Release Date: 2024-01-03
Fix Resolution: Newtonsoft.Json - 13.0.1
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - system.net.http.4.3.0.nupkgProvides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /test/GRA.Test/GRA.Test.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
Publish Date: 2018-10-10
URL: CVE-2018-8292
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2018-10-10
Fix Resolution: System.Net.Http - 4.3.4;Microsoft.PowerShell.Commands.Utility - 6.1.0-rc.1
Vulnerable Library - activesupport-3.2.22.5.gemA toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
Library home page: https://rubygems.org/gems/activesupport-3.2.22.5.gem
Path to dependency file: /docs/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activesupport-3.2.22.5.gem
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
There is a possible regular expression based DoS vulnerability in Active Support. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. The issue is patched in versions 6.1.7.1 and 7.0.4.1.
Publish Date: 2023-01-06
URL: CVE-2023-22796
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-j6gc-792m-qgm2
Release Date: 2023-01-06
Fix Resolution: activesupport - 6.1.7.1,7.0.4.1
Vulnerable Libraries - jquery-2.1.4.tgz, jquery-1.12.4.js
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-2.1.4.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/bootstrap-multiselect/node_modules/jquery/package.json
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/index.html
Path to vulnerable library: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution (jquery): 3.0.0
Direct dependency fix Resolution (bootstrap-multiselect): 1.1.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - system.security.cryptography.xml.5.0.0.nupkgProvides classes to support the creation and validation of XML digital signatures. The classes in th...
Library home page: https://api.nuget.org/packages/system.security.cryptography.xml.5.0.0.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.security.cryptography.xml/5.0.0/system.security.cryptography.xml.5.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.
Publish Date: 2022-08-09
URL: CVE-2022-34716
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-2m65-m22p-9wjw
Release Date: 2022-08-09
Fix Resolution: Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.osx-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.28,6.0.8;System.Security.Cryptography.Xml - 4.7.1,6.0.1
Vulnerable Library - activesupport-3.2.22.5.gemA toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.
Library home page: https://rubygems.org/gems/activesupport-3.2.22.5.gem
Path to dependency file: /docs/Gemfile.lock
Path to vulnerable library: /home/wss-scanner/.gem/ruby/2.7.0/cache/activesupport-3.2.22.5.gem
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
Publish Date: 2015-07-26
URL: CVE-2015-3227
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-3227
Release Date: 2015-07-26
Fix Resolution: 4.1.11,4.2.2
Vulnerable Libraries - microsoft.data.sqlclient.2.0.1.nupkg, microsoft.data.sqlclient.2.1.2.nupkg
Provides the data provider for SQL Server. These classes provide access to versions of SQL Server an...
Library home page: https://api.nuget.org/packages/microsoft.data.sqlclient.2.0.1.nupkg
Path to dependency file: /src/GRA.Data.SqlServer/GRA.Data.SqlServer.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/2.0.1/microsoft.data.sqlclient.2.0.1.nupkg
Dependency Hierarchy:
Provides the data provider for SQL Server. These classes provide access to versions of SQL Server an...
Library home page: https://api.nuget.org/packages/microsoft.data.sqlclient.2.1.2.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/2.1.2/microsoft.data.sqlclient.2.1.2.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Mend Note: Version 4.8.6 of System.Data.SqlClient was discovered to contain DLL components originated in a vulnerable Nuget version (System.Data.SqlClient-4.6.0), and therefore is alerted for CVE-2024-0056. Those components exist in the following paths: system.data.sqlclient.4.8.6\lib\net451\System.Data.SqlClient.dll, system.data.sqlclient.4.8.6\ref\net451\System.Data.SqlClient.dll, system.data.sqlclient.4.8.6\runtimes\win\lib\net451\System.Data.SqlClient.dll,system.data.sqlclient.4.8.6\runtimes\unix\lib\netstandard1.3\System.Data.SqlClient.dll, system.data.sqlclient.4.8.6\runtimes\win\lib\netstandard1.3\System.Data.SqlClient.dll, system.data.sqlclient.4.8.6\lib\net46\System.Data.SqlClient.dll, system.data.sqlclient.4.8.6\ref\net46\System.Data.SqlClient.dll, system.data.sqlclient.4.8.6\runtimes\win\lib\net46\System.Data.SqlClient.dll.
As reflected in the paths, those DLL relate to .NET Framework 4.5.1,.NET Framework 4.6 and .NET Standard 1.3 accordingly.
Users of System.Data.SqlClient-4.8.6 that do not use any functionality originated in System.Data.SqlClient-4.6.0 are not affected.
Publish Date: 2024-01-09
URL: CVE-2024-0056
CVSS 3 Score Details (8.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-98g6-xh36-x2p7
Release Date: 2024-01-09
Fix Resolution: Microsoft.Data.SqlClient - 2.1.7,3.1.5,4.0.5,5.1.3, System.Data.SqlClient - 4.8.6
Vulnerable Library - system.text.regularexpressions.4.3.0.nupkgProvides the System.Text.RegularExpressions.Regex class, an implementation of a regular expression e...
Library home page: https://api.nuget.org/packages/system.text.regularexpressions.4.3.0.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.text.regularexpressions/4.3.0/system.text.regularexpressions.4.3.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka '.NET Framework and .NET Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.
Mend Note: After conducting further research, Mend has determined that CVE-2019-0820 only affects environments with versions 4.3.0 and 4.3.1 only on netcore50 environment of system.text.regularexpressions.nupkg.
Publish Date: 2019-05-16
URL: CVE-2019-0820
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-cmhx-cq75-c4mj
Release Date: 2019-05-16
Fix Resolution: System.Text.RegularExpressions - 4.3.1
Vulnerable Library - microsoft.data.sqlclient.2.0.1.nupkgProvides the data provider for SQL Server. These classes provide access to versions of SQL Server an...
Library home page: https://api.nuget.org/packages/microsoft.data.sqlclient.2.0.1.nupkg
Path to dependency file: /src/GRA.CommandLine/GRA.CommandLine.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/2.0.1/microsoft.data.sqlclient.2.0.1.nupkg
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages.
A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query.
Publish Date: 2022-11-09
URL: WS-2022-0377
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8g2p-5pqh-5jmc
Release Date: 2022-11-09
Fix Resolution: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5
Vulnerable Library - jquery-validation-1.19.3.tgzClient-side form validation made easy
Library home page: https://registry.npmjs.org/jquery-validation/-/jquery-validation-1.19.3.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/jquery-validation/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Redos in jquery-validation before 1.19.5
Publish Date: 2022-07-06
URL: WS-2022-0170
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-ffmh-x56j-9rc3
Release Date: 2022-07-06
Fix Resolution: 1.19.5
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Libraries - jquery-1.12.4.js, jquery-2.1.4.tgz
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/index.html
Path to vulnerable library: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/external/jquery/jquery.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-2.1.4.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/bootstrap-multiselect/node_modules/jquery/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution: jQuery - 3.5.0
Vulnerable Library - microsoft.data.sqlclient.2.0.1.nupkgProvides the data provider for SQL Server. These classes provide access to versions of SQL Server an...
Library home page: https://api.nuget.org/packages/microsoft.data.sqlclient.2.0.1.nupkg
Path to dependency file: /src/GRA.Data.SqlServer/GRA.Data.SqlServer.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.data.sqlclient/2.0.1/microsoft.data.sqlclient.2.0.1.nupkg
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
.NET Framework Information Disclosure Vulnerability.
Publish Date: 2022-11-09
URL: CVE-2022-41064
CVSS 3 Score Details (5.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8g2p-5pqh-5jmc
Release Date: 2022-11-09
Fix Resolution: Microsoft.Data.SqlClient - 1.1.4,2.1.2;System.Data.SqlClient - 4.8.5
Vulnerable Libraries - jquery-2.1.4.tgz, jquery-1.12.4.js
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-2.1.4.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/bootstrap-multiselect/node_modules/jquery/package.json
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/index.html
Path to vulnerable library: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
Publish Date: 2019-04-20
URL: CVE-2019-11358
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11358
Release Date: 2019-04-20
Fix Resolution (jquery): 3.4.0
Direct dependency fix Resolution (bootstrap-multiselect): 1.1.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - moment-2.29.1.tgzParse, validate, manipulate, and display dates
Library home page: https://registry.npmjs.org/moment/-/moment-2.29.1.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment/package.json,/src/GRA.Web/node_modules/moment/package.json
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Publish Date: 2022-04-04
URL: CVE-2022-24785
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8hfj-j24r-96c4
Release Date: 2022-04-04
Fix Resolution: 2.29.2
⛑️ Automatic Remediation is available for this issue
Vulnerable Libraries - moment-timezone-0.5.33.tgz, moment-timezone-0.4.1.tgz
Parse and display moments in any timezone.
Library home page: https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.33.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment-timezone/package.json
Dependency Hierarchy:
Parse and display moments in any timezone.
Library home page: https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.4.1.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment-timezone/package.json
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Command Injection in moment-timezone before 0.5.35.
Publish Date: 2022-08-30
URL: WS-2022-0280
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-56x4-j7p9-fcf9
Release Date: 2022-08-30
Fix Resolution: 0.5.35
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - system.drawing.common.5.0.0.nupkgProvides access to GDI+ graphics functionality.
Commonly Used Types:
System.Drawing.Bitmap
System.D...
Library home page: https://api.nuget.org/packages/system.drawing.common.5.0.0.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.drawing.common/5.0.0/system.drawing.common.5.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
.NET Core Remote Code Execution Vulnerability
Publish Date: 2021-02-25
URL: CVE-2021-24112
CVSS 3 Score Details (8.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-rxg9-xrhp-64gj
Release Date: 2021-02-25
Fix Resolution: System.Drawing.Common - 4.7.2,5.0.3
Vulnerable Libraries - jquery-2.1.4.tgz, jquery-1.12.4.js
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-2.1.4.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/bootstrap-multiselect/node_modules/jquery/package.json
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/index.html
Path to vulnerable library: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Publish Date: 2018-01-18
URL: CVE-2015-9251
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-9251
Release Date: 2018-01-18
Fix Resolution (jquery): 3.0.0
Direct dependency fix Resolution (bootstrap-multiselect): 1.1.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - moment-2.29.1.tgzParse, validate, manipulate, and display dates
Library home page: https://registry.npmjs.org/moment/-/moment-2.29.1.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Publish Date: 2022-04-04
URL: CVE-2022-24785
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8hfj-j24r-96c4
Release Date: 2022-04-04
Fix Resolution: 2.29.2
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Libraries - moment-timezone-0.4.1.tgz, moment-timezone-0.5.33.tgz
Parse and display moments in any timezone.
Library home page: https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.4.1.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/package.json
Dependency Hierarchy:
Parse and display moments in any timezone.
Library home page: https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.33.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment-timezone/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Cleartext Transmission of Sensitive Information in moment-timezone
Publish Date: 2022-08-30
URL: WS-2022-0284
CVSS 3 Score Details (9.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-v78c-4p63-2j6c
Release Date: 2022-08-30
Fix Resolution: 0.5.35
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - system.net.http.4.3.0.nupkgProvides a programming interface for modern HTTP applications, including HTTP client components that...
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /test/GRA.Test/GRA.Test.csproj
Path to vulnerable library: /usr/share/dotnet/sdk/NuGetFallbackFolder/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Publish Date: 2017-05-12
URL: CVE-2017-0249
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2017-05-12
Fix Resolution: System.Text.Encodings.Web - 4.0.1,4.3.1;System.Net.Http - 4.1.2,4.3.2;System.Net.Http.WinHttpHandler - 4.0.2,4.3.1;System.Net.Security - 4.0.1,4.3.1;System.Net.WebSockets.Client - 4.0.1,4.3.1;Microsoft.AspNetCore.Mvc - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Core - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Abstractions - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.ApiExplorer - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Cors - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Localization - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Razor.Host - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.Razor - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.TagHelpers - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.0.4,1.1.3;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.0.4,1.1.3
Vulnerable Library - jquery-validation-1.19.3.tgzClient-side form validation made easy
Library home page: https://registry.npmjs.org/jquery-validation/-/jquery-validation-1.19.3.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/jquery-validation/package.json,/src/GRA.Web/node_modules/jquery-validation/package.json
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Redos in jquery-validation before 1.19.5
Publish Date: 2022-07-06
URL: WS-2022-0170
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-ffmh-x56j-9rc3
Release Date: 2022-07-06
Fix Resolution: jquery-validation - 1.19.5
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - minimist-1.2.5.tgzparse argument options
Library home page: https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/minimist/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Publish Date: 2022-03-17
URL: CVE-2021-44906
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-xvch-5gv4-984h
Release Date: 2022-03-17
Fix Resolution (minimist): 1.2.6
Direct dependency fix Resolution (commonmark): 0.30.0
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - jquery-validation-1.19.3.tgzClient-side form validation made easy
Library home page: https://registry.npmjs.org/jquery-validation/-/jquery-validation-1.19.3.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/jquery-validation/package.json,/src/GRA.Web/node_modules/jquery-validation/package.json
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
Publish Date: 2022-06-02
URL: CVE-2021-43306
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://research.jfrog.com/vulnerabilities/jquery-validation-redos-xray-211348/
Release Date: 2022-06-02
Fix Resolution: 1.19.4
⛑️ Automatic Remediation is available for this issue
Vulnerable Libraries - microsoft.identitymodel.jsonwebtokens.5.6.0.nupkg, microsoft.identitymodel.jsonwebtokens.6.8.0.nupkg, system.identitymodel.tokens.jwt.6.8.0.nupkg, system.identitymodel.tokens.jwt.5.6.0.nupkg
Includes types that provide support for creating, serializing and validating JSON Web Tokens.
Library home page: https://api.nuget.org/packages/microsoft.identitymodel.jsonwebtokens.5.6.0.nupkg
Path to dependency file: /src/GRA.Data.SqlServer/GRA.Data.SqlServer.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.identitymodel.jsonwebtokens/5.6.0/microsoft.identitymodel.jsonwebtokens.5.6.0.nupkg
Dependency Hierarchy:
Includes types that provide support for creating, serializing and validating JSON Web Tokens.
Library home page: https://api.nuget.org/packages/microsoft.identitymodel.jsonwebtokens.6.8.0.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/microsoft.identitymodel.jsonwebtokens/6.8.0/microsoft.identitymodel.jsonwebtokens.6.8.0.nupkg
Dependency Hierarchy:
Includes types that provide support for creating, serializing and validating JSON Web Tokens.
Library home page: https://api.nuget.org/packages/system.identitymodel.tokens.jwt.6.8.0.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.identitymodel.tokens.jwt/6.8.0/system.identitymodel.tokens.jwt.6.8.0.nupkg
Dependency Hierarchy:
Includes types that provide support for creating, serializing and validating JSON Web Tokens.
Library home page: https://api.nuget.org/packages/system.identitymodel.tokens.jwt.5.6.0.nupkg
Path to dependency file: /src/GRA.Data.SqlServer/GRA.Data.SqlServer.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.identitymodel.tokens.jwt/5.6.0/system.identitymodel.tokens.jwt.5.6.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Microsoft Identity Denial of service vulnerability
Publish Date: 2024-01-09
URL: CVE-2024-21319
CVSS 3 Score Details (6.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-8g9c-28fc-mcx2
Release Date: 2024-01-09
Fix Resolution: System.IdentityModel.Tokens.Jwt - 5.7.0,6.34.0,7.1.2, Microsoft.IdentityModel.JsonWebTokens - 5.7.0,6.34.0,7.1.2
Vulnerable Library - system.net.http.4.3.0.nupkgProvides a programming interface for modern HTTP applications, including HTTP client components that...
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /test/GRA.Test/GRA.Test.csproj
Path to vulnerable library: /usr/share/dotnet/sdk/NuGetFallbackFolder/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
Publish Date: 2017-05-12
URL: CVE-2017-0248
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2017-05-12
Fix Resolution: System.Text.Encodings.Web - 4.0.1, 4.3.1;System.Net.Http - 4.1.2, 4.3.2;System.Net.Http.WinHttpHandler - 4.0.2, 4.3.1;System.Net.Security - 4.0.1, 4.3.1;System.Net.WebSockets.Client - 4.0.1, 4.3.1;Microsoft.AspNetCore.Mvc - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Core - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Abstractions - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.ApiExplorer - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Cors - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.DataAnnotations - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Json - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Formatters.Xml - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Localization - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Razor.Host - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.Razor - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.TagHelpers - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.ViewFeatures - 1.0.4, 1.1.3;Microsoft.AspNetCore.Mvc.WebApiCompatShim - 1.0.4, 1.1.3
Vulnerable Library - moment-2.29.1.tgzParse, validate, manipulate, and display dates
Library home page: https://registry.npmjs.org/moment/-/moment-2.29.1.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
Publish Date: 2022-07-06
URL: CVE-2022-31129
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-wc69-rhjr-hc9g
Release Date: 2022-07-06
Fix Resolution: 2.29.4
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - jquery-validation-1.19.3.tgzClient-side form validation made easy
Library home page: https://registry.npmjs.org/jquery-validation/-/jquery-validation-1.19.3.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/jquery-validation/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
Publish Date: 2022-06-02
URL: CVE-2021-43306
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://research.jfrog.com/vulnerabilities/jquery-validation-redos-xray-211348/
Release Date: 2022-06-02
Fix Resolution: 1.19.4
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Libraries - moment-timezone-0.4.1.tgz, moment-timezone-0.5.33.tgz
Parse and display moments in any timezone.
Library home page: https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.4.1.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment-timezone/package.json
Dependency Hierarchy:
Parse and display moments in any timezone.
Library home page: https://registry.npmjs.org/moment-timezone/-/moment-timezone-0.5.33.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment-timezone/package.json
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
Cleartext Transmission of Sensitive Information in moment-timezone
Publish Date: 2022-08-30
URL: WS-2022-0284
CVSS 3 Score Details (9.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-v78c-4p63-2j6c
Release Date: 2022-08-30
Fix Resolution: 0.5.35
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - sixlabors.imagesharp.1.0.4.nupkgA new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.1.0.4.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/1.0.4/sixlabors.imagesharp.1.0.4.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8.
Publish Date: 2024-04-15
URL: CVE-2024-32036
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-5x7m-6737-26cr
Release Date: 2024-04-15
Fix Resolution: SixLabors.ImageSharp - 2.1.8,3.1.4
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Libraries - jquery-2.1.4.tgz, jquery-1.12.4.js
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-2.1.4.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/bootstrap-multiselect/node_modules/jquery/package.json
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/index.html
Path to vulnerable library: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/external/jquery/jquery.js
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11023
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2020-04-29
Fix Resolution (jquery): 3.5.0
Direct dependency fix Resolution (bootstrap-multiselect): 1.1.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - jquery-validation-1.19.3.tgzClient-side form validation made easy
Library home page: https://registry.npmjs.org/jquery-validation/-/jquery-validation-1.19.3.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/jquery-validation/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.
Publish Date: 2022-07-14
URL: CVE-2022-31147
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-ffmh-x56j-9rc3
Release Date: 2022-07-14
Fix Resolution: 1.19.5
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - sixlabors.imagesharp.1.0.4.nupkgA new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.1.0.4.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/1.0.4/sixlabors.imagesharp.1.0.4.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7.
Publish Date: 2024-03-05
URL: CVE-2024-27929
CVSS 3 Score Details (7.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-65x7-c272-7g7r
Release Date: 2024-03-05
Fix Resolution: SixLabors.ImageSharp - 2.1.7,3.1.3
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Library - sixlabors.imagesharp.1.0.4.nupkgA new, fully featured, fully managed, cross-platform, 2D graphics API for .NET
Library home page: https://api.nuget.org/packages/sixlabors.imagesharp.1.0.4.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/sixlabors.imagesharp/1.0.4/sixlabors.imagesharp.1.0.4.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8.
Publish Date: 2024-04-15
URL: CVE-2024-32035
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-g85r-6x2q-45w7
Release Date: 2024-04-15
Fix Resolution: SixLabors.ImageSharp - 2.1.8,3.1.4
⛑️ Automatic Remediation will be attempted for this issue.
Vulnerable Libraries - jquery-1.12.4.js, jquery-2.1.4.tgz
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.js
Path to dependency file: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/index.html
Path to vulnerable library: /src/GRA.Web/Scripts/jquery-ui-1.12.1.custom/external/jquery/jquery.js
Dependency Hierarchy:
JavaScript library for DOM operations
Library home page: https://registry.npmjs.org/jquery/-/jquery-2.1.4.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/bootstrap-multiselect/node_modules/jquery/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Publish Date: 2020-04-29
URL: CVE-2020-11022
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Release Date: 2020-04-29
Fix Resolution (jquery): 3.5.0
Direct dependency fix Resolution (bootstrap-multiselect): 1.1.0
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - system.security.cryptography.xml.5.0.0.nupkgProvides classes to support the creation and validation of XML digital signatures. The classes in th...
Library home page: https://api.nuget.org/packages/system.security.cryptography.xml.5.0.0.nupkg
Path to dependency file: /src/GRA.Web/GRA.Web.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.security.cryptography.xml/5.0.0/system.security.cryptography.xml.5.0.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information.
Publish Date: 2022-08-09
URL: CVE-2022-34716
CVSS 3 Score Details (5.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-2m65-m22p-9wjw
Release Date: 2022-08-09
Fix Resolution: Microsoft.AspNetCore.App.Runtime.linux-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-musl-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.linux-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.osx-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-arm64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x64 - 3.1.28,6.0.8;Microsoft.AspNetCore.App.Runtime.win-x86 - 3.1.28,6.0.8;System.Security.Cryptography.Xml - 4.7.1,6.0.1
Vulnerable Library - system.net.http.4.3.0.nupkgProvides a programming interface for modern HTTP applications, including HTTP client components that allow applications to consume web services over HTTP and HTTP components that can be used by both clients and servers for parsing HTTP headers.
Library home page: https://api.nuget.org/packages/system.net.http.4.3.0.nupkg
Path to dependency file: /test/GRA.Test/GRA.Test.csproj
Path to vulnerable library: /home/wss-scanner/.nuget/packages/system.net.http/4.3.0/system.net.http.4.3.0.nupkg
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
Publish Date: 2018-10-10
URL: CVE-2018-8292
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Release Date: 2018-10-10
Fix Resolution: System.Net.Http - 4.3.4;Microsoft.PowerShell.Commands.Utility - 6.1.0-rc.1
Vulnerable Library - moment-2.29.1.tgzParse, validate, manipulate, and display dates
Library home page: https://registry.npmjs.org/moment/-/moment-2.29.1.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/moment/package.json,/src/GRA.Web/node_modules/moment/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
Publish Date: 2022-07-06
URL: CVE-2022-31129
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-wc69-rhjr-hc9g
Release Date: 2022-07-06
Fix Resolution: moment - 2.29.4
⛑️ Automatic Remediation is available for this issue
Vulnerable Library - jquery-validation-1.19.3.tgzClient-side form validation made easy
Library home page: https://registry.npmjs.org/jquery-validation/-/jquery-validation-1.19.3.tgz
Path to dependency file: /src/GRA.Web/package.json
Path to vulnerable library: /src/GRA.Web/node_modules/jquery-validation/package.json,/src/GRA.Web/node_modules/jquery-validation/package.json
Dependency Hierarchy:
Found in HEAD commit: de4d584d1fb9e63f6da48010d058571ea211f024
Found in base branch: develop
Vulnerability Details
The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.
Publish Date: 2022-07-14
URL: CVE-2022-31147
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-ffmh-x56j-9rc3
Release Date: 2022-07-14
Fix Resolution: jquery-validation - 1.19.5
⛑️ Automatic Remediation is available for this issue
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
