string
71 known vulnerabilities · 2 critical · 5 high
@nocobase/database has SQL Injection via String Concatenation through Recursive Eager Loading
string-math's string-math.js vulnerability can cause Regex Denial of Service (ReDoS)
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Kysely has a MySQL SQL Injection via Insufficient Backslash Escaping in `sql.lit(string)` usage or similar methods that append string literal values into the compiled SQL strings
Malicious code in string-multiutils (npm)
happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript
OpenClaw has unbounded memory growth in Zalo webhook via query-string key churn (unauthenticated DoS)
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()
DbGate has cross site scripting via the SVG Icon String Handler component
string-kit Inefficient Regular Expression Complexity vulnerability
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0
Malicious code in body-string-rest (npm)
oRPC has Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify
@grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template
Malicious code in son-stringiy-safe (npm)
Malicious code in owa-strings (npm)
Malicious code in lodaschisstring (npm)
Malicious code in quewynstring (npm)
Malicious code in gradient-stringss (npm)
Malicious code in stringjs_lib (npm)
Malicious code in string-width-aliased (npm)
Denial of Service in uap-core when processing crafted User-Agent strings
Malicious code in json2stringfy (npm)
Malicious code in remark-stringify10 (npm)
n8n: Webhook Node IP Whitelist Bypass via Partial String Matching
Malicious code in fetch-string (npm)
Remote Code Execution (RCE) via String Literal Injection into math-codegen
Malicious code in shakti-strings (npm)
Malicious code in color-string (npm)
steal Inefficient Regular Expression Complexity vulnerability via string variable
Malicious code in transform-json-strings (npm)
Malicious code in plugin-proposal-json-strings (npm)
Malicious code in @hongfangze/string (npm)
Malicious code in testring-build (npm)
Malicious code in string_decoder-browserify (npm)
PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag
Malicious code in body-string (npm)
Malicious code in 5string (npm)
Malicious code in oj-sp-common-strings (npm)
Malicious code in gradient-stringnnnn (npm)
Malicious code in gradient-strings (npm)
Malicious code in tree-sitter-strings (npm)
Malicious code in gradient-stringn (npm)
Malicious code in @maxcointech/simple-string-utils (npm)
Malicious code in simple-string-utils3 (npm)
Malicious code in string-process-mate (npm)
Malicious code in arrays-string (npm)
Malicious code in stringify-coder (npm)
Malicious code in seacpe-string-regexp (npm)
Malicious code in atlaspack-transformer-string (npm)
Passing in a non-string 'html' argument can lead to unsanitized output
Malicious code in non-string-num (npm)
Malicious code in jsostablestringilfy (npm)
Malicious code in eslint-plugin-i18n-strings (npm)
Malicious code in ibm-strings (npm)
Malicious code in string-parser-utils (npm)
Malicious code in string-setup-helper (npm)