GHSA-xvch-5gv4-984h
By advisories
GHSA-5955-9wpr-37jh
By advisories
Our great sponsors
| GHSA-xvch-5gv4-984h | GHSA-5955-9wpr-37jh | |
|---|---|---|
| 3 | 1 | |
| - | - | |
| - | - | |
| - | - | |
| - | - | |
| - | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GHSA-xvch-5gv4-984h
Posts with mentions or reviews of GHSA-xvch-5gv4-984h.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-29.
-
Milligram CSS: Custom build (with Node.js 18 on Alpine Linux 3.17)
ajv <6.12.3 Severity: moderate Prototype Pollution in Ajv - https://github.com/advisories/GHSA-v88g-cgmw-v5xw fix available via `npm audit fix` node_modules/sass-lint/node_modules/ajv table 3.7.10 - 4.0.2 Depends on vulnerable versions of ajv node_modules/sass-lint/node_modules/table merge <2.1.1 Severity: high Prototype Pollution in merge - https://github.com/advisories/GHSA-7wpw-2hjm-89gp No fix available node_modules/merge sass-lint * Depends on vulnerable versions of eslint Depends on vulnerable versions of gonzales-pe-sl Depends on vulnerable versions of merge node_modules/sass-lint minimist <=1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h No fix available node_modules/gonzales-pe-sl/node_modules/minimist gonzales-pe-sl * Depends on vulnerable versions of minimist node_modules/gonzales-pe-sl shelljs <=0.8.4 Severity: high Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-4rq4-32rv-6wp6 Improper Privilege Management in shelljs - https://github.com/advisories/GHSA-64g7-mvw6-v9qj No fix available node_modules/shelljs eslint 1.4.0 - 4.0.0-rc.0 Depends on vulnerable versions of shelljs node_modules/sass-lint/node_modules/eslint ua-parser-js 0.8.1 - 1.0.32 Severity: high ReDoS Vulnerability in ua-parser-js version - https://github.com/advisories/GHSA-fhg7-m89q-25r3 fix available via `npm audit fix` node_modules/ua-parser-js browser-sync >=2.27.6 Depends on vulnerable versions of ua-parser-js node_modules/browser-sync 10 vulnerabilities (2 moderate, 5 high, 3 critical) To address issues that do not require attention, run: npm audit fix Some issues need review, and may require choosing a different dependency.
-
Bunch of errors and a breaking change trying to install json-server
minimist <=1.2.5 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h Prototype Pollution in minimist - https://github.com/advisories/GHSA-vh95-rmgr-6w4m fix available via npm audit fix --force Will install [email protected], which is a breaking change node_modules/json-server/node_modules/minimist
-
Try to install git repository with Hardhat and got a lot of vulnerabilities
127 packages are looking for funding run `npm fund` for details # npm audit report async 2.0.0 - 2.6.3 Severity: high Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25 No fix available node_modules/ganache-core/node_modules/async ganache-core <=2.1.0-beta.7 || >=2.1.1 Depends on vulnerable versions of async Depends on vulnerable versions of lodash Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.1-dev.37f589d || 4.0.2-dev.0a87072 - 4.0.2-dev.c513a49 || 4.0.3-dev.0c13fb9 - 4.0.3-dev.e7e18f6 || 4.0.5-dev.06c4b26 - 4.0.5-dev.90390a9 Depends on vulnerable versions of @ethereum-waffle/ens Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai ethereum-waffle 2.3.0-istanbul.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle @nomiclabs/hardhat-waffle * Depends on vulnerable versions of ethereum-waffle node_modules/@nomiclabs/hardhat-waffle cross-fetch <=2.2.5 || 3.0.0 - 3.0.5 Severity: moderate Incorrect Authorization in cross-fetch - https://github.com/advisories/GHSA-7gc6-qh9x-w6h8 Depends on vulnerable versions of node-fetch fix available via `npm audit fix` node_modules/ganache-core/node_modules/cross-fetch elliptic <6.5.4 Severity: moderate Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w fix available via `npm audit fix` node_modules/ganache-core/node_modules/elliptic @ethersproject/signing-key <=5.0.9 Depends on vulnerable versions of elliptic node_modules/ganache-core/node_modules/@ethersproject/signing-key got <11.8.5 Severity: moderate Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97 No fix available node_modules/ganache-core/node_modules/got node_modules/ganache-core/node_modules/swarm-js/node_modules/got swarm-js 0.1.1 - 0.1.17 || 0.1.35 - 0.1.40 Depends on vulnerable versions of got node_modules/ganache-core/node_modules/swarm-js web3-bzz <=1.7.4 Depends on vulnerable versions of got Depends on vulnerable versions of underscore node_modules/ganache-core/node_modules/web3-bzz web3 <=1.7.4 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-eth Depends on vulnerable versions of web3-eth-personal Depends on vulnerable versions of web3-net Depends on vulnerable versions of web3-shh Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3 json-schema <0.4.0 Severity: critical json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw fix available via `npm audit fix` node_modules/ganache-core/node_modules/json-schema jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1 Depends on vulnerable versions of json-schema node_modules/ganache-core/node_modules/jsprim lodash <=4.17.20 Severity: high Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9 fix available via `npm audit fix` node_modules/ganache-core/node_modules/lodash minimist <1.2.6 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h fix available via `npm audit fix` node_modules/ganache-core/node_modules/minimist node-fetch <=2.6.6 Severity: high The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g No fix available node_modules/ganache-core/node_modules/fetch-ponyfill/node_modules/node-fetch node_modules/ganache-core/node_modules/node-fetch fetch-ponyfill 1.0.0 - 6.0.2 Depends on vulnerable versions of node-fetch node_modules/ganache-core/node_modules/fetch-ponyfill eth-json-rpc-middleware 1.1.0 - 5.0.2 Depends on vulnerable versions of fetch-ponyfill node_modules/ganache-core/node_modules/eth-json-rpc-middleware eth-json-rpc-infura <=5.0.0 Depends on vulnerable versions of eth-json-rpc-middleware node_modules/ganache-core/node_modules/eth-json-rpc-infura web3-provider-engine 14.0.0 - 15.0.12 Depends on vulnerable versions of eth-json-rpc-infura node_modules/ganache-core/node_modules/web3-provider-engine normalize-url 4.3.0 - 4.5.0 Severity: high ReDoS in normalize-url - https://github.com/advisories/GHSA-px4h-xg32-q955 fix available via `npm audit fix` node_modules/ganache-core/node_modules/normalize-url path-parse <1.0.7 Severity: moderate Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9 fix available via `npm audit fix` node_modules/ganache-core/node_modules/path-parse s imple-get <2.8.2 Severity: high Exposure of Sensitive Information in simple-get - https://github.com/advisories/GHSA-wpg7-2c88-r8xv fix available via `npm audit fix` node_modules/ganache-core/node_modules/simple-get tar <=4.4.17 Severity: high Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw fix available via `npm audit fix` node_modules/ganache-core/node_modules/tar underscore 1.3.2 - 1.12.0 Severity: critical Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq No fix available node_modules/ganache-core/node_modules/underscore web3-core-helpers <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-eth-iban Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-core-helpers web3-core <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-core-requestmanager Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-core web3-eth-ens <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-eth-abi Depends on vulnerable versions of web3-eth-contract Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-ens web3-eth <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-core-subscriptions Depends on vulnerable versions of web3-eth-abi Depends on vulnerable versions of web3-eth-accounts Depends on vulnerable versions of web3-eth-contract Depends on vulnerable versions of web3-eth-ens Depends on vulnerable versions of web3-eth-iban Depends on vulnerable versions of web3-eth-personal Depends on vulnerable versions of web3-net Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth web3-core-method <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-subscriptions Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-core-method web3-net 1.2.0 - 1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-net web3-eth-personal <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-net Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-personal web3-shh <=1.3.5 Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-core-subscriptions Depends on vulnerable versions of web3-net node_modules/ganache-core/node_modules/web3-shh web3-core-subscriptions <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-core-subscriptions web3-eth-contract <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-core-subscriptions Depends on vulnerable versions of web3-eth-abi Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-contract web3-providers-http <=1.0.0 || 1.2.0 - 1.3.5 || 3.0.0-rc.0 - 3.0.0-rc.4 Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-providers-http web3-providers-ipc <=1.3.6-rc.2 || 3.0.0-rc.0 - 3.0.0-rc.5 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-providers-ipc web3-providers-ws <=1.3.6-rc.2 || 3.0.0-rc.0 - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-providers-ws web3-core-requestmanager <=1.3.5 || 3.0.0-rc.0 - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-providers-http Depends on vulnerable versions of web3-providers-ipc Depends on vulnerable versions of web3-providers-ws node_modules/ganache-core/node_modules/web3-core-requestmanager web3-eth-abi <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-abi web3-eth-accounts <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-utils n ode_modules/ganache-core/node_modules/web3-eth-accounts web3-utils 1.0.0-beta.8 - 1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore node_modules/ganache-core/node_modules/web3-utils web3-eth-iban <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-iban ws 5.0.0 - 5.2.2 Severity: moderate ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693 fix available via `npm audit fix` node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ws yargs-parser <=5.0.0 Severity: moderate yargs-parser Vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-p9pc-299p-vxgp No fix available node_modules/@ensdomains/ens/node_modules/yargs-parser yargs 4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1 Depends on vulnerable versions of yargs-parser node_modules/@ensdomains/ens/node_modules/yargs solc 0.3.6 - 0.4.26 Depends on vulnerable versions of yargs node_modules/@ensdomains/ens/node_modules/solc @ensdomains/ens * Depends on vulnerable versions of solc node_modules/@ensdomains/ens @ethereum-waffle/ens <=4.0.1-dev.e7e18f6 || 4.0.3-dev.06c4b26 - 4.0.3-dev.90390a9 Depends on vulnerable versions of @ensdomains/ens node_modules/@ethereum-waffle/ens 51 vulnerabilities (4 low, 12 moderate, 11 high, 24 critical) To address issues that do not require attention, run: npm audit fix Some issues need review, and may require choosing a different dependency.
GHSA-5955-9wpr-37jh
Posts with mentions or reviews of GHSA-5955-9wpr-37jh.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-10-19.
-
Try to install git repository with Hardhat and got a lot of vulnerabilities
127 packages are looking for funding run `npm fund` for details # npm audit report async 2.0.0 - 2.6.3 Severity: high Prototype Pollution in async - https://github.com/advisories/GHSA-fwr7-v2mv-hh25 No fix available node_modules/ganache-core/node_modules/async ganache-core <=2.1.0-beta.7 || >=2.1.1 Depends on vulnerable versions of async Depends on vulnerable versions of lodash Depends on vulnerable versions of web3 Depends on vulnerable versions of web3-provider-engine node_modules/ganache-core @ethereum-waffle/provider <=4.0.1-dev.37f589d || 4.0.2-dev.0a87072 - 4.0.2-dev.c513a49 || 4.0.3-dev.0c13fb9 - 4.0.3-dev.e7e18f6 || 4.0.5-dev.06c4b26 - 4.0.5-dev.90390a9 Depends on vulnerable versions of @ethereum-waffle/ens Depends on vulnerable versions of ganache-core node_modules/@ethereum-waffle/provider @ethereum-waffle/chai 2.5.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/provider node_modules/@ethereum-waffle/chai ethereum-waffle 2.3.0-istanbul.0 - 4.0.0-dev.e3fa452 Depends on vulnerable versions of @ethereum-waffle/chai Depends on vulnerable versions of @ethereum-waffle/provider node_modules/ethereum-waffle @nomiclabs/hardhat-waffle * Depends on vulnerable versions of ethereum-waffle node_modules/@nomiclabs/hardhat-waffle cross-fetch <=2.2.5 || 3.0.0 - 3.0.5 Severity: moderate Incorrect Authorization in cross-fetch - https://github.com/advisories/GHSA-7gc6-qh9x-w6h8 Depends on vulnerable versions of node-fetch fix available via `npm audit fix` node_modules/ganache-core/node_modules/cross-fetch elliptic <6.5.4 Severity: moderate Use of a Broken or Risky Cryptographic Algorithm - https://github.com/advisories/GHSA-r9p9-mrjm-926w fix available via `npm audit fix` node_modules/ganache-core/node_modules/elliptic @ethersproject/signing-key <=5.0.9 Depends on vulnerable versions of elliptic node_modules/ganache-core/node_modules/@ethersproject/signing-key got <11.8.5 Severity: moderate Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97 No fix available node_modules/ganache-core/node_modules/got node_modules/ganache-core/node_modules/swarm-js/node_modules/got swarm-js 0.1.1 - 0.1.17 || 0.1.35 - 0.1.40 Depends on vulnerable versions of got node_modules/ganache-core/node_modules/swarm-js web3-bzz <=1.7.4 Depends on vulnerable versions of got Depends on vulnerable versions of underscore node_modules/ganache-core/node_modules/web3-bzz web3 <=1.7.4 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-bzz Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-eth Depends on vulnerable versions of web3-eth-personal Depends on vulnerable versions of web3-net Depends on vulnerable versions of web3-shh Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3 json-schema <0.4.0 Severity: critical json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw fix available via `npm audit fix` node_modules/ganache-core/node_modules/json-schema jsprim 0.3.0 - 1.4.1 || 2.0.0 - 2.0.1 Depends on vulnerable versions of json-schema node_modules/ganache-core/node_modules/jsprim lodash <=4.17.20 Severity: high Command Injection in lodash - https://github.com/advisories/GHSA-35jh-r3h4-6jhm Regular Expression Denial of Service (ReDoS) in lodash - https://github.com/advisories/GHSA-29mw-wpgm-hmr9 fix available via `npm audit fix` node_modules/ganache-core/node_modules/lodash minimist <1.2.6 Severity: critical Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h fix available via `npm audit fix` node_modules/ganache-core/node_modules/minimist node-fetch <=2.6.6 Severity: high The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g No fix available node_modules/ganache-core/node_modules/fetch-ponyfill/node_modules/node-fetch node_modules/ganache-core/node_modules/node-fetch fetch-ponyfill 1.0.0 - 6.0.2 Depends on vulnerable versions of node-fetch node_modules/ganache-core/node_modules/fetch-ponyfill eth-json-rpc-middleware 1.1.0 - 5.0.2 Depends on vulnerable versions of fetch-ponyfill node_modules/ganache-core/node_modules/eth-json-rpc-middleware eth-json-rpc-infura <=5.0.0 Depends on vulnerable versions of eth-json-rpc-middleware node_modules/ganache-core/node_modules/eth-json-rpc-infura web3-provider-engine 14.0.0 - 15.0.12 Depends on vulnerable versions of eth-json-rpc-infura node_modules/ganache-core/node_modules/web3-provider-engine normalize-url 4.3.0 - 4.5.0 Severity: high ReDoS in normalize-url - https://github.com/advisories/GHSA-px4h-xg32-q955 fix available via `npm audit fix` node_modules/ganache-core/node_modules/normalize-url path-parse <1.0.7 Severity: moderate Regular Expression Denial of Service in path-parse - https://github.com/advisories/GHSA-hj48-42vr-x3v9 fix available via `npm audit fix` node_modules/ganache-core/node_modules/path-parse s imple-get <2.8.2 Severity: high Exposure of Sensitive Information in simple-get - https://github.com/advisories/GHSA-wpg7-2c88-r8xv fix available via `npm audit fix` node_modules/ganache-core/node_modules/simple-get tar <=4.4.17 Severity: high Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization - https://github.com/advisories/GHSA-5955-9wpr-37jh Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-qq89-hq3f-393p Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://github.com/advisories/GHSA-9r2w-394v-53qc Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://github.com/advisories/GHSA-3jfq-g458-7qm9 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://github.com/advisories/GHSA-r628-mhmh-qjhw fix available via `npm audit fix` node_modules/ganache-core/node_modules/tar underscore 1.3.2 - 1.12.0 Severity: critical Arbitrary Code Execution in underscore - https://github.com/advisories/GHSA-cf4h-3jhx-xvhq No fix available node_modules/ganache-core/node_modules/underscore web3-core-helpers <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-eth-iban Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-core-helpers web3-core <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-core-requestmanager Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-core web3-eth-ens <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-eth-abi Depends on vulnerable versions of web3-eth-contract Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-ens web3-eth <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-core-subscriptions Depends on vulnerable versions of web3-eth-abi Depends on vulnerable versions of web3-eth-accounts Depends on vulnerable versions of web3-eth-contract Depends on vulnerable versions of web3-eth-ens Depends on vulnerable versions of web3-eth-iban Depends on vulnerable versions of web3-eth-personal Depends on vulnerable versions of web3-net Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth web3-core-method <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-subscriptions Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-core-method web3-net 1.2.0 - 1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-net web3-eth-personal <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-net Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-personal web3-shh <=1.3.5 Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-core-subscriptions Depends on vulnerable versions of web3-net node_modules/ganache-core/node_modules/web3-shh web3-core-subscriptions <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-core-subscriptions web3-eth-contract <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-core-subscriptions Depends on vulnerable versions of web3-eth-abi Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-contract web3-providers-http <=1.0.0 || 1.2.0 - 1.3.5 || 3.0.0-rc.0 - 3.0.0-rc.4 Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-providers-http web3-providers-ipc <=1.3.6-rc.2 || 3.0.0-rc.0 - 3.0.0-rc.5 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-providers-ipc web3-providers-ws <=1.3.6-rc.2 || 3.0.0-rc.0 - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers node_modules/ganache-core/node_modules/web3-providers-ws web3-core-requestmanager <=1.3.5 || 3.0.0-rc.0 - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-providers-http Depends on vulnerable versions of web3-providers-ipc Depends on vulnerable versions of web3-providers-ws node_modules/ganache-core/node_modules/web3-core-requestmanager web3-eth-abi <=1.3.6-rc.2 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-abi web3-eth-accounts <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore Depends on vulnerable versions of web3-core Depends on vulnerable versions of web3-core-helpers Depends on vulnerable versions of web3-core-method Depends on vulnerable versions of web3-utils n ode_modules/ganache-core/node_modules/web3-eth-accounts web3-utils 1.0.0-beta.8 - 1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of underscore node_modules/ganache-core/node_modules/web3-utils web3-eth-iban <=1.3.5 || 2.0.0-alpha - 3.0.0-rc.4 Depends on vulnerable versions of web3-utils node_modules/ganache-core/node_modules/web3-eth-iban ws 5.0.0 - 5.2.2 Severity: moderate ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693 fix available via `npm audit fix` node_modules/ganache-core/node_modules/web3-provider-engine/node_modules/ws yargs-parser <=5.0.0 Severity: moderate yargs-parser Vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-p9pc-299p-vxgp No fix available node_modules/@ensdomains/ens/node_modules/yargs-parser yargs 4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1 Depends on vulnerable versions of yargs-parser node_modules/@ensdomains/ens/node_modules/yargs solc 0.3.6 - 0.4.26 Depends on vulnerable versions of yargs node_modules/@ensdomains/ens/node_modules/solc @ensdomains/ens * Depends on vulnerable versions of solc node_modules/@ensdomains/ens @ethereum-waffle/ens <=4.0.1-dev.e7e18f6 || 4.0.3-dev.06c4b26 - 4.0.3-dev.90390a9 Depends on vulnerable versions of @ensdomains/ens node_modules/@ethereum-waffle/ens 51 vulnerabilities (4 low, 12 moderate, 11 high, 24 critical) To address issues that do not require attention, run: npm audit fix Some issues need review, and may require choosing a different dependency.
What are some alternatives?
When comparing GHSA-xvch-5gv4-984h and GHSA-5955-9wpr-37jh you can also consider the following projects:
GHSA-35jh-r3h4-6jhm
GHSA-cf4h-3jhx-xvhq
GHSA-9r2w-394v-53qc
GHSA-r9p9-mrjm-926w
GHSA-f9cm-p3w6-xvr3
DEX-Arbitrage - Example arbitrage trading bot
GHSA-fwr7-v2mv-hh25
GHSA-7gc6-qh9x-w6h8
GHSA-3jfq-g458-7qm9
GHSA-xvch-5gv4-984h vs GHSA-35jh-r3h4-6jhm
GHSA-5955-9wpr-37jh vs GHSA-cf4h-3jhx-xvhq
GHSA-xvch-5gv4-984h vs GHSA-9r2w-394v-53qc
GHSA-5955-9wpr-37jh vs GHSA-r9p9-mrjm-926w
GHSA-xvch-5gv4-984h vs GHSA-f9cm-p3w6-xvr3
GHSA-5955-9wpr-37jh vs DEX-Arbitrage
GHSA-xvch-5gv4-984h vs GHSA-fwr7-v2mv-hh25
GHSA-5955-9wpr-37jh vs GHSA-fwr7-v2mv-hh25
GHSA-xvch-5gv4-984h vs GHSA-7gc6-qh9x-w6h8
GHSA-5955-9wpr-37jh vs GHSA-7gc6-qh9x-w6h8
GHSA-xvch-5gv4-984h vs GHSA-r9p9-mrjm-926w
GHSA-5955-9wpr-37jh vs GHSA-3jfq-g458-7qm9