Below is the roundup of our recent security updates, visit our site to find the full list of vulnerability disclosures.
- MED: Regular Expression Denial of Service (ReDoS) in djvalidator (npm)| Discovered by Yeting Li - 2020-11-19
- MED: Cross-site Scripting (XSS) in markdown-it-prism (npm) | Discovered by catnose99 - 2020-11-16
- MED: Cross-site Scripting (XSS) in markdown-it-highlightjs (npm) | CVE-2020-7773 | Discovered by ooooooo_q - 2020-11-16
- HIGH: Prototype Pollution in doc-path (npm) | CVE-2020-7772 | Discovered by Alessio Della Libera (d3lla) - 2020-11-15
Big thanks to all of the security researchers who help us make software more secure one day and one package at a time.
If you have found a security vulnerability you are welcome to report them to us here.