Top 8 JavaScript Vulnerability Projects

Retire.js

3 3,536 8.8 JavaScript

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

Project mention: Understanding security in React Native applications | dev.to | 2024-04-03

Retire.js

awesome-nodejs-security

3 2,585 6.4 JavaScript

Awesome Node.js Security resources

Project mention: Using insecure npm package manager defaults to steal your macOS keyboard shortcuts | dev.to | 2023-06-29

Many other JavaScript and Node.js security incidents are curated on the Awesome Node.js Security repository.

SurveyJS

surveyjs.io featured

Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
pwndoc

11 2,064 4.4 JavaScript

Pentest Report Generator
is-website-vulnerable

2 1,909 2.9 JavaScript

finds publicly known security vulnerabilities in a website's frontend JavaScript libraries
npq

4 863 7.7 JavaScript

🎖safely* install packages with npm or yarn by auditing them as part of your install process

Project mention: I wish more developers understood the constant stream of malware that is posted to npm | /r/node | 2023-06-25

You might also want to look at npq which is an open source project that helps you proactively defend against potentially bad (malicious) npm packages before installing them.

sandworm-audit

6 464 8.4 JavaScript

Security & License Compliance For Your App's Dependencies 🪱

Project mention: Anyone else’s project use so many deprecated packages | /r/node | 2023-06-08

use https://github.com/sandworm-hq/sandworm-audit. if u run it for your app the deprecated libraries will show up in the list of issues found (contributor)

scan-action

2 189 7.9 JavaScript

Anchore container analysis and scan provided as a GitHub Action
InfluxDB

www.influxdata.com featured

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
CVEAggregate

2 27 7.3 JavaScript

Build a CVE library with aggregated CISA, EPSS and CVSS data

Project mention: CVEAggregate: Build a CVE library with aggregated CISA, EPSS and CVSS data | /r/blueteamsec | 2023-09-03

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

JavaScript Vulnerabilities related posts

SQL Injection Isn't Dead Yet

2 projects | dev.to | 15 Apr 2024
Best practices for effective attack surface analysis

2 projects | dev.to | 19 Jul 2023
Tools Used to Test and Detect Application Security Vulnerabilities

2 projects | dev.to | 23 Feb 2023
📦 Everything you need to know: package managers

9 projects | dev.to | 2 Nov 2022
How useful is CVSS Score in CVE triage - The CVSS who cried wolf

2 projects | /r/blueteamsec | 12 Aug 2022
🛡️ Docker image security scan automation with GH issues

1 project | dev.to | 23 Jun 2022
Retire.js

1 project | /r/devopspro | 22 Feb 2022
A note from our sponsor - InfluxDB
www.influxdata.com | 20 May 2024

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →