Shiba Project : Security Vulnerabilities, CVEs,
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
Max CVSS
8.3
EPSS Score
0.11%
Published
2020-10-02
Updated
2020-10-06
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
Max CVSS
6.1
EPSS Score
0.07%
Published
2018-01-03
Updated
2018-01-16
2 vulnerabilities found