Advisories for Npm/Forms package

2021

Regular Expression Denial of Service (ReDoS)

The forms package is vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.

2018

Cross-site Scripting

The forms package does not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to XSS.

2017

XSS Vulnerability

Forms did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting