VulnerableCode Package Details - pkg:npm/droppy@1.6.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/droppy@1.6.2

Essentials
History (3)

purl	pkg:npm/droppy@1.6.2

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-sdtz-wuvr-jfdj Aliases: GMS-2016-19	No CSRF Validation Droppy does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the currently logged in user. For example this means the malicious user could add a new admin account under his control and delete others.	3.5.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-wp9m-gax9-syck Aliases: CVE-2016-10529 GHSA-rhvc-x32h-5526	No CSRF Validation in droppy	3.5.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-xr2b-ymsv-sbbq Aliases: CVE-2020-7757 GHSA-grv5-w5vr-8h98		There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T17:29:22.717637+00:00	GitLab Importer	Affected by	VCID-xr2b-ymsv-sbbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/droppy/CVE-2020-7757.yml	38.6.0
2026-06-12T17:08:42.711723+00:00	GitLab Importer	Affected by	VCID-wp9m-gax9-syck	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/droppy/CVE-2016-10529.yml	38.6.0
2026-06-12T16:49:45.524242+00:00	GitLab Importer	Affected by	VCID-sdtz-wuvr-jfdj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/droppy/GMS-2016-19.yml	38.6.0