Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/fullpage.js@4.0.2
purl pkg:npm/fullpage.js@4.0.2
Next non-vulnerable version 4.0.5
Latest non-vulnerable version 4.0.5
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-p33g-gdz7-q7hy
Aliases:
CVE-2022-1330
GHSA-h3cq-j957-vhxg
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .
4.0.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-vw21-dhaj-6qg4 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2. CVE-2022-1295
GHSA-vpgw-ffh3-648h

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T06:35:39.544022+00:00 GitLab Importer Affected by VCID-p33g-gdz7-q7hy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/fullpage.js/CVE-2022-1330.yml 38.6.0
2026-05-31T11:20:36.478193+00:00 GithubOSV Importer Fixing VCID-vw21-dhaj-6qg4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-vpgw-ffh3-648h/GHSA-vpgw-ffh3-648h.json 38.6.0
2026-05-31T00:55:48.751427+00:00 GHSA Importer Fixing VCID-vw21-dhaj-6qg4 https://github.com/advisories/GHSA-vpgw-ffh3-648h 38.6.0
2026-05-30T20:57:37.745296+00:00 GitLab Importer Fixing VCID-vw21-dhaj-6qg4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/fullpage.js/CVE-2022-1295.yml 38.6.0