Homepage

step-issuer

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the step-issuer package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
GHSA-4279-q6mj-392r

<0.10.2-r16
  • L
GHSA-h3gm-q7m7-mp28

<0.10.2-r16
  • L
CVE-2026-42507

<0.10.2-r16
  • L
GHSA-h524-452v-82p9

<0.10.2-r16
  • L
CVE-2026-42504

<0.10.2-r16
  • L
CVE-2026-27145

<0.10.2-r16
  • L
GHSA-cg87-vwwh-xvgj

<0.10.2-r15
  • L
Cross-site Scripting (XSS)

<0.10.2-r15
  • L
GHSA-wrh2-89vg-4j9g

<0.10.2-r15
  • L
Improper Restriction of Rendered UI Layers or Frames

<0.10.2-r15
  • L
GHSA-5cv4-jp36-h3mw

<0.10.2-r15
  • L
GHSA-w9p8-pvxh-rxpj

<0.10.2-r15
  • L
Resource Exhaustion

<0.10.2-r15
  • L
Improper Restriction of Rendered UI Layers or Frames

<0.10.2-r15
  • L
Improper Restriction of Rendered UI Layers or Frames

<0.10.2-r15
  • L
GHSA-m9x8-m34x-fj9q

<0.10.2-r15
  • L
Missing Authorization

<0.10.2-r14
  • L
Improper Verification of Cryptographic Signature

<0.10.2-r14
  • L
Deserialization of Untrusted Data

<0.10.2-r14
  • L
Incorrect Type Conversion or Cast

<0.10.2-r14
  • L
Integer Overflow or Wraparound

<0.10.2-r14
  • L
CVE-2026-42501

<0.10.2-r10
  • H
Loop with Unreachable Exit Condition ('Infinite Loop')

<0.10.2-r10
  • M
Out-of-bounds Write

<0.10.2-r10
  • L
GHSA-2283-wf8c-rw8r

<0.10.2-r10
  • H
Double Free

<0.10.2-r10
  • L
GHSA-qf3q-3h68-mmh2

<0.10.2-r10
  • L
GHSA-497x-jcxf-m478

<0.10.2-r10
  • L
GHSA-8g2r-hhvj-mv99

<0.10.2-r10
  • H
NULL Pointer Dereference

<0.10.2-r10
  • M
Link Following

<0.10.2-r10
  • L
GHSA-3v2c-x6q9-f697

<0.10.2-r10
  • L
Improper Encoding or Escaping of Output

<0.10.2-r10
  • L
Cross-site Scripting (XSS)

<0.10.2-r10
  • L
GHSA-5m4p-2gjx-p2g8

<0.10.2-r10
  • L
GHSA-qc64-m6c2-v4x7

<0.10.2-r10
  • C
SQL Injection

<0.10.2-r7
  • L
GHSA-mh2q-q3fh-2475

<0.10.2-r8
  • L
Allocation of Resources Without Limits or Throttling

<0.10.2-r8
  • L
GHSA-j88v-2chj-qfwx

<0.10.2-r7
  • L
GHSA-jrg3-gfjw-hm96

<0.10.2-r15
  • L
GHSA-5w89-2c2x-6x66

<0.10.2-r15
  • M
Cross-site Scripting (XSS)

<0.10.2-r15
  • H
Incorrect Authorization

<0.10.2-r15
  • H
Improper Certificate Validation

<0.10.2-r15
  • H
Allocation of Resources Without Limits or Throttling

<0.10.2-r15
  • L
GHSA-gjvh-7jh8-7xhm

<0.10.2-r15
  • L
GHSA-7mr4-xjxg-34g6

<0.10.2-r15
  • L
CVE-2026-32280

<0.10.2-r15
  • L
GHSA-m4pr-4j3g-9v7v

<0.10.2-r15
  • L
GHSA-78h2-9frx-2jm8

<0.10.2-r5
  • L
Uncaught Exception

<0.10.2-r5
  • L
GHSA-69x3-g4r3-p962

<0.10.1-r0
  • H
Improper Verification of Cryptographic Signature

<0.10.1-r0
  • L
Improper Authorization

<0.9.11-r8
  • L
GHSA-p77j-4mvh-x3m3

<0.9.11-r8
  • L
GHSA-j4j7-vw47-rhfq

<0.9.11-r7
  • L
GHSA-rv83-g57w-fr8j

<0.9.11-r7
  • L
Direct Request ('Forced Browsing')

<0.9.11-r7
  • L
Directory Traversal

<0.9.11-r7
  • L
GHSA-j3gx-2473-5fp8

<0.9.11-r7
  • L
Cross-site Scripting (XSS)

<0.9.11-r7
  • L
Race Condition

<0.9.9-r2
  • L
CVE-2024-34155

<0.9.3-r1
  • L
CVE-2025-22866

<0.9.7-r2
  • L
CVE-2024-34158

<0.9.3-r1
  • L
GHSA-vrw8-fxc6-2r93

<0.9.8-r5
  • L
GHSA-3whm-j4xm-rv8x

<0.9.7-r2
  • L
GHSA-v778-237x-gjrc

<0.9.6-r1
  • L
CVE-2024-45337

<0.9.6-r1
  • L
GHSA-6f52-wpx2-hvf2

<0.9.8-r3
  • L
CVE-2025-4673

<0.9.8-r3
  • L
CVE-2025-22874

<0.9.8-r3
  • L
CVE-2024-45339

<0.9.7-r1
  • M
Improper Validation of Array Index

<0.9.11-r2
  • M
Improper Input Validation

<0.9.6-r0
  • L
GHSA-62jj-gr2r-5c34

<0.9.8-r3
  • L
GHSA-r4pg-vg54-wxx4

<0.9.6-r0
  • L
GHSA-6wxm-mpqj-6jpf

<0.9.7-r1
  • L
CVE-2025-22871

<0.9.8-r1
  • L
Allocation of Resources Without Limits or Throttling

<0.9.7-r3
  • L
Unprotected Alternate Channel

<0.9.9-r3
  • L
GHSA-w32m-9786-jp63

<0.9.6-r2
  • C
CVE-2025-68121

<0.9.11-r3
  • L
GHSA-j5pm-7495-qmr3

<0.9.9-r2
  • L
GHSA-h355-32pf-p2xm

<0.9.11-r3
  • L
GHSA-g9pc-8g42-g6vq

<0.9.8-r1
  • L
CVE-2024-45338

<0.9.6-r2
  • L
CVE-2025-61732

<0.9.11-r3
  • L
CVE-2025-22872

<0.9.8-r2
  • L
GHSA-crqm-pwhx-j97f

<0.9.3-r1
  • L
GHSA-6v2p-p543-phr9

<0.9.7-r6
  • L
GHSA-8xfx-rj4p-23jm

<0.9.3-r1
  • L
CVE-2025-22868

<0.9.7-r6
  • L
GHSA-gx3x-vq4p-mhhv

<0.9.11-r2
  • L
GHSA-vvgc-356p-c3xw

<0.9.8-r2
  • L
GHSA-c6gw-w398-hv78

<0.9.7-r3
  • L
GHSA-j7vj-rw65-4v26

<0.9.3-r1
  • L
Improper Initialization

<0.9.11-r4
  • L
CVE-2024-34156

<0.9.3-r1
  • M
Open Redirect

<0.9.8-r0
  • L
GHSA-8jvr-vh7g-f8gx

<0.9.11-r3
  • L
GHSA-ghw8-3xqw-hhcj

<0.9.6-r0
  • L
GHSA-33c5-9fx5-fvjm

<0.9.8-r0
  • L
GHSA-qxp5-gwg8-xv66

<0.9.7-r7
  • L
GHSA-x6fh-7qmf-69xh

<0.9.9-r3
  • L
GHSA-fw7p-63qq-7hpr

<0.9.11-r4
  • L
CVE-2025-22870

<0.9.7-r7
  • L
GHSA-hcg3-q754-cr77

<0.9.7-r5
  • L
CVE-2025-22869

<0.9.7-r5
  • L
CVE-2024-24791

<0.9.2-r1
  • M
CVE-2024-24789

<0.9.1-r5
  • C
CVE-2024-24790

<0.9.1-r5
  • L
CVE-2023-45288

<0.9.1-r2