{"id":1782531,"name":"gnuplot","ecosystem":"npm","description":"node gnuplot wrapper","homepage":"https://github.com/davvo/node-gnuplot","licenses":"ISC","normalized_licenses":["ISC"],"repository_url":"https://github.com/davvo/node-gnuplot","keywords_array":["gnuplot","plot"],"namespace":null,"versions_count":5,"first_release_published_at":"2014-04-25T19:55:35.692Z","latest_release_published_at":"2016-02-03T08:44:44.411Z","latest_release_number":"0.3.1","last_synced_at":"2026-04-20T20:14:52.313Z","created_at":"2022-04-09T16:30:29.635Z","updated_at":"2026-04-21T10:16:03.108Z","registry_url":"https://www.npmjs.com/package/gnuplot","install_command":"npm install gnuplot","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"0.3.1"}},"repo_metadata":{"id":16300753,"uuid":"19049479","full_name":"davvo/node-gnuplot","owner":"davvo","description":"A thin wrapper around gnuplot for node.js","archived":false,"fork":false,"pushed_at":"2016-02-03T08:44:34.000Z","size":11,"stargazers_count":28,"open_issues_count":3,"forks_count":4,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-08-09T07:19:42.303Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davvo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-04-22T23:00:27.000Z","updated_at":"2024-04-16T22:36:36.000Z","dependencies_parsed_at":"2022-09-14T22:11:11.010Z","dependency_job_id":null,"html_url":"https://github.com/davvo/node-gnuplot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/davvo/node-gnuplot","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davvo%2Fnode-gnuplot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davvo%2Fnode-gnuplot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davvo%2Fnode-gnuplot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davvo%2Fnode-gnuplot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davvo","download_url":"https://codeload.github.com/davvo/node-gnuplot/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davvo%2Fnode-gnuplot/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270932641,"owners_count":24670246,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-17T02:00:09.016Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"davvo","name":"David Ershag","uuid":"1006096","kind":"user","description":null,"email":"","website":null,"location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/1006096?v=4","repositories_count":45,"last_synced_at":"2024-04-15T11:36:17.506Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/davvo","funding_links":[],"total_stars":54,"followers":9,"following":3,"created_at":"2022-11-03T12:44:23.735Z","updated_at":"2024-04-15T11:36:30.681Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davvo","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davvo/repositories"},"tags":[]},"repo_metadata_updated_at":"2026-04-18T19:13:12.156Z","dependent_packages_count":10,"downloads":49191,"downloads_period":"last-month","dependent_repos_count":15,"rankings":{"downloads":1.5988626421697287,"dependent_repos_count":3.0920873300137193,"dependent_packages_count":2.0608394512766424,"stargazers_count":7.130672202097829,"forks_count":8.203844383864054,"docker_downloads_count":null,"average":4.417261201884394},"purl":"pkg:npm/gnuplot","advisories":[{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmd2MteGpmcC00NGpn","url":"https://github.com/advisories/GHSA-cfwc-xjfp-44jg","title":"Command Injection in gnuplot","description":"All versions of `gnuplot` are vulnerable to Command Injection. The package fails to sanitize plot titles, which may allow attackers to execute arbitrary code in the system if the title value is supplied by a user. The following proof-of-concept creates a `testing` file in the current directory:\n\n```\nvar gnuplot = require('gnuplot');\n\nconst title = '\"\\nset title system(\"touch testing\")\\n#';\n\ngnuplot()\n.set('term png')\n.set('output \"out.png\"')\n.set(`title \"${title}\"`)\n.set('xrange [-10:10]')\n.set('yrange [-2:2]')\n.set('zeroaxis')\n.plot('(x/4)**2, sin(x), 1/x')\n.end();\n```\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2020-09-04T17:19:48.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://www.npmjs.com/advisories/1440","https://github.com/advisories/GHSA-cfwc-xjfp-44jg"],"source_kind":"github","identifiers":["GHSA-cfwc-xjfp-44jg"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:13:14.638Z","updated_at":"2026-04-21T10:11:38.315Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmd2MteGpmcC00NGpn","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmd2MteGpmcC00NGpn","packages":[{"ecosystem":"npm","package_name":"gnuplot","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003e= 0.0.0"}],"purl":"pkg:npm/gnuplot"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmd2MteGpmcC00NGpn/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/gnuplot","docker_dependents_count":null,"docker_downloads_count":null,"usage_url":"https://repos.ecosyste.ms/usage/npm/gnuplot","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/gnuplot/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":{"last_synced_at":"2025-08-10T11:07:36.029Z","issues_count":6,"pull_requests_count":1,"avg_time_to_close_issue":5495805.333333333,"avg_time_to_close_pull_request":162150.0,"issues_closed_count":3,"pull_requests_closed_count":1,"pull_request_authors_count":1,"issue_authors_count":6,"avg_comments_per_issue":0.5,"avg_comments_per_pull_request":0.0,"merged_pull_requests_count":1,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":0,"past_year_pull_requests_count":0,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":0,"past_year_pull_request_authors_count":0,"past_year_issue_authors_count":0,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":null,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/davvo%2Fnode-gnuplot/issues","maintainers":[],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/gnuplot/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/gnuplot/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/gnuplot/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/gnuplot/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/gnuplot/codemeta","maintainers":[{"uuid":"davvo","login":"davvo","name":null,"email":"david.ershag@gmail.com","url":null,"packages_count":53,"html_url":"https://www.npmjs.com/~davvo","role":null,"created_at":"2022-11-12T13:50:08.415Z","updated_at":"2022-11-12T13:50:08.415Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/davvo/packages"}]}