Snyk released a JavaScript framework for security 2019 annual report (PDF), in addition to the most popular Angular JS framework and React, the report also observed three other popular JS front-end framework Vue.js, Bootstrap and jQuery security vulnerabilities.
jQuery downloads in the past 12 months, more than 120 million times, is Vue.js of 40 million and 79 million, followed by Bootstrap and. Vue.js found four vulnerabilities have been fixed.
Bootstrap found 7 cross-site scripting vulnerabilities, three were disclosed in 2019, no security fixes. jQuery found six security vulnerabilities affect all versions of the four is a medium risk level of cross-site scripting vulnerabilities, one is in danger Prototype Pollution vulnerability, there is a low risk denial of service vulnerability.
jQuery 3.4.0 or later is not vulnerability. jQuery ecosystem also found a number of malicious expansion pack, which includes jquery.js, jquery-airload, github-jquery-widgets, jquery-mobile, jquery-file-upload and jquery-colorbox, download these packages over the past year amounts ranging from several hundred to several thousand.