npm
4,198 tracked vulnerabilities.
CVE-2022-1233
MEDIUM
URI.js <1.19.11 - URL Confusion When Scheme Is Missing
Apr 04, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-24814
HIGH
Directus < 9.7.0 - Stored Cross-Site Scripting via Rich Text HTML Interface
Apr 04, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-24785
HIGH
Moment.js 1.0.1-2.29.1 - Path Traversal via Locale Switching
Apr 04, 2022
CVSS 7.5
EPSS 0.06
CVE-2022-24066
HIGH
simple-git <3.5.0 - Command Injection
Apr 01, 2022
CVSS 8.1
EPSS 0.04
CVE-2022-24802
HIGH
deepmerge-ts < 4.0.2 - Prototype Pollution via defaultMergeRecords Function
Apr 01, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-24794
HIGH
auth0 express_openid_connect < 2.7.2 - Open Redirect via Unsanitized Original URL
Mar 31, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-0350
MEDIUM
GitHub vanessa219/vditor <3.8.13 - XSS
Mar 31, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-26260
CRITICAL
Simple-Plist <1.3.0 - Info Disclosure
Mar 22, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-21718
LOW
Electron < 13.6.6 - Unauthenticated Bluetooth Device Access via Web Bluetooth API
Mar 22, 2022
CVSS 3.4
EPSS 0.01
CVE-2022-26183
HIGH
pnpm < 6.15.1 - Untrusted Search Path on Windows
Mar 21, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-25766
HIGH
ungit < 1.5.20 - Remote Code Execution via Git Fetch Argument Injection
Mar 21, 2022
CVSS 8.8
EPSS 0.34
CVE-2022-24773
MEDIUM
Forge < 1.3.0 - Improper Verification of Cryptographic Signature
Mar 18, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-24772
HIGH
forge < 1.3.0 - Improper Verification of Cryptographic Signature via PKCS#1 v1.5 Padding
Mar 18, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-24771
HIGH
forge < 1.3.0 - Improper Verification of Cryptographic Signature
Mar 18, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25760
HIGH
accesslog - Arbitrary Code Injection via Format Option
Mar 17, 2022
CVSS 7.1
EPSS 0.02
CVE-2022-25354
HIGH
set-in < 2.0.3 - Prototype Pollution via setIn Method
Mar 17, 2022
CVSS 8.6
EPSS 0.02
CVE-2022-25352
HIGH
libnested < 1.5.2 - Prototype Pollution via set Function
Mar 17, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25296
MEDIUM
bodymen < 1.1.1 - Prototype Pollution via Handler Function
Mar 17, 2022
CVSS 6.3
EPSS 0.01
CVE-2022-0748
CRITICAL
post-loader < 2.0.0 - Remote Code Execution via Markdown Parser
Mar 17, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-24728
MEDIUM
CKEditor 4 < 4.18.0 - Stored Cross-Site Scripting via HTML Sanitization Bypass
Mar 16, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-23812
CRITICAL
node-ipc 10.1.1-10.1.3 - Malicious Code Execution via Geo-Location Check
Mar 16, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-21164
LOW
node-lmdb < 0.9.7 - Denial of Service via Non-Invokable ToString Value
Mar 16, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-24762
MEDIUM
sysend.js < 1.10.0 - Origin Validation Error
Mar 14, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-0341
MEDIUM
vditor < 3.8.12 - Stored Cross-Site Scripting
Mar 14, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-24760
CRITICAL
Parse Server < 4.10.7 - Remote Code Execution via Prototype Pollution in DatabaseController.js
Mar 12, 2022
CVSS 10.0
EPSS 0.49
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters