npm

4,199 tracked vulnerabilities.

CVE-2022-24760 CRITICAL
Parse Server < 4.10.7 - Remote Code Execution via Prototype Pollution in DatabaseController.js
Mar 12, 2022
CVSS 10.0
EPSS 0.49
CVE-2022-25839 MEDIUM
url-js < 2.1.0 - Hostname Spoofing via Improper Input Validation
Mar 11, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-24433 HIGH
simple-git <3.3.0 - Command Injection
Mar 11, 2022
CVSS 8.1
EPSS 0.04
CVE-2022-0868 MEDIUM
uri.js < 1.19.10 - Open Redirect
Mar 06, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-24725 MEDIUM
shescape 1.4.0-1.5.1 - Home Directory Exposure via Interpolation Option in Bash
Mar 03, 2022
CVSS 6.2
EPSS 0.00
CVE-2022-24723 MEDIUM
URI.js <1.19.9 - URL Parsing Confusion via Leading Whitespace
Mar 03, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-0841 CRITICAL
npm-lockfile 2.0.3-2.0.4 - OS Command Injection
Mar 03, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-24719 LOW
Fluture-Node 4.0.0/1 - Info Disclosure
Mar 01, 2022
CVSS 2.6
EPSS 0.01
CVE-2022-0776 MEDIUM NUCLEI
GitHub hakimel/reveal.js <4.3.0 - XSS
Mar 01, 2022
CVSS 6.1
EPSS 0.04
CVE-2022-0764 MEDIUM
strapi/strapi <4.1.0 - Command Injection
Feb 26, 2022
CVSS 6.7
EPSS 0.01
CVE-2022-0654 HIGH
GitHub fgribreau/node-request-retry <7.0.0 - Info Disclosure
Feb 23, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-0691 CRITICAL
url-parse < 1.5.9 - Authorization Bypass Through User-Controlled Key
Feb 21, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-0686 CRITICAL
url-parse < 1.5.8 - Authorization Bypass Through User-Controlled Key
Feb 20, 2022
CVSS 9.1
EPSS 0.02
CVE-2022-23647 HIGH
Prism 1.14.0-1.26.0 - Cross-Site Scripting via Command Line Plugin
Feb 18, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23646 MEDIUM
Next.js 10.0.0-12.0.9 - User Interface Misrepresentation via SVG Image Host Configuration
Feb 17, 2022
CVSS 5.9
EPSS 0.02
CVE-2022-22912 CRITICAL
plist < 3.0.4 - Prototype Pollution via .parse()
Feb 17, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-0639 MEDIUM
url-parse < 1.5.7 - Authorization Bypass Through User-Controlled Key
Feb 17, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-0613 MEDIUM
uri.js < 1.19.8 - Authorization Bypass Through User-Controlled Key
Feb 16, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-0512 MEDIUM
url-parse < 1.5.6 - Authorization Bypass Through User-Controlled Key
Feb 14, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-23631 CRITICAL
blitzjs superjson < 1.8.1 - Unauthenticated Remote Code Execution via Prototype Pollution
Feb 09, 2022
CVSS 9.0
EPSS 0.02
CVE-2022-0536 LOW
NPM follow-redirects <1.14.8 - Info Disclosure
Feb 09, 2022
CVSS 2.6
EPSS 0.01
CVE-2022-23340 CRITICAL
Joplin 2.6.10 - Remote Code Execution via User Search Results
Feb 08, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-23624 HIGH
frourio-express < 0.26.0 - Improper Input Validation via Class-Validator Integration
Feb 07, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-23623 HIGH
frourio < 0.26.0 - Improper Input Validation in class-validator Integration
Feb 07, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-0437 MEDIUM NUCLEI
karma < 6.3.14 - DOM-based Cross-Site Scripting
Feb 05, 2022
CVSS 6.1
EPSS 0.15