npm
4,199 tracked vulnerabilities.
CVE-2022-24760
CRITICAL
Parse Server < 4.10.7 - Remote Code Execution via Prototype Pollution in DatabaseController.js
Mar 12, 2022
CVSS 10.0
EPSS 0.49
CVE-2022-25839
MEDIUM
url-js < 2.1.0 - Hostname Spoofing via Improper Input Validation
Mar 11, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-24433
HIGH
simple-git <3.3.0 - Command Injection
Mar 11, 2022
CVSS 8.1
EPSS 0.04
CVE-2022-0868
MEDIUM
uri.js < 1.19.10 - Open Redirect
Mar 06, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-24725
MEDIUM
shescape 1.4.0-1.5.1 - Home Directory Exposure via Interpolation Option in Bash
Mar 03, 2022
CVSS 6.2
EPSS 0.00
CVE-2022-24723
MEDIUM
URI.js <1.19.9 - URL Parsing Confusion via Leading Whitespace
Mar 03, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-0841
CRITICAL
npm-lockfile 2.0.3-2.0.4 - OS Command Injection
Mar 03, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-24719
LOW
Fluture-Node 4.0.0/1 - Info Disclosure
Mar 01, 2022
CVSS 2.6
EPSS 0.01
CVE-2022-0776
MEDIUM
NUCLEI
GitHub hakimel/reveal.js <4.3.0 - XSS
Mar 01, 2022
CVSS 6.1
EPSS 0.04
CVE-2022-0764
MEDIUM
strapi/strapi <4.1.0 - Command Injection
Feb 26, 2022
CVSS 6.7
EPSS 0.01
CVE-2022-0654
HIGH
GitHub fgribreau/node-request-retry <7.0.0 - Info Disclosure
Feb 23, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-0691
CRITICAL
url-parse < 1.5.9 - Authorization Bypass Through User-Controlled Key
Feb 21, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-0686
CRITICAL
url-parse < 1.5.8 - Authorization Bypass Through User-Controlled Key
Feb 20, 2022
CVSS 9.1
EPSS 0.02
CVE-2022-23647
HIGH
Prism 1.14.0-1.26.0 - Cross-Site Scripting via Command Line Plugin
Feb 18, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23646
MEDIUM
Next.js 10.0.0-12.0.9 - User Interface Misrepresentation via SVG Image Host Configuration
Feb 17, 2022
CVSS 5.9
EPSS 0.02
CVE-2022-22912
CRITICAL
plist < 3.0.4 - Prototype Pollution via .parse()
Feb 17, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-0639
MEDIUM
url-parse < 1.5.7 - Authorization Bypass Through User-Controlled Key
Feb 17, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-0613
MEDIUM
uri.js < 1.19.8 - Authorization Bypass Through User-Controlled Key
Feb 16, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-0512
MEDIUM
url-parse < 1.5.6 - Authorization Bypass Through User-Controlled Key
Feb 14, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-23631
CRITICAL
blitzjs superjson < 1.8.1 - Unauthenticated Remote Code Execution via Prototype Pollution
Feb 09, 2022
CVSS 9.0
EPSS 0.02
CVE-2022-0536
LOW
NPM follow-redirects <1.14.8 - Info Disclosure
Feb 09, 2022
CVSS 2.6
EPSS 0.01
CVE-2022-23340
CRITICAL
Joplin 2.6.10 - Remote Code Execution via User Search Results
Feb 08, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-23624
HIGH
frourio-express < 0.26.0 - Improper Input Validation via Class-Validator Integration
Feb 07, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-23623
HIGH
frourio < 0.26.0 - Improper Input Validation in class-validator Integration
Feb 07, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-0437
MEDIUM
NUCLEI
karma < 6.3.14 - DOM-based Cross-Site Scripting
Feb 05, 2022
CVSS 6.1
EPSS 0.15
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters