npm
4,199 tracked vulnerabilities.
CVE-2022-0401
CRITICAL
w-zip < 1.0.12 - Path Traversal
Feb 01, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-21721
MEDIUM
Next.js 12.0.0-12.0.8 - Denial of Service via i18n Functionality
Jan 28, 2022
CVSS 5.9
EPSS 0.02
CVE-2022-0355
HIGH
NPM simple-get <4.0.1 - Info Disclosure
Jan 26, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-21704
MEDIUM
log4js < 6.4.0 - Incorrect Default Permissions in Log File Creation
Jan 19, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-0235
MEDIUM
node-fetch < 2.6.7 and >=3.0.0 <3.1.1 - Open Redirect via URL Validation Bypass
Jan 16, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-21681
HIGH
marked < 4.0.10 - Denial of Service via Catastrophic Backtracking in ReflinkSearch Regex
Jan 14, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-21680
HIGH
marked < 4.0.10 - Regular Expression Denial of Service via Catastrophic Backtracking
Jan 14, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-21676
HIGH
Engine.IO 4.0.0-4.1.1, 5.0.0-5.2.0, 6.0.0-6.1.0 - Denial of Service via Crafted HTTP Request
Jan 12, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-0144
HIGH
shelljs < 0.8.5 - Improper Privilege Management
Jan 11, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-21670
MEDIUM
markdown-it <1.3.2 - Info Disclosure
Jan 10, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-0155
MEDIUM
follow-redirects < 1.14.7 - Exposure of Private Personal Information to an Unauthorized Actor
Jan 10, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-0122
MEDIUM
forge < 1.0.0 - URL Redirection to Untrusted Site
Jan 06, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-4435
HIGH
Yarn < 1.22.13 - Untrusted Search Path Execution via Directory Content
Feb 04, 2024
CVSS 7.7
EPSS 0.00
CVE-2021-32050
MEDIUM
MongoDB Drivers - Sensitive Information Exposure via Command Listener Event Publication
Aug 29, 2023
CVSS 4.2
EPSS 0.00
CVE-2021-29057
MEDIUM
node-worker-threads-pool 1.4.3 - Denial of Service via StaticPool Resource Consumption
Aug 11, 2023
CVSS 6.5
EPSS 0.01
CVE-2021-27524
MEDIUM
margox braft-editor 2.3.8 - Cross-Site Scripting via Embed Media Feature
Aug 11, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-26505
CRITICAL
hello.js 1.18.6 - Prototype Pollution via hello.utils.extend
Aug 11, 2023
CVSS 9.8
EPSS 0.01
CVE-2021-4329
MEDIUM
json-logic-js 2.0.0 - Command Injection
Mar 05, 2023
CVSS 5.5
EPSS 0.02
CVE-2021-32860
MEDIUM
izimodal < 1.6.1 - Cross-Site Scripting via Untrusted Modal Title
Feb 21, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-32859
MEDIUM
baremetrics/date_range_picker < 1.0.14 - Cross-Site Scripting via Placeholder Parameter
Feb 21, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-32855
MEDIUM
Vditor < 3.8.7 - Cross-Site Scripting via Copy-Paste
Feb 21, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-32854
MEDIUM
textangular < 1.5.16 - Cross-Site Scripting via Copy-Paste
Feb 21, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-32853
MEDIUM
NUCLEI
erxes < 0.22.3 - Cross-Site Scripting via Widget Renderer
Feb 20, 2023
CVSS 6.1
EPSS 0.03
CVE-2021-32851
MEDIUM
mind-elixir < 0.18.1 - Cross-Site Scripting via Untrusted Menu Handling
Feb 20, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-36686
MEDIUM
yapi 1.9.1 - Stored Cross-Site Scripting via Interface API Edit Page
Jan 26, 2023
CVSS 5.4
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters