npm

4,199 tracked vulnerabilities.

CVE-2022-0401 CRITICAL
w-zip < 1.0.12 - Path Traversal
Feb 01, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-21721 MEDIUM
Next.js 12.0.0-12.0.8 - Denial of Service via i18n Functionality
Jan 28, 2022
CVSS 5.9
EPSS 0.02
CVE-2022-0355 HIGH
NPM simple-get <4.0.1 - Info Disclosure
Jan 26, 2022
CVSS 8.8
EPSS 0.02
CVE-2022-21704 MEDIUM
log4js < 6.4.0 - Incorrect Default Permissions in Log File Creation
Jan 19, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-0235 MEDIUM
node-fetch < 2.6.7 and >=3.0.0 <3.1.1 - Open Redirect via URL Validation Bypass
Jan 16, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-21681 HIGH
marked < 4.0.10 - Denial of Service via Catastrophic Backtracking in ReflinkSearch Regex
Jan 14, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-21680 HIGH
marked < 4.0.10 - Regular Expression Denial of Service via Catastrophic Backtracking
Jan 14, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-21676 HIGH
Engine.IO 4.0.0-4.1.1, 5.0.0-5.2.0, 6.0.0-6.1.0 - Denial of Service via Crafted HTTP Request
Jan 12, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-0144 HIGH
shelljs < 0.8.5 - Improper Privilege Management
Jan 11, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-21670 MEDIUM
markdown-it <1.3.2 - Info Disclosure
Jan 10, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-0155 MEDIUM
follow-redirects < 1.14.7 - Exposure of Private Personal Information to an Unauthorized Actor
Jan 10, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-0122 MEDIUM
forge < 1.0.0 - URL Redirection to Untrusted Site
Jan 06, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-4435 HIGH
Yarn < 1.22.13 - Untrusted Search Path Execution via Directory Content
Feb 04, 2024
CVSS 7.7
EPSS 0.00
CVE-2021-32050 MEDIUM
MongoDB Drivers - Sensitive Information Exposure via Command Listener Event Publication
Aug 29, 2023
CVSS 4.2
EPSS 0.00
CVE-2021-29057 MEDIUM
node-worker-threads-pool 1.4.3 - Denial of Service via StaticPool Resource Consumption
Aug 11, 2023
CVSS 6.5
EPSS 0.01
CVE-2021-27524 MEDIUM
margox braft-editor 2.3.8 - Cross-Site Scripting via Embed Media Feature
Aug 11, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-26505 CRITICAL
hello.js 1.18.6 - Prototype Pollution via hello.utils.extend
Aug 11, 2023
CVSS 9.8
EPSS 0.01
CVE-2021-4329 MEDIUM
json-logic-js 2.0.0 - Command Injection
Mar 05, 2023
CVSS 5.5
EPSS 0.02
CVE-2021-32860 MEDIUM
izimodal < 1.6.1 - Cross-Site Scripting via Untrusted Modal Title
Feb 21, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-32859 MEDIUM
baremetrics/date_range_picker < 1.0.14 - Cross-Site Scripting via Placeholder Parameter
Feb 21, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-32855 MEDIUM
Vditor < 3.8.7 - Cross-Site Scripting via Copy-Paste
Feb 21, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-32854 MEDIUM
textangular < 1.5.16 - Cross-Site Scripting via Copy-Paste
Feb 21, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-32853 MEDIUM NUCLEI
erxes < 0.22.3 - Cross-Site Scripting via Widget Renderer
Feb 20, 2023
CVSS 6.1
EPSS 0.03
CVE-2021-32851 MEDIUM
mind-elixir < 0.18.1 - Cross-Site Scripting via Untrusted Menu Handling
Feb 20, 2023
CVSS 6.1
EPSS 0.01
CVE-2021-36686 MEDIUM
yapi 1.9.1 - Stored Cross-Site Scripting via Interface API Edit Page
Jan 26, 2023
CVSS 5.4
EPSS 0.01