npm

4,199 tracked vulnerabilities.

CVE-2021-34080 CRITICAL
ssl-utils < 1.0.0 - OS Command Injection via createCertRequest() and createCert() Functions
Jun 02, 2022
CVSS 9.8
EPSS 0.03
CVE-2021-34079 CRITICAL
docker-tester < 1.2.1 - OS Command Injection via docker-compose.yml Ports Entry
Jun 02, 2022
CVSS 9.8
EPSS 0.04
CVE-2021-34078 HIGH
lifion-verify-dependencies < 1.2.0 - OS Command Injection via Crafted Dependency Name
Jun 02, 2022
CVSS 8.8
EPSS 0.02
CVE-2021-4229 MEDIUM
ua-parser-js 0.7.29 0.8.0 1.0.0 - Backdoor via Crypto Mining Component
May 24, 2022
CVSS 5.0
EPSS 0.01
CVE-2021-42648 MEDIUM
Coder code-server < 3.12.0 - Cross-Site Scripting via Crafted URL
May 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-46440 HIGH
Strapi <3.6.9-4.1.5 - Info Disclosure
May 03, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-43138 HIGH
Async <2.6.4, <3.2.2 - Privilege Escalation
Apr 06, 2022
CVSS 7.8
EPSS 0.03
CVE-2021-44906 CRITICAL
Minimist <=1.2.5 - Prototype Pollution via setKey Function
Mar 17, 2022
CVSS 9.8
EPSS 0.05
CVE-2021-44908 CRITICAL
Sails.js <=1.4.0 - Prototype Pollution via loadActionModules()
Mar 17, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-23771 MEDIUM
notevil and argencoders-notevil - Prototype Pollution via Sandbox Escape
Mar 17, 2022
CVSS 6.5
EPSS 0.01
CVE-2021-23632 MEDIUM
git < 0.1.5 - Remote Code Execution via Git.git Method
Mar 17, 2022
CVSS 6.6
EPSS 0.02
CVE-2021-46708 MEDIUM
swagger-ui-dist < 4.1.3 - Clickjacking via UI Layer Manipulation
Mar 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-46704 CRITICAL NUCLEI
GenieACS <1.2.8 - Command Injection
Mar 06, 2022
CVSS 9.8
EPSS 0.22
CVE-2021-23495 MEDIUM
karma < 6.3.16 - Open Redirect via return_url Query Parameter
Feb 25, 2022
CVSS 5.4
EPSS 0.01
CVE-2021-37504 MEDIUM
jquery_upload_file 4.0.11 - Cross-Site Scripting via fileNameStr Parameter
Feb 25, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-23702 HIGH
object-extend < 0.5.0 - Prototype Pollution
Feb 18, 2022
CVSS 7.6
EPSS 0.01
CVE-2021-23682 HIGH
appwrite < 0.11.1 and 0.12.0-0.12.2 - Prototype Pollution via Query String Parsing
Feb 16, 2022
CVSS 7.3
EPSS 0.02
CVE-2021-23555 CRITICAL
vm2 <3.9.6 - Code Injection
Feb 11, 2022
CVSS 9.8
EPSS 0.03
CVE-2021-23597 HIGH
fastify-multipart < 5.3.1 - Denial of Service via Constructor Property Bypass
Feb 11, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-23507 HIGH
object-path-set < 1.0.2 - Prototype Pollution via setPath Method
Feb 04, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-23470 HIGH
putil-merge < 3.8.0 - Prototype Pollution via Malicious Constructor Property
Feb 04, 2022
CVSS 8.2
EPSS 0.01
CVE-2021-23760 MEDIUM
keyget - Prototype Pollution via set, push, and at Methods
Jan 28, 2022
CVSS 5.6
EPSS 0.02
CVE-2021-23558 HIGH
bmoor < 0.10.1 - Prototype Pollution via set Function
Jan 28, 2022
CVSS 7.3
EPSS 0.02
CVE-2021-23484 CRITICAL
zip-local < 0.3.5 - Arbitrary File Write via Archive Extraction
Jan 28, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-4103 MEDIUM
vditor < 1.0.34 - Stored Cross-Site Scripting
Jan 23, 2022
CVSS 5.4
EPSS 0.01