npm
4,199 tracked vulnerabilities.
CVE-2021-34080
CRITICAL
ssl-utils < 1.0.0 - OS Command Injection via createCertRequest() and createCert() Functions
Jun 02, 2022
CVSS 9.8
EPSS 0.03
CVE-2021-34079
CRITICAL
docker-tester < 1.2.1 - OS Command Injection via docker-compose.yml Ports Entry
Jun 02, 2022
CVSS 9.8
EPSS 0.04
CVE-2021-34078
HIGH
lifion-verify-dependencies < 1.2.0 - OS Command Injection via Crafted Dependency Name
Jun 02, 2022
CVSS 8.8
EPSS 0.02
CVE-2021-4229
MEDIUM
ua-parser-js 0.7.29 0.8.0 1.0.0 - Backdoor via Crypto Mining Component
May 24, 2022
CVSS 5.0
EPSS 0.01
CVE-2021-42648
MEDIUM
Coder code-server < 3.12.0 - Cross-Site Scripting via Crafted URL
May 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-46440
HIGH
Strapi <3.6.9-4.1.5 - Info Disclosure
May 03, 2022
CVSS 7.5
EPSS 0.03
CVE-2021-43138
HIGH
Async <2.6.4, <3.2.2 - Privilege Escalation
Apr 06, 2022
CVSS 7.8
EPSS 0.03
CVE-2021-44906
CRITICAL
Minimist <=1.2.5 - Prototype Pollution via setKey Function
Mar 17, 2022
CVSS 9.8
EPSS 0.05
CVE-2021-44908
CRITICAL
Sails.js <=1.4.0 - Prototype Pollution via loadActionModules()
Mar 17, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-23771
MEDIUM
notevil and argencoders-notevil - Prototype Pollution via Sandbox Escape
Mar 17, 2022
CVSS 6.5
EPSS 0.01
CVE-2021-23632
MEDIUM
git < 0.1.5 - Remote Code Execution via Git.git Method
Mar 17, 2022
CVSS 6.6
EPSS 0.02
CVE-2021-46708
MEDIUM
swagger-ui-dist < 4.1.3 - Clickjacking via UI Layer Manipulation
Mar 11, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-46704
CRITICAL
NUCLEI
GenieACS <1.2.8 - Command Injection
Mar 06, 2022
CVSS 9.8
EPSS 0.22
CVE-2021-23495
MEDIUM
karma < 6.3.16 - Open Redirect via return_url Query Parameter
Feb 25, 2022
CVSS 5.4
EPSS 0.01
CVE-2021-37504
MEDIUM
jquery_upload_file 4.0.11 - Cross-Site Scripting via fileNameStr Parameter
Feb 25, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-23702
HIGH
object-extend < 0.5.0 - Prototype Pollution
Feb 18, 2022
CVSS 7.6
EPSS 0.01
CVE-2021-23682
HIGH
appwrite < 0.11.1 and 0.12.0-0.12.2 - Prototype Pollution via Query String Parsing
Feb 16, 2022
CVSS 7.3
EPSS 0.02
CVE-2021-23555
CRITICAL
vm2 <3.9.6 - Code Injection
Feb 11, 2022
CVSS 9.8
EPSS 0.03
CVE-2021-23597
HIGH
fastify-multipart < 5.3.1 - Denial of Service via Constructor Property Bypass
Feb 11, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-23507
HIGH
object-path-set < 1.0.2 - Prototype Pollution via setPath Method
Feb 04, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-23470
HIGH
putil-merge < 3.8.0 - Prototype Pollution via Malicious Constructor Property
Feb 04, 2022
CVSS 8.2
EPSS 0.01
CVE-2021-23760
MEDIUM
keyget - Prototype Pollution via set, push, and at Methods
Jan 28, 2022
CVSS 5.6
EPSS 0.02
CVE-2021-23558
HIGH
bmoor < 0.10.1 - Prototype Pollution via set Function
Jan 28, 2022
CVSS 7.3
EPSS 0.02
CVE-2021-23484
CRITICAL
zip-local < 0.3.5 - Arbitrary File Write via Archive Extraction
Jan 28, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-4103
MEDIUM
vditor < 1.0.34 - Stored Cross-Site Scripting
Jan 23, 2022
CVSS 5.4
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters