npm

4,199 tracked vulnerabilities.

CVE-2021-23631 HIGH
convert-svg-core - Path Traversal via Crafted SVG File
Jan 21, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-23518 HIGH
cached-path-relative < 1.1.0 - Prototype Pollution via Cache Variable
Jan 21, 2022
CVSS 7.3
EPSS 0.02
CVE-2021-23460 HIGH
min-dash < 3.8.1 - Prototype Pollution via Set Method
Jan 21, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-33040 MEDIUM
epub.js < 0.3.89 - Cross-Site Scripting in iframe.js
Jan 17, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-24044 CRITICAL
Hermes < 0.10.0 - Type Confusion via Invalid JavaScript Await/Yield
Jan 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2021-23567 HIGH
colors.js > 1.4.0 - Denial of Service via Infinite Loop in americanFlag Module
Jan 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-23566 MEDIUM
nanoid 3.0.0-3.1.30 - Information Exposure via valueOf() Function
Jan 14, 2022
CVSS 4.0
EPSS 0.00
CVE-2021-23594 CRITICAL
realms-shim - Sandbox Bypass via Prototype Pollution
Jan 10, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-23568 HIGH
extend2 < 1.0.1 - Prototype Pollution via Unsafe Recursive Merge
Jan 10, 2022
CVSS 7.3
EPSS 0.01
CVE-2021-23543 CRITICAL
realms-shim - Sandbox Bypass via Prototype Pollution
Jan 10, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-43862 LOW
jQuery Terminal Emulator <2.31.1 - XSS
Dec 30, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-43861 HIGH
mermaid < 8.13.8 - Remote Code Execution via Malicious Diagram
Dec 30, 2021
CVSS 7.2
EPSS 0.01
CVE-2021-23574 HIGH
js-data < 3.0.11 - Prototype Pollution via deepFillIn and set Functions
Dec 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23490 HIGH
parse-link-header < 2.0.0 - Denial of Service via Regular Expression in checkHeader
Dec 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-43849 MEDIUM
cordova-plugin-fingerprint-aio <5.0.1 - DoS
Dec 23, 2021
CVSS 6.2
EPSS 0.00
CVE-2021-45459 CRITICAL
node-windows < 1.0.0-beta.6 - Command Injection via PID Parameter
Dec 22, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-43843 MEDIUM
jsx-slack < 4.5.2 - Regular Expression Denial of Service via Blockquote Multibyte Character Handling
Dec 20, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23797 HIGH
http-server-node - Path Traversal via --path-as-is
Dec 17, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23450 HIGH
dojo < 1.17.0 - Prototype Pollution via setObject Function
Dec 17, 2021
CVSS 7.5
EPSS 0.30
CVE-2021-43838 MEDIUM
jsx-slack < 4.5.1 - Regular Expression Denial-of-Service via Blockquote Tag
Dec 17, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-43801 HIGH
Mercurius 8.10.0-8.11.1 - Denial of Service via Malformed JSON to GraphQL Endpoint
Dec 13, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23700 MEDIUM
merge-deep2 - Prototype Pollution via mergeDeep() Function
Dec 10, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23663 MEDIUM
sey - Prototype Pollution via deepmerge()
Dec 10, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23639 CRITICAL
md-to-pdf < 5.0.0 - Remote Code Execution via Gray-Matter Front Matter Parsing
Dec 10, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-23561 MEDIUM
comb - Prototype Pollution via deepMerge() Function
Dec 10, 2021
CVSS 6.5
EPSS 0.01