npm
4,199 tracked vulnerabilities.
CVE-2021-23631
HIGH
convert-svg-core - Path Traversal via Crafted SVG File
Jan 21, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-23518
HIGH
cached-path-relative < 1.1.0 - Prototype Pollution via Cache Variable
Jan 21, 2022
CVSS 7.3
EPSS 0.02
CVE-2021-23460
HIGH
min-dash < 3.8.1 - Prototype Pollution via Set Method
Jan 21, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-33040
MEDIUM
epub.js < 0.3.89 - Cross-Site Scripting in iframe.js
Jan 17, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-24044
CRITICAL
Hermes < 0.10.0 - Type Confusion via Invalid JavaScript Await/Yield
Jan 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2021-23567
HIGH
colors.js > 1.4.0 - Denial of Service via Infinite Loop in americanFlag Module
Jan 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-23566
MEDIUM
nanoid 3.0.0-3.1.30 - Information Exposure via valueOf() Function
Jan 14, 2022
CVSS 4.0
EPSS 0.00
CVE-2021-23594
CRITICAL
realms-shim - Sandbox Bypass via Prototype Pollution
Jan 10, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-23568
HIGH
extend2 < 1.0.1 - Prototype Pollution via Unsafe Recursive Merge
Jan 10, 2022
CVSS 7.3
EPSS 0.01
CVE-2021-23543
CRITICAL
realms-shim - Sandbox Bypass via Prototype Pollution
Jan 10, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-43862
LOW
jQuery Terminal Emulator <2.31.1 - XSS
Dec 30, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-43861
HIGH
mermaid < 8.13.8 - Remote Code Execution via Malicious Diagram
Dec 30, 2021
CVSS 7.2
EPSS 0.01
CVE-2021-23574
HIGH
js-data < 3.0.11 - Prototype Pollution via deepFillIn and set Functions
Dec 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23490
HIGH
parse-link-header < 2.0.0 - Denial of Service via Regular Expression in checkHeader
Dec 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-43849
MEDIUM
cordova-plugin-fingerprint-aio <5.0.1 - DoS
Dec 23, 2021
CVSS 6.2
EPSS 0.00
CVE-2021-45459
CRITICAL
node-windows < 1.0.0-beta.6 - Command Injection via PID Parameter
Dec 22, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-43843
MEDIUM
jsx-slack < 4.5.2 - Regular Expression Denial of Service via Blockquote Multibyte Character Handling
Dec 20, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23797
HIGH
http-server-node - Path Traversal via --path-as-is
Dec 17, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23450
HIGH
dojo < 1.17.0 - Prototype Pollution via setObject Function
Dec 17, 2021
CVSS 7.5
EPSS 0.30
CVE-2021-43838
MEDIUM
jsx-slack < 4.5.1 - Regular Expression Denial-of-Service via Blockquote Tag
Dec 17, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-43801
HIGH
Mercurius 8.10.0-8.11.1 - Denial of Service via Malformed JSON to GraphQL Endpoint
Dec 13, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23700
MEDIUM
merge-deep2 - Prototype Pollution via mergeDeep() Function
Dec 10, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23663
MEDIUM
sey - Prototype Pollution via deepmerge()
Dec 10, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23639
CRITICAL
md-to-pdf < 5.0.0 - Remote Code Execution via Gray-Matter Front Matter Parsing
Dec 10, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-23561
MEDIUM
comb - Prototype Pollution via deepMerge() Function
Dec 10, 2021
CVSS 6.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters