npm
4,199 tracked vulnerabilities.
CVE-2021-43803
HIGH
Next.js 11.1.0-11.1.2 and 12.0.0-12.0.4 - Denial of Service via Malformed URL
Dec 10, 2021
CVSS 7.5
EPSS 0.45
CVE-2021-41246
MEDIUM
Express OpenID Connect <2.5.1 - Session Fixation
Dec 09, 2021
CVSS 4.6
EPSS 0.01
CVE-2021-44685
CRITICAL
git-it < 4.4.0 - OS Command Injection via Unsanitized Branch Name in Branches Aren't Just For Birds Challenge
Dec 07, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-44684
CRITICAL
github-todos < 3.1.0 - OS Command Injection via _hook Subcommand Range Argument
Dec 07, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23562
MEDIUM
plupload < 2.3.9 - Unrestricted Upload of File with Dangerous Type
Dec 03, 2021
CVSS 4.2
EPSS 0.01
CVE-2021-25987
MEDIUM
hexo 0.0.1-5.4.0 - Stored Cross-Site Scripting in Post Body and Tags
Nov 30, 2021
CVSS 5.0
EPSS 0.00
CVE-2021-43788
MEDIUM
NodeBB 1.0.4-1.18.4 - Path Traversal via Language File Access
Nov 29, 2021
CVSS 5.0
EPSS 0.26
CVE-2021-43787
CRITICAL
NodeBB 1.15.5-1.18.4 - Authenticated DOM-Based Cross-Site Scripting via Prototype Pollution
Nov 29, 2021
CVSS 9.0
EPSS 0.01
CVE-2021-43786
CRITICAL
NodeBB 1.15.0-1.18.4 - Unauthenticated Remote Code Execution via Master Token Bypass
Nov 29, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-40831
MEDIUM
AWS IoT Device SDK - Info Disclosure
Nov 23, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-40830
MEDIUM
AWS IoT Device SDK v2 < 1.5.0/1.5.3/1.6.1/1.12.7 - Improper Certificate Validation
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-40829
MEDIUM
AWS IoT Device SDK v2 Certificate Validation Flaw on macOS
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-40828
MEDIUM
AWS IoT Device SDK v2 < 1.3.3/1.5.18/1.12.7/1.5.3 - Improper Certificate Validation on Windows
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-23732
CRITICAL
docker-cli-js - OS Command Injection via Docker.command Method
Nov 22, 2021
CVSS 9.0
EPSS 0.02
CVE-2021-23718
MEDIUM
ssrf-agent < 1.0.5 - Server-Side Request Forgery via defaultIpChecker Function
Nov 22, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-23673
MEDIUM
pekeupload - Stored Cross-Site Scripting via Filename
Nov 22, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-23433
MEDIUM
algoliasearch-helper < 3.6.2 - Prototype Pollution via SearchParameters._parseNumbers
Nov 19, 2021
CVSS 5.9
EPSS 0.02
CVE-2021-37939
LOW
Kibana 7.8.0-7.15.1 - Authenticated Internal Host HTTP Response Disclosure via JIRA and IBM Resilient Connectors
Nov 18, 2021
CVSS 2.7
EPSS 0.00
CVE-2021-41165
HIGH
CKEditor < 4.17.0 - Stored Cross-Site Scripting via Malformed HTML Comment Bypass
Nov 17, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-41164
HIGH
CKEditor 4 < 4.17.0 - Stored Cross-Site Scripting via Advanced Content Filter Bypass
Nov 17, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-3918
CRITICAL
json-schema < 0.4.0 - Prototype Pollution
Nov 13, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-43571
CRITICAL
Stark Bank Node.js ECDSA <1.1.2 - Code Injection
Nov 09, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-25979
CRITICAL
Apostrophecms < 3.3.1 - Insufficient Session Expiration
Nov 08, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-25978
MEDIUM
Apostrophecms < 3.3.1 - XSS
Nov 07, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-42057
HIGH
Obsidian Dataview <= 0.4.12-hotfix1 - Remote Code Execution via Markdown File
Nov 04, 2021
CVSS 7.8
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters