npm

4,199 tracked vulnerabilities.

CVE-2021-43803 HIGH
Next.js 11.1.0-11.1.2 and 12.0.0-12.0.4 - Denial of Service via Malformed URL
Dec 10, 2021
CVSS 7.5
EPSS 0.45
CVE-2021-41246 MEDIUM
Express OpenID Connect <2.5.1 - Session Fixation
Dec 09, 2021
CVSS 4.6
EPSS 0.01
CVE-2021-44685 CRITICAL
git-it < 4.4.0 - OS Command Injection via Unsanitized Branch Name in Branches Aren't Just For Birds Challenge
Dec 07, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-44684 CRITICAL
github-todos < 3.1.0 - OS Command Injection via _hook Subcommand Range Argument
Dec 07, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23562 MEDIUM
plupload < 2.3.9 - Unrestricted Upload of File with Dangerous Type
Dec 03, 2021
CVSS 4.2
EPSS 0.01
CVE-2021-25987 MEDIUM
hexo 0.0.1-5.4.0 - Stored Cross-Site Scripting in Post Body and Tags
Nov 30, 2021
CVSS 5.0
EPSS 0.00
CVE-2021-43788 MEDIUM
NodeBB 1.0.4-1.18.4 - Path Traversal via Language File Access
Nov 29, 2021
CVSS 5.0
EPSS 0.26
CVE-2021-43787 CRITICAL
NodeBB 1.15.5-1.18.4 - Authenticated DOM-Based Cross-Site Scripting via Prototype Pollution
Nov 29, 2021
CVSS 9.0
EPSS 0.01
CVE-2021-43786 CRITICAL
NodeBB 1.15.0-1.18.4 - Unauthenticated Remote Code Execution via Master Token Bypass
Nov 29, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-40831 MEDIUM
AWS IoT Device SDK - Info Disclosure
Nov 23, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-40830 MEDIUM
AWS IoT Device SDK v2 < 1.5.0/1.5.3/1.6.1/1.12.7 - Improper Certificate Validation
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-40829 MEDIUM
AWS IoT Device SDK v2 Certificate Validation Flaw on macOS
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-40828 MEDIUM
AWS IoT Device SDK v2 < 1.3.3/1.5.18/1.12.7/1.5.3 - Improper Certificate Validation on Windows
Nov 23, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-23732 CRITICAL
docker-cli-js - OS Command Injection via Docker.command Method
Nov 22, 2021
CVSS 9.0
EPSS 0.02
CVE-2021-23718 MEDIUM
ssrf-agent < 1.0.5 - Server-Side Request Forgery via defaultIpChecker Function
Nov 22, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-23673 MEDIUM
pekeupload - Stored Cross-Site Scripting via Filename
Nov 22, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-23433 MEDIUM
algoliasearch-helper < 3.6.2 - Prototype Pollution via SearchParameters._parseNumbers
Nov 19, 2021
CVSS 5.9
EPSS 0.02
CVE-2021-37939 LOW
Kibana 7.8.0-7.15.1 - Authenticated Internal Host HTTP Response Disclosure via JIRA and IBM Resilient Connectors
Nov 18, 2021
CVSS 2.7
EPSS 0.00
CVE-2021-41165 HIGH
CKEditor < 4.17.0 - Stored Cross-Site Scripting via Malformed HTML Comment Bypass
Nov 17, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-41164 HIGH
CKEditor 4 < 4.17.0 - Stored Cross-Site Scripting via Advanced Content Filter Bypass
Nov 17, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-3918 CRITICAL
json-schema < 0.4.0 - Prototype Pollution
Nov 13, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-43571 CRITICAL
Stark Bank Node.js ECDSA <1.1.2 - Code Injection
Nov 09, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-25979 CRITICAL
Apostrophecms < 3.3.1 - Insufficient Session Expiration
Nov 08, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-25978 MEDIUM
Apostrophecms < 3.3.1 - XSS
Nov 07, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-42057 HIGH
Obsidian Dataview <= 0.4.12-hotfix1 - Remote Code Execution via Markdown File
Nov 04, 2021
CVSS 7.8
EPSS 0.01