npm
4,201 tracked vulnerabilities.
CVE-2021-25978
MEDIUM
Apostrophecms < 3.3.1 - XSS
Nov 07, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-42057
HIGH
Obsidian Dataview <= 0.4.12-hotfix1 - Remote Code Execution via Markdown File
Nov 04, 2021
CVSS 7.8
EPSS 0.01
CVE-2021-41248
HIGH
GraphiQL 0.5.0-1.4.6 - Cross-Site Scripting via Malicious GraphQL Type Names
Nov 04, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-41249
HIGH
graphql-playground-react <1.7.28 - Code Injection
Nov 04, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-41134
HIGH
nbdime < 1.1.1 and 5.0.0-5.0.1 - Stored Cross-Site Scripting in diffNotebookCheckpoint
Nov 03, 2021
CVSS 8.7
EPSS 0.01
CVE-2021-23820
MEDIUM
json-pointer < 0.6.2 - Type Confusion via Array Pointer Components
Nov 03, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-23807
MEDIUM
jsonpointer < 5.0.0 - Prototype Pollution Bypass via Array Pointer Components
Nov 03, 2021
CVSS 5.6
EPSS 0.03
CVE-2021-23784
MEDIUM
tempura < 0.4.0 - Cross-Site Scripting via esc Function Object Input
Nov 03, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-23624
MEDIUM
dotty < 0.1.2 - Type Confusion via Array Path Parameter
Nov 03, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-23509
MEDIUM
json-ptr < 3.0.0 - Type Confusion via Array Keys in Pointer Parameter
Nov 03, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-23472
LOW
bootstrap-table < 1.19.1 - Type Confusion in escapeHTML Function
Nov 03, 2021
CVSS 3.1
EPSS 0.02
CVE-2021-3765
HIGH
validator.js - Inefficient Regular Expression Complexity
Nov 02, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-41184
MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Position Utility 'of' Option
Oct 26, 2021
CVSS 6.5
EPSS 0.45
CVE-2021-41183
MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker Widget *Text Options
Oct 26, 2021
CVSS 6.5
EPSS 0.08
CVE-2021-41182
MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker altField Option
Oct 26, 2021
CVSS 6.5
EPSS 0.42
CVE-2021-42740
CRITICAL
shell-quote < 1.7.3 - Command Injection via Windows Drive Letter Regex
Oct 21, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-41167
HIGH
modern-async < 1.0.4 - Allocation of Resources Without Limits or Throttling in forEachSeries and forEachLimit
Oct 20, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23452
HIGH
x-assign - Prototype Pollution via __proto__ Object
Oct 20, 2021
CVSS 8.6
EPSS 0.01
CVE-2021-23449
CRITICAL
Vm2 < 3.9.4 - Prototype Pollution
Oct 18, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-42228
HIGH
KindEditor 4.1-4.1.11 - Cross-Site Request Forgery via Upload Button Example
Oct 14, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-42227
MEDIUM
KindEditor 4.1-4.1.11 - Cross-Site Scripting via Upload Button Example
Oct 14, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22964
HIGH
Fastify-Static >=4.2.4 <4.4.1 - Open Redirect
Oct 14, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-22963
MEDIUM
fastify-static < 4.2.4 - Open Redirect
Oct 14, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-39184
MEDIUM
Electron < 11.5.0, 12.1.0, 13.3.0 - Unauthorized File Content Exposure via Thumbnail API
Oct 12, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-23448
MEDIUM
config-handler - Prototype Pollution via Config File Loading
Oct 11, 2021
CVSS 6.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters