npm

4,201 tracked vulnerabilities.

CVE-2021-25978 MEDIUM
Apostrophecms < 3.3.1 - XSS
Nov 07, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-42057 HIGH
Obsidian Dataview <= 0.4.12-hotfix1 - Remote Code Execution via Markdown File
Nov 04, 2021
CVSS 7.8
EPSS 0.01
CVE-2021-41248 HIGH
GraphiQL 0.5.0-1.4.6 - Cross-Site Scripting via Malicious GraphQL Type Names
Nov 04, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-41249 HIGH
graphql-playground-react <1.7.28 - Code Injection
Nov 04, 2021
CVSS 7.1
EPSS 0.01
CVE-2021-41134 HIGH
nbdime < 1.1.1 and 5.0.0-5.0.1 - Stored Cross-Site Scripting in diffNotebookCheckpoint
Nov 03, 2021
CVSS 8.7
EPSS 0.01
CVE-2021-23820 MEDIUM
json-pointer < 0.6.2 - Type Confusion via Array Pointer Components
Nov 03, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-23807 MEDIUM
jsonpointer < 5.0.0 - Prototype Pollution Bypass via Array Pointer Components
Nov 03, 2021
CVSS 5.6
EPSS 0.03
CVE-2021-23784 MEDIUM
tempura < 0.4.0 - Cross-Site Scripting via esc Function Object Input
Nov 03, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-23624 MEDIUM
dotty < 0.1.2 - Type Confusion via Array Path Parameter
Nov 03, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-23509 MEDIUM
json-ptr < 3.0.0 - Type Confusion via Array Keys in Pointer Parameter
Nov 03, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-23472 LOW
bootstrap-table < 1.19.1 - Type Confusion in escapeHTML Function
Nov 03, 2021
CVSS 3.1
EPSS 0.02
CVE-2021-3765 HIGH
validator.js - Inefficient Regular Expression Complexity
Nov 02, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-41184 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Position Utility 'of' Option
Oct 26, 2021
CVSS 6.5
EPSS 0.45
CVE-2021-41183 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker Widget *Text Options
Oct 26, 2021
CVSS 6.5
EPSS 0.08
CVE-2021-41182 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker altField Option
Oct 26, 2021
CVSS 6.5
EPSS 0.42
CVE-2021-42740 CRITICAL
shell-quote < 1.7.3 - Command Injection via Windows Drive Letter Regex
Oct 21, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-41167 HIGH
modern-async < 1.0.4 - Allocation of Resources Without Limits or Throttling in forEachSeries and forEachLimit
Oct 20, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23452 HIGH
x-assign - Prototype Pollution via __proto__ Object
Oct 20, 2021
CVSS 8.6
EPSS 0.01
CVE-2021-23449 CRITICAL
Vm2 < 3.9.4 - Prototype Pollution
Oct 18, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-42228 HIGH
KindEditor 4.1-4.1.11 - Cross-Site Request Forgery via Upload Button Example
Oct 14, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-42227 MEDIUM
KindEditor 4.1-4.1.11 - Cross-Site Scripting via Upload Button Example
Oct 14, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-22964 HIGH
Fastify-Static >=4.2.4 <4.4.1 - Open Redirect
Oct 14, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-22963 MEDIUM
fastify-static < 4.2.4 - Open Redirect
Oct 14, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-39184 MEDIUM
Electron < 11.5.0, 12.1.0, 13.3.0 - Unauthorized File Content Exposure via Thumbnail API
Oct 12, 2021
CVSS 6.8
EPSS 0.01
CVE-2021-23448 MEDIUM
config-handler - Prototype Pollution via Config File Loading
Oct 11, 2021
CVSS 6.5
EPSS 0.01