npm

4,201 tracked vulnerabilities.

CVE-2021-3766 CRITICAL
objection < 2.2.16 - Prototype Pollution
Sep 06, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-23439 MEDIUM
file-upload-with-preview < 4.2.0 - Stored Cross-Site Scripting via Filename
Sep 05, 2021
CVSS 4.2
EPSS 0.01
CVE-2021-39192 MEDIUM
Ghost 4.0.0-4.9.4 - Authenticated Privilege Escalation via Integrations API Endpoint
Sep 03, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39187 HIGH
parse-server < 4.10.3 - Denial of Service via Invalid Explain Query Option
Sep 02, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-3757 CRITICAL
immer < 9.0.5 and >=7.0.0 < 9.0.6 - Prototype Pollution
Sep 02, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23438 MEDIUM
mpath < 0.8.4 - Type Confusion via Array IndexOf Bypass
Sep 01, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-23436 MEDIUM
immer < 9.0.6 - Type Confusion via Array Path Parameter
Sep 01, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-23426 MEDIUM
Proto - Prototype Pollution via Merge Function
Sep 01, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-39109 HIGH
Atlassian Atlasboard < 1.1.9 - Path Traversal via renderWidgetResource
Sep 01, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-39176 HIGH
detect-character-encoding < 0.3.1 - Use-After-Free
Aug 31, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-37713 HIGH
npmjs/tar < 4.4.18 - Arbitrary File Creation/Overwrite and Code Execution via Path Traversal
Aug 31, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-37712 HIGH
tar < 4.4.18, 5.0.10, 6.1.9 - Arbitrary File Creation and Overwrite via Unicode Normalization Bypass
Aug 31, 2021
CVSS 8.2
EPSS 0.02
CVE-2021-37701 HIGH
npmjs/tar < 4.4.16 - Arbitrary File Creation and Overwrite via Symlink Directory Cache Bypass
Aug 31, 2021
CVSS 8.2
EPSS 0.03
CVE-2021-3749 HIGH
axios <0.21.2 - Denial of Service via Inefficient Regular Expression
Aug 31, 2021
CVSS 7.5
EPSS 0.09
CVE-2021-39178 HIGH
Next.js 10.0.0-11.0.0 - Cross-Site Scripting via SVG in Images Domain Configuration
Aug 31, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-32831 HIGH
total.js < 3.4.9 - Remote Code Execution via utils.set Function
Aug 30, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-39171 MEDIUM
passport-saml < 3.1.0 - Denial of Service via Excessive SAML Transform Processing
Aug 27, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-23434 MEDIUM
object-path < 0.11.6 - Type Confusion via Array Path Components
Aug 27, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-39157 HIGH
detect-character-encoding < 0.7.0 - Denial of Service via Unhandled Charset Matching
Aug 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23432 MEDIUM
mootools - Prototype Pollution via Object.merge()
Aug 24, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-23431 MEDIUM
Joplin < 2.3.2 - Cross-Site Request Forgery
Aug 24, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-23430 HIGH
startserver - Path Traversal via Unsanitized Input
Aug 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23429 MEDIUM
transpile - Denial of Service via Improper Exception Handling in .to() Function
Aug 24, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23406 HIGH
pac-resolver <5.0.0 - Code Injection
Aug 24, 2021
CVSS 8.1
EPSS 0.03
CVE-2021-39138 MEDIUM
parse-server < 4.5.1 - Improper Authentication via Incorrect Session Creation
Aug 19, 2021
CVSS 4.8
EPSS 0.01