npm
4,201 tracked vulnerabilities.
CVE-2021-3766
CRITICAL
objection < 2.2.16 - Prototype Pollution
Sep 06, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-23439
MEDIUM
file-upload-with-preview < 4.2.0 - Stored Cross-Site Scripting via Filename
Sep 05, 2021
CVSS 4.2
EPSS 0.01
CVE-2021-39192
MEDIUM
Ghost 4.0.0-4.9.4 - Authenticated Privilege Escalation via Integrations API Endpoint
Sep 03, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-39187
HIGH
parse-server < 4.10.3 - Denial of Service via Invalid Explain Query Option
Sep 02, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-3757
CRITICAL
immer < 9.0.5 and >=7.0.0 < 9.0.6 - Prototype Pollution
Sep 02, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23438
MEDIUM
mpath < 0.8.4 - Type Confusion via Array IndexOf Bypass
Sep 01, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-23436
MEDIUM
immer < 9.0.6 - Type Confusion via Array Path Parameter
Sep 01, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-23426
MEDIUM
Proto - Prototype Pollution via Merge Function
Sep 01, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-39109
HIGH
Atlassian Atlasboard < 1.1.9 - Path Traversal via renderWidgetResource
Sep 01, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-39176
HIGH
detect-character-encoding < 0.3.1 - Use-After-Free
Aug 31, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-37713
HIGH
npmjs/tar < 4.4.18 - Arbitrary File Creation/Overwrite and Code Execution via Path Traversal
Aug 31, 2021
CVSS 8.2
EPSS 0.01
CVE-2021-37712
HIGH
tar < 4.4.18, 5.0.10, 6.1.9 - Arbitrary File Creation and Overwrite via Unicode Normalization Bypass
Aug 31, 2021
CVSS 8.2
EPSS 0.02
CVE-2021-37701
HIGH
npmjs/tar < 4.4.16 - Arbitrary File Creation and Overwrite via Symlink Directory Cache Bypass
Aug 31, 2021
CVSS 8.2
EPSS 0.03
CVE-2021-3749
HIGH
axios <0.21.2 - Denial of Service via Inefficient Regular Expression
Aug 31, 2021
CVSS 7.5
EPSS 0.09
CVE-2021-39178
HIGH
Next.js 10.0.0-11.0.0 - Cross-Site Scripting via SVG in Images Domain Configuration
Aug 31, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-32831
HIGH
total.js < 3.4.9 - Remote Code Execution via utils.set Function
Aug 30, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-39171
MEDIUM
passport-saml < 3.1.0 - Denial of Service via Excessive SAML Transform Processing
Aug 27, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-23434
MEDIUM
object-path < 0.11.6 - Type Confusion via Array Path Components
Aug 27, 2021
CVSS 5.6
EPSS 0.02
CVE-2021-39157
HIGH
detect-character-encoding < 0.7.0 - Denial of Service via Unhandled Charset Matching
Aug 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23432
MEDIUM
mootools - Prototype Pollution via Object.merge()
Aug 24, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-23431
MEDIUM
Joplin < 2.3.2 - Cross-Site Request Forgery
Aug 24, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-23430
HIGH
startserver - Path Traversal via Unsanitized Input
Aug 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23429
MEDIUM
transpile - Denial of Service via Improper Exception Handling in .to() Function
Aug 24, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23406
HIGH
pac-resolver <5.0.0 - Code Injection
Aug 24, 2021
CVSS 8.1
EPSS 0.03
CVE-2021-39138
MEDIUM
parse-server < 4.5.1 - Improper Authentication via Incorrect Session Creation
Aug 19, 2021
CVSS 4.8
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters