npm

4,201 tracked vulnerabilities.

CVE-2021-23425 MEDIUM
trim-off-newlines < 1.0.3 - Regular Expression Denial of Service via String Processing
Aug 18, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23424 HIGH
ansi-html < 0.0.8 - Denial of Service via Malicious String Input
Aug 18, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-39131 HIGH
ced < 1.0.0 - Denial of Service via Non-Buffer Data Type
Aug 17, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-32822 MEDIUM
hbs - File Disclosure via Express Render API Configuration Overwrite
Aug 16, 2021
CVSS 4.0
EPSS 0.01
CVE-2021-37695 HIGH
CKEditor < 4.16.2 - Stored Cross-Site Scripting via Fake Objects HTML Injection
Aug 13, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-32809 MEDIUM
CKEditor 4.5.2-4.16.1 - HTML Injection via Malformed Paste Content
Aug 12, 2021
CVSS 4.6
EPSS 0.01
CVE-2021-32808 HIGH
CKEditor 4.13.0-4.16.1 - Stored Cross-Site Scripting via Clipboard Widget Undo Feature
Aug 12, 2021
CVSS 7.6
EPSS 0.01
CVE-2021-37699 MEDIUM
Next.js 10.0.5-10.1.0 and 0.9.9-11.0.0 - Open Redirect via Specially Encoded Paths
Aug 12, 2021
CVSS 6.9
EPSS 0.01
CVE-2021-23421 MEDIUM
merge-change - Prototype Pollution via utils.set Function
Aug 11, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-38384 CRITICAL
Serverless Offline 8.0.0 - Info Disclosure
Aug 10, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-23419 HIGH
open-graph < 0.2.6 - Prototype Pollution via __proto__ or constructor Payload
Aug 08, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-38148 CRITICAL
Obsidian < 0.12.12 - Unauthenticated Arbitrary URL Handling
Aug 07, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-32804 HIGH
node-tar <6.1.1,5.0.6,4.4.14,3.3.2 - File Creation/Overwrite
Aug 03, 2021
CVSS 8.2
EPSS 0.15
CVE-2021-32803 HIGH
node-tar <6.1.2-3.2.3 - File Creation/Overwrite
Aug 03, 2021
CVSS 8.2
EPSS 0.08
CVE-2021-37916 MEDIUM
Joplin < 2.0.9 - Stored Cross-Site Scripting via Note Body Buttons and Forms
Aug 03, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-30483 MEDIUM
isomorphic-git <1.8.2 - Path Traversal
Jul 30, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23417 MEDIUM
deepmergefn - Prototype Pollution via deepMerge Function
Jul 28, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-23416 MEDIUM
curly-bracket-parser - Cross-Site Scripting via Template Input
Jul 28, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-23414 MEDIUM
video.js < 7.14.3 - Cross-Site Scripting via Track Tag Src Attribute
Jul 28, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-32796 MEDIUM
xmldom < 0.7.0 - XML Injection via Improper Character Escaping
Jul 27, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-3664 MEDIUM
url-parse < 1.5.2 - URL Redirection to Untrusted Site
Jul 26, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23413 MEDIUM
jszip < 3.7.0 - Prototype Pollution via Filename Manipulation
Jul 25, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-23412 HIGH
gitlogplus - OS Command Injection via Unsanitized Options Attributes
Jul 23, 2021
CVSS 8.1
EPSS 0.04
CVE-2021-23411 MEDIUM
anchorme - Cross-Site Scripting via Anchor Tag Generation
Jul 21, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-32014 MEDIUM
SheetJS and SheetJS Pro < 0.16.9 - Denial of Service via Crafted .xlsx Document
Jul 19, 2021
CVSS 5.5
EPSS 0.01