npm
4,201 tracked vulnerabilities.
CVE-2021-23425
MEDIUM
trim-off-newlines < 1.0.3 - Regular Expression Denial of Service via String Processing
Aug 18, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23424
HIGH
ansi-html < 0.0.8 - Denial of Service via Malicious String Input
Aug 18, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-39131
HIGH
ced < 1.0.0 - Denial of Service via Non-Buffer Data Type
Aug 17, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-32822
MEDIUM
hbs - File Disclosure via Express Render API Configuration Overwrite
Aug 16, 2021
CVSS 4.0
EPSS 0.01
CVE-2021-37695
HIGH
CKEditor < 4.16.2 - Stored Cross-Site Scripting via Fake Objects HTML Injection
Aug 13, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-32809
MEDIUM
CKEditor 4.5.2-4.16.1 - HTML Injection via Malformed Paste Content
Aug 12, 2021
CVSS 4.6
EPSS 0.01
CVE-2021-32808
HIGH
CKEditor 4.13.0-4.16.1 - Stored Cross-Site Scripting via Clipboard Widget Undo Feature
Aug 12, 2021
CVSS 7.6
EPSS 0.01
CVE-2021-37699
MEDIUM
Next.js 10.0.5-10.1.0 and 0.9.9-11.0.0 - Open Redirect via Specially Encoded Paths
Aug 12, 2021
CVSS 6.9
EPSS 0.01
CVE-2021-23421
MEDIUM
merge-change - Prototype Pollution via utils.set Function
Aug 11, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-38384
CRITICAL
Serverless Offline 8.0.0 - Info Disclosure
Aug 10, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-23419
HIGH
open-graph < 0.2.6 - Prototype Pollution via __proto__ or constructor Payload
Aug 08, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-38148
CRITICAL
Obsidian < 0.12.12 - Unauthenticated Arbitrary URL Handling
Aug 07, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-32804
HIGH
node-tar <6.1.1,5.0.6,4.4.14,3.3.2 - File Creation/Overwrite
Aug 03, 2021
CVSS 8.2
EPSS 0.15
CVE-2021-32803
HIGH
node-tar <6.1.2-3.2.3 - File Creation/Overwrite
Aug 03, 2021
CVSS 8.2
EPSS 0.08
CVE-2021-37916
MEDIUM
Joplin < 2.0.9 - Stored Cross-Site Scripting via Note Body Buttons and Forms
Aug 03, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-30483
MEDIUM
isomorphic-git <1.8.2 - Path Traversal
Jul 30, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23417
MEDIUM
deepmergefn - Prototype Pollution via deepMerge Function
Jul 28, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-23416
MEDIUM
curly-bracket-parser - Cross-Site Scripting via Template Input
Jul 28, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-23414
MEDIUM
video.js < 7.14.3 - Cross-Site Scripting via Track Tag Src Attribute
Jul 28, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-32796
MEDIUM
xmldom < 0.7.0 - XML Injection via Improper Character Escaping
Jul 27, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-3664
MEDIUM
url-parse < 1.5.2 - URL Redirection to Untrusted Site
Jul 26, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23413
MEDIUM
jszip < 3.7.0 - Prototype Pollution via Filename Manipulation
Jul 25, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-23412
HIGH
gitlogplus - OS Command Injection via Unsanitized Options Attributes
Jul 23, 2021
CVSS 8.1
EPSS 0.04
CVE-2021-23411
MEDIUM
anchorme - Cross-Site Scripting via Anchor Tag Generation
Jul 21, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-32014
MEDIUM
SheetJS and SheetJS Pro < 0.16.9 - Denial of Service via Crafted .xlsx Document
Jul 19, 2021
CVSS 5.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters