npm

4,201 tracked vulnerabilities.

CVE-2021-32013 MEDIUM
SheetJS and SheetJS Pro < 0.16.9 - Denial of Service via Crafted XLSX Document
Jul 19, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-32012 MEDIUM
SheetJS and SheetJS Pro < 0.16.9 - Denial of Service via Crafted XLSX Document
Jul 19, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-3647 MEDIUM
uri.js < 1.19.7 - URL Redirection to Untrusted Site
Jul 16, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-32770 HIGH
Gatsby <4.0.8, <5.9.2 - Info Disclosure
Jul 15, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-36716 HIGH
Segment is-email < 1.0.1 - Uncontrolled Resource Consumption via isEmail Function
Jul 14, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-25953 CRITICAL
putil-merge 1.0.0-3.6.6 - Prototype Pollution
Jul 14, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23390 CRITICAL
total4 < 0.0.43 - Remote Code Execution via U.set() and U.get() Functions
Jul 12, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23389 CRITICAL
total.js < 3.4.9 - Remote Code Execution via U.set() and U.get() Functions
Jul 12, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-36383 MEDIUM
Xen Orchestra <5.84.0 - Privilege Escalation
Jul 12, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-25952 CRITICAL
just-safe-set 1.0.0-2.2.1 - Prototype Pollution
Jul 07, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-32738 MEDIUM
js-stellar-sdk < 8.2.3 - Improper Authentication in Utils.readChallengeTx
Jul 02, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23403 HIGH
ts-nodash < 1.2.7 - Prototype Pollution via Merge Function
Jul 02, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-23402 HIGH
record-like-deep-assign - Prototype Pollution via Main Functionality
Jul 02, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-32736 HIGH
think-helper <1.1.3 - Prototype Pollution
Jun 30, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-23400 MEDIUM
nodemailer < 6.6.1 - HTTP Header Injection via Address Object
Jun 29, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-32723 HIGH
Prism < 1.24.0 - Regular Expression Denial of Service in ASCIIDoc and ERB Highlighters
Jun 28, 2021
CVSS 7.4
EPSS 0.01
CVE-2021-23399 HIGH
wincred - OS Command Injection via getCredential Function
Jun 28, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-35513 MEDIUM
Mermaid < 8.11.0 - Cross-Site Scripting via Antiscript Feature
Jun 27, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-23398 MEDIUM
react-bootstrap-table - Cross-Site Scripting via dataFormat Parameter
Jun 24, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-21422 HIGH
mongo-express < 0.54.0 - Stored Cross-Site Scripting via Unescaped Document Rendering
Jun 21, 2021
CVSS 8.1
EPSS 0.02
CVE-2021-29060 MEDIUM
color-string < 1.5.5 - Denial of Service via Crafted HWB String
Jun 21, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-29059 HIGH
is-svg 2.1.0-4.2.2 - Regular Expression Denial of Service via Crafted Invalid SVG String
Jun 21, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-32696 LOW
striptags < 3.2.0 - Cross-Site Scripting via Array-like Object Type Confusion
Jun 18, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-23396 MEDIUM
lutils - Prototype Pollution via Merge Function
Jun 17, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-32659 MEDIUM
Matrix-appservice-bridge <2.6.0 - Info Disclosure
Jun 16, 2021
CVSS 6.5
EPSS 0.01