npm
4,201 tracked vulnerabilities.
CVE-2021-32013
MEDIUM
SheetJS and SheetJS Pro < 0.16.9 - Denial of Service via Crafted XLSX Document
Jul 19, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-32012
MEDIUM
SheetJS and SheetJS Pro < 0.16.9 - Denial of Service via Crafted XLSX Document
Jul 19, 2021
CVSS 5.5
EPSS 0.01
CVE-2021-3647
MEDIUM
uri.js < 1.19.7 - URL Redirection to Untrusted Site
Jul 16, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-32770
HIGH
Gatsby <4.0.8, <5.9.2 - Info Disclosure
Jul 15, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-36716
HIGH
Segment is-email < 1.0.1 - Uncontrolled Resource Consumption via isEmail Function
Jul 14, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-25953
CRITICAL
putil-merge 1.0.0-3.6.6 - Prototype Pollution
Jul 14, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23390
CRITICAL
total4 < 0.0.43 - Remote Code Execution via U.set() and U.get() Functions
Jul 12, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23389
CRITICAL
total.js < 3.4.9 - Remote Code Execution via U.set() and U.get() Functions
Jul 12, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-36383
MEDIUM
Xen Orchestra <5.84.0 - Privilege Escalation
Jul 12, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-25952
CRITICAL
just-safe-set 1.0.0-2.2.1 - Prototype Pollution
Jul 07, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-32738
MEDIUM
js-stellar-sdk < 8.2.3 - Improper Authentication in Utils.readChallengeTx
Jul 02, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-23403
HIGH
ts-nodash < 1.2.7 - Prototype Pollution via Merge Function
Jul 02, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-23402
HIGH
record-like-deep-assign - Prototype Pollution via Main Functionality
Jul 02, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-32736
HIGH
think-helper <1.1.3 - Prototype Pollution
Jun 30, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-23400
MEDIUM
nodemailer < 6.6.1 - HTTP Header Injection via Address Object
Jun 29, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-32723
HIGH
Prism < 1.24.0 - Regular Expression Denial of Service in ASCIIDoc and ERB Highlighters
Jun 28, 2021
CVSS 7.4
EPSS 0.01
CVE-2021-23399
HIGH
wincred - OS Command Injection via getCredential Function
Jun 28, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-35513
MEDIUM
Mermaid < 8.11.0 - Cross-Site Scripting via Antiscript Feature
Jun 27, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-23398
MEDIUM
react-bootstrap-table - Cross-Site Scripting via dataFormat Parameter
Jun 24, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-21422
HIGH
mongo-express < 0.54.0 - Stored Cross-Site Scripting via Unescaped Document Rendering
Jun 21, 2021
CVSS 8.1
EPSS 0.02
CVE-2021-29060
MEDIUM
color-string < 1.5.5 - Denial of Service via Crafted HWB String
Jun 21, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-29059
HIGH
is-svg 2.1.0-4.2.2 - Regular Expression Denial of Service via Crafted Invalid SVG String
Jun 21, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-32696
LOW
striptags < 3.2.0 - Cross-Site Scripting via Array-like Object Type Confusion
Jun 18, 2021
CVSS 3.7
EPSS 0.01
CVE-2021-23396
MEDIUM
lutils - Prototype Pollution via Merge Function
Jun 17, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-32659
MEDIUM
Matrix-appservice-bridge <2.6.0 - Info Disclosure
Jun 16, 2021
CVSS 6.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters