npm

4,201 tracked vulnerabilities.

CVE-2021-34801 MEDIUM
Valine 1.4.14 - Denial of Service via User-Agent Header
Jun 16, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-32685 CRITICAL
tEnvoy < 7.0.3 - Improper Verification of Cryptographic Signature in verifyWithMessage Method
Jun 16, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-24037 CRITICAL
Hermes < 0.8.0 - Use-After-Free via Error Message Emission
Jun 15, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23395 HIGH
nedb - Prototype Pollution via __proto__ or constructor.prototype Payload
Jun 15, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-25949 CRITICAL
set-getter 0.1.0 - Prototype Pollution
Jun 10, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-25948 CRITICAL
expand-hash 0.1.0-1.0.1 - Prototype Pollution
Jun 10, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-33829 MEDIUM NUCLEI
CKEditor 4.14.0-4.16.0 - Cross-Site Scripting via HTML Comment Parsing
Jun 09, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-32673 HIGH
reg-keygen-git-hash-plugin <0.10.16 - RCE
Jun 08, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-23392 MEDIUM
locutus < 2.0.15 - Regular Expression Denial of Service via gopher_parsedir Function
Jun 08, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23391 HIGH
calipso - Path Traversal and Arbitrary File Write via Module Install Functionality
Jun 07, 2021
CVSS 7.3
EPSS 0.00
CVE-2021-32641 HIGH
auth0-lock < 11.30.1 - Reflected Cross-Site Scripting via FlashMessage or LanguageDictionary
Jun 04, 2021
CVSS 8.1
EPSS 0.02
CVE-2021-25947 CRITICAL
nestie < 1.0.0 - Prototype Pollution
Jun 03, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-26707 CRITICAL
merge-deep < 3.0.3 - Prototype Pollution via Object Property Overwrite
Jun 02, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23388 MEDIUM
forms < 1.2.1 and 1.3.0-1.3.2 - Regular Expression Denial of Service via Email Validation
Jun 01, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-33587 HIGH
css-what 4.0.0-5.0.0 - Denial of Service via Attribute Parsing
May 28, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-33623 HIGH
trim-newlines < 3.0.1 and 4.x < 4.0.1 - Regular Expression Denial-of-Service in .end() Method
May 28, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-25945 CRITICAL
js-extend 0.0.1-1.0.1 - Prototype Pollution
May 26, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-32640 MEDIUM
WS < 6.2.2 - Denial of Service
May 25, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-25946 CRITICAL
nconf-toml 0.0.1-0.0.2 - Prototype Pollution
May 25, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-25944 CRITICAL
deep-defaults 1.0.0-1.0.5 - Prototype Pollution
May 25, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23387 MEDIUM
trailing-slash < 2.0.1 - Open Redirect via Trailing Double Slashes
May 24, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-33502 HIGH
normalize-url <4.5.1, <5.3.1, <6.0.1 - DoS
May 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23386 HIGH
dns-packet <5.2.2 - Info Disclosure
May 20, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-29624 MEDIUM
fastify-csrf < 3.1.0 - Cross-Site Request Forgery Protection Bypass via Subdomain Cookie Handling
May 19, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-32622 MEDIUM
matrix-react-sdk < 3.21.0 - Local Script Execution via File Preview
May 17, 2021
CVSS 4.2
EPSS 0.00