npm
4,201 tracked vulnerabilities.
CVE-2021-34801
MEDIUM
Valine 1.4.14 - Denial of Service via User-Agent Header
Jun 16, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-32685
CRITICAL
tEnvoy < 7.0.3 - Improper Verification of Cryptographic Signature in verifyWithMessage Method
Jun 16, 2021
CVSS 9.8
EPSS 0.01
CVE-2021-24037
CRITICAL
Hermes < 0.8.0 - Use-After-Free via Error Message Emission
Jun 15, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23395
HIGH
nedb - Prototype Pollution via __proto__ or constructor.prototype Payload
Jun 15, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-25949
CRITICAL
set-getter 0.1.0 - Prototype Pollution
Jun 10, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-25948
CRITICAL
expand-hash 0.1.0-1.0.1 - Prototype Pollution
Jun 10, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-33829
MEDIUM
NUCLEI
CKEditor 4.14.0-4.16.0 - Cross-Site Scripting via HTML Comment Parsing
Jun 09, 2021
CVSS 6.1
EPSS 0.03
CVE-2021-32673
HIGH
reg-keygen-git-hash-plugin <0.10.16 - RCE
Jun 08, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-23392
MEDIUM
locutus < 2.0.15 - Regular Expression Denial of Service via gopher_parsedir Function
Jun 08, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23391
HIGH
calipso - Path Traversal and Arbitrary File Write via Module Install Functionality
Jun 07, 2021
CVSS 7.3
EPSS 0.00
CVE-2021-32641
HIGH
auth0-lock < 11.30.1 - Reflected Cross-Site Scripting via FlashMessage or LanguageDictionary
Jun 04, 2021
CVSS 8.1
EPSS 0.02
CVE-2021-25947
CRITICAL
nestie < 1.0.0 - Prototype Pollution
Jun 03, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-26707
CRITICAL
merge-deep < 3.0.3 - Prototype Pollution via Object Property Overwrite
Jun 02, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23388
MEDIUM
forms < 1.2.1 and 1.3.0-1.3.2 - Regular Expression Denial of Service via Email Validation
Jun 01, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-33587
HIGH
css-what 4.0.0-5.0.0 - Denial of Service via Attribute Parsing
May 28, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-33623
HIGH
trim-newlines < 3.0.1 and 4.x < 4.0.1 - Regular Expression Denial-of-Service in .end() Method
May 28, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-25945
CRITICAL
js-extend 0.0.1-1.0.1 - Prototype Pollution
May 26, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-32640
MEDIUM
WS < 6.2.2 - Denial of Service
May 25, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-25946
CRITICAL
nconf-toml 0.0.1-0.0.2 - Prototype Pollution
May 25, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-25944
CRITICAL
deep-defaults 1.0.0-1.0.5 - Prototype Pollution
May 25, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23387
MEDIUM
trailing-slash < 2.0.1 - Open Redirect via Trailing Double Slashes
May 24, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-33502
HIGH
normalize-url <4.5.1, <5.3.1, <6.0.1 - DoS
May 24, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23386
HIGH
dns-packet <5.2.2 - Info Disclosure
May 20, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-29624
MEDIUM
fastify-csrf < 3.1.0 - Cross-Site Request Forgery Protection Bypass via Subdomain Cookie Handling
May 19, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-32622
MEDIUM
matrix-react-sdk < 3.21.0 - Local Script Execution via File Preview
May 17, 2021
CVSS 4.2
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters