npm

4,201 tracked vulnerabilities.

CVE-2021-23384 MEDIUM
koa-remove-trailing-slashes < 2.0.2 - Open Redirect via Trailing Double Slashes
May 17, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-33041 MEDIUM
vmd < 1.34.0 - Cross-Site Scripting via Markdown Body Class Injection
May 17, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-32820 HIGH NUCLEI
Express-handlebars - Info Disclosure
May 14, 2021
CVSS 8.6
EPSS 0.18
CVE-2021-32819 HIGH NUCLEI
squirrelly < 9.0.0 - Remote Code Execution via Express Render API
May 14, 2021
CVSS 8.0
EPSS 0.60
CVE-2021-32818 HIGH
haml-coffee 1.14.1 - Code Execution via Template Configuration Pollution
May 14, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-32817 MEDIUM
express-hbs < 5.3.2 - File Disclosure via Layout Parameter
May 14, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-25943 CRITICAL
101 1.0.0-1.6.3 - Prototype Pollution leading to Denial of Service and Remote Code Execution
May 14, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-25941 CRITICAL
deep-override 1.0.0-1.0.1 - Prototype Pollution leading to Denial of Service
May 14, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-28128 HIGH
Strapi <3.6.0 - Privilege Escalation
May 06, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-26543 HIGH
Wayfair git-parse <=1.0.4 - OS Command Injection via gitDiff Function
May 06, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-29489 HIGH
Highcharts < 9.0.0 - Stored Cross-Site Scripting via Chart Options Structure
May 05, 2021
CVSS 7.6
EPSS 0.01
CVE-2021-23383 MEDIUM
handlebars < 4.7.7 - Prototype Pollution via Template Compilation
May 04, 2021
CVSS 5.6
EPSS 0.05
CVE-2021-23343 MEDIUM
path-parse < 1.0.7 - Regular Expression Denial of Service via splitDeviceRe, splitTailRe, and splitPathRe
May 04, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-28860 CRITICAL
mixme < 0.5.1 - Prototype Pollution via __proto__ in mutate() and merge()
May 03, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-29486 HIGH
cumulative-distribution-function < 2.0.0 - Denial of Service via Infinite Loop on Non-Numeric Data
Apr 30, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-29484 MEDIUM NUCLEI
Ghost 4.0.0-4.3.2 - Unauthenticated Admin Access via Unused Preview Endpoint
Apr 29, 2021
CVSS 6.8
EPSS 0.08
CVE-2021-21388 HIGH
systeminformation < 5.6.4 - OS Command Injection via Service Parameter Mishandling
Apr 29, 2021
CVSS 8.9
EPSS 0.02
CVE-2021-23364 MEDIUM
browserslist 4.0.0-4.16.5 - Regular Expression Denial of Service
Apr 28, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23382 MEDIUM
postcss < 7.0.36 and 8.0.0-8.2.13 - Regular Expression Denial of Service via getAnnotationURL() and loadAnnotation()
Apr 26, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-25928 CRITICAL
safe-obj 1.0.0-1.0.2 - Prototype Pollution
Apr 26, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-25927 CRITICAL
safe-flat 2.0.0-2.0.1 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Apr 26, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-31712 MEDIUM
react-draft-wysiwyg < 1.14.6 - Cross-Site Scripting via Link Decorator
Apr 24, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-20086 HIGH NUCLEI
jquery-bbq 1.2.1 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.06
CVE-2021-20085 HIGH
backbone-query-parameters 0.4.0 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-20083 HIGH
jquery-plugin-query-object 2.2.3 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.04