npm
4,201 tracked vulnerabilities.
CVE-2021-23384
MEDIUM
koa-remove-trailing-slashes < 2.0.2 - Open Redirect via Trailing Double Slashes
May 17, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-33041
MEDIUM
vmd < 1.34.0 - Cross-Site Scripting via Markdown Body Class Injection
May 17, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-32820
HIGH
NUCLEI
Express-handlebars - Info Disclosure
May 14, 2021
CVSS 8.6
EPSS 0.18
CVE-2021-32819
HIGH
NUCLEI
squirrelly < 9.0.0 - Remote Code Execution via Express Render API
May 14, 2021
CVSS 8.0
EPSS 0.60
CVE-2021-32818
HIGH
haml-coffee 1.14.1 - Code Execution via Template Configuration Pollution
May 14, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-32817
MEDIUM
express-hbs < 5.3.2 - File Disclosure via Layout Parameter
May 14, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-25943
CRITICAL
101 1.0.0-1.6.3 - Prototype Pollution leading to Denial of Service and Remote Code Execution
May 14, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-25941
CRITICAL
deep-override 1.0.0-1.0.1 - Prototype Pollution leading to Denial of Service
May 14, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-28128
HIGH
Strapi <3.6.0 - Privilege Escalation
May 06, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-26543
HIGH
Wayfair git-parse <=1.0.4 - OS Command Injection via gitDiff Function
May 06, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-29489
HIGH
Highcharts < 9.0.0 - Stored Cross-Site Scripting via Chart Options Structure
May 05, 2021
CVSS 7.6
EPSS 0.01
CVE-2021-23383
MEDIUM
handlebars < 4.7.7 - Prototype Pollution via Template Compilation
May 04, 2021
CVSS 5.6
EPSS 0.05
CVE-2021-23343
MEDIUM
path-parse < 1.0.7 - Regular Expression Denial of Service via splitDeviceRe, splitTailRe, and splitPathRe
May 04, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-28860
CRITICAL
mixme < 0.5.1 - Prototype Pollution via __proto__ in mutate() and merge()
May 03, 2021
CVSS 9.1
EPSS 0.02
CVE-2021-29486
HIGH
cumulative-distribution-function < 2.0.0 - Denial of Service via Infinite Loop on Non-Numeric Data
Apr 30, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-29484
MEDIUM
NUCLEI
Ghost 4.0.0-4.3.2 - Unauthenticated Admin Access via Unused Preview Endpoint
Apr 29, 2021
CVSS 6.8
EPSS 0.08
CVE-2021-21388
HIGH
systeminformation < 5.6.4 - OS Command Injection via Service Parameter Mishandling
Apr 29, 2021
CVSS 8.9
EPSS 0.02
CVE-2021-23364
MEDIUM
browserslist 4.0.0-4.16.5 - Regular Expression Denial of Service
Apr 28, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23382
MEDIUM
postcss < 7.0.36 and 8.0.0-8.2.13 - Regular Expression Denial of Service via getAnnotationURL() and loadAnnotation()
Apr 26, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-25928
CRITICAL
safe-obj 1.0.0-1.0.2 - Prototype Pollution
Apr 26, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-25927
CRITICAL
safe-flat 2.0.0-2.0.1 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Apr 26, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-31712
MEDIUM
react-draft-wysiwyg < 1.14.6 - Cross-Site Scripting via Link Decorator
Apr 24, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-20086
HIGH
NUCLEI
jquery-bbq 1.2.1 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.06
CVE-2021-20085
HIGH
backbone-query-parameters 0.4.0 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-20083
HIGH
jquery-plugin-query-object 2.2.3 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.04
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters