npm

4,201 tracked vulnerabilities.

CVE-2021-29469 MEDIUM
redis.js/redis < 3.1.1 - Denial of Service via Monitoring Mode Regex Backtracking
Apr 23, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-20088 HIGH
mootools-more 1.6.0 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-20087 HIGH
jquery-deparam 0.5.1 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-31597 CRITICAL
xmlhttprequest-ssl < 1.6.1 - Improper Certificate Validation
Apr 23, 2021
CVSS 9.4
EPSS 0.02
CVE-2021-23381 HIGH
killing - OS Command Injection via Unsanitized Input to child_process exec
Apr 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-23380 MEDIUM
roar-pidusage - OS Command Injection via Unsanitized Input to stat Function
Apr 18, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-23379 HIGH
portkiller - OS Command Injection via Unsanitized Input to child_process exec
Apr 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-23378 CRITICAL
picotts - OS Command Injection via say Function
Apr 18, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23377 CRITICAL
onion-oled-js - OS Command Injection via Scroll Function
Apr 18, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23376 CRITICAL
ffmpegdotjs - OS Command Injection via trimvideo Function
Apr 18, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23375 HIGH
psnode - OS Command Injection via Kill Function
Apr 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-23374 HIGH
ps-visitor - OS Command Injection via Kill Function
Apr 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-29446 MEDIUM
jose-node-cjs-runtime < 3.11.4 - Timing Side-Channel in AES_CBC_HMAC_SHA2 Decryption
Apr 16, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-29445 MEDIUM
jose-node-esm-runtime < 3.11.4 - Timing Side-Channel in AES_CBC_HMAC_SHA2 Decryption
Apr 16, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-29444 MEDIUM
jose-node-cjs-runtime < 3.11.4 - Timing Side-Channel in AES_CBC_HMAC_SHA2 Decryption
Apr 16, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-29443 MEDIUM
jose 1.0.0-1.28.0 - Padding Oracle via AES_CBC_HMAC_SHA2 Decryption
Apr 16, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-26073 HIGH
atlassian-connect-express 3.0.2-6.5.9 - Improper Authentication via Context JWT Acceptance
Apr 16, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-23372 MEDIUM
mongo-express - Denial of Service via Empty Collection CSV Export
Apr 13, 2021
CVSS 4.4
EPSS 0.01
CVE-2021-3163 MEDIUM
Slab Quill 4.8.0 - Stored Cross-Site Scripting via IMG onloadstart Attribute
Apr 12, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-23370 HIGH
swiperjs/swiper < 6.5.1 - Cross-Site Scripting
Apr 12, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23369 MEDIUM
handlebars < 4.7.7 - Remote Code Execution via Untrusted Template Compilation
Apr 12, 2021
CVSS 5.6
EPSS 0.07
CVE-2021-23368 MEDIUM
postcss 7.0.0-7.0.35 - Regular Expression Denial of Service in Source Map Parsing
Apr 12, 2021
CVSS 5.3
EPSS 0.04
CVE-2021-23371 HIGH
chrono-node <2.2.4 - Info Disclosure
Apr 12, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-30246 CRITICAL
jsrsasign <10.1.13 - Info Disclosure
Apr 07, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-21423 MEDIUM
projen < 0.16.41 - Unauthenticated Exposure of Version-Control Repository via Rebuild-Bot Workflow
Apr 06, 2021
CVSS 6.8
EPSS 0.01