npm
4,201 tracked vulnerabilities.
CVE-2021-29469
MEDIUM
redis.js/redis < 3.1.1 - Denial of Service via Monitoring Mode Regex Backtracking
Apr 23, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-20088
HIGH
mootools-more 1.6.0 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.01
CVE-2021-20087
HIGH
jquery-deparam 0.5.1 - Prototype Pollution
Apr 23, 2021
CVSS 8.8
EPSS 0.02
CVE-2021-31597
CRITICAL
xmlhttprequest-ssl < 1.6.1 - Improper Certificate Validation
Apr 23, 2021
CVSS 9.4
EPSS 0.02
CVE-2021-23381
HIGH
killing - OS Command Injection via Unsanitized Input to child_process exec
Apr 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-23380
MEDIUM
roar-pidusage - OS Command Injection via Unsanitized Input to stat Function
Apr 18, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-23379
HIGH
portkiller - OS Command Injection via Unsanitized Input to child_process exec
Apr 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-23378
CRITICAL
picotts - OS Command Injection via say Function
Apr 18, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23377
CRITICAL
onion-oled-js - OS Command Injection via Scroll Function
Apr 18, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23376
CRITICAL
ffmpegdotjs - OS Command Injection via trimvideo Function
Apr 18, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-23375
HIGH
psnode - OS Command Injection via Kill Function
Apr 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-23374
HIGH
ps-visitor - OS Command Injection via Kill Function
Apr 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2021-29446
MEDIUM
jose-node-cjs-runtime < 3.11.4 - Timing Side-Channel in AES_CBC_HMAC_SHA2 Decryption
Apr 16, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-29445
MEDIUM
jose-node-esm-runtime < 3.11.4 - Timing Side-Channel in AES_CBC_HMAC_SHA2 Decryption
Apr 16, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-29444
MEDIUM
jose-node-cjs-runtime < 3.11.4 - Timing Side-Channel in AES_CBC_HMAC_SHA2 Decryption
Apr 16, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-29443
MEDIUM
jose 1.0.0-1.28.0 - Padding Oracle via AES_CBC_HMAC_SHA2 Decryption
Apr 16, 2021
CVSS 5.9
EPSS 0.01
CVE-2021-26073
HIGH
atlassian-connect-express 3.0.2-6.5.9 - Improper Authentication via Context JWT Acceptance
Apr 16, 2021
CVSS 7.7
EPSS 0.01
CVE-2021-23372
MEDIUM
mongo-express - Denial of Service via Empty Collection CSV Export
Apr 13, 2021
CVSS 4.4
EPSS 0.01
CVE-2021-3163
MEDIUM
Slab Quill 4.8.0 - Stored Cross-Site Scripting via IMG onloadstart Attribute
Apr 12, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-23370
HIGH
swiperjs/swiper < 6.5.1 - Cross-Site Scripting
Apr 12, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23369
MEDIUM
handlebars < 4.7.7 - Remote Code Execution via Untrusted Template Compilation
Apr 12, 2021
CVSS 5.6
EPSS 0.07
CVE-2021-23368
MEDIUM
postcss 7.0.0-7.0.35 - Regular Expression Denial of Service in Source Map Parsing
Apr 12, 2021
CVSS 5.3
EPSS 0.04
CVE-2021-23371
HIGH
chrono-node <2.2.4 - Info Disclosure
Apr 12, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-30246
CRITICAL
jsrsasign <10.1.13 - Info Disclosure
Apr 07, 2021
CVSS 9.1
EPSS 0.01
CVE-2021-21423
MEDIUM
projen < 0.16.41 - Unauthenticated Exposure of Version-Control Repository via Rebuild-Bot Workflow
Apr 06, 2021
CVSS 6.8
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters