npm

4,201 tracked vulnerabilities.

CVE-2021-30109 MEDIUM
Froala Editor 3.2.6 - Stored Cross-Site Scripting via Hyperlink Creation Module
Apr 05, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-30074 MEDIUM
docsify < 4.12.2 - Cross-Site Scripting in Search Component
Apr 02, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-21421 HIGH
node-etsy-client < 0.3.0 - Sensitive Information Exposure via Error Message
Apr 01, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-28918 CRITICAL NUCLEI
netmask < 1.0.6 - Unauthenticated SSRF RFI and LFI via Octal String Bypass
Apr 01, 2021
CVSS 9.1
EPSS 0.17
CVE-2021-23348 MEDIUM
portprocesses <1.0.5 - Code Injection
Mar 31, 2021
CVSS 6.3
EPSS 0.02
CVE-2021-21413 HIGH
isolated-vm <4.0.0 - Info Disclosure
Mar 30, 2021
CVSS 8.0
EPSS 0.01
CVE-2021-23363 MEDIUM
kill-by-port < 0.0.2 - OS Command Injection via Unsanitized Input to killByPort Function
Mar 30, 2021
CVSS 6.3
EPSS 0.02
CVE-2021-29418 MEDIUM
netmask < 2.0.1 - IP Address Validation Bypass via Octal Digit Handling
Mar 30, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23358 LOW
underscore 1.3.2-1.12.1 - Arbitrary Code Injection via Template Function
Mar 29, 2021
CVSS 3.3
EPSS 0.04
CVE-2021-23362 MEDIUM
hosted-git-info < 2.8.9 - Regular Expression Denial of Service via shortcutMatch
Mar 23, 2021
CVSS 5.3
EPSS 0.04
CVE-2021-23360 HIGH
killport < 1.0.2 - OS Command Injection via Unsanitized Input to child_process exec
Mar 21, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-21267 HIGH
schema-inspector < 2.0.0 - Denial of Service via Email Validation ReDoS
Mar 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-26275 CRITICAL
eslint-fixer < 0.1.5 - Command Injection via Shell Metacharacters
Mar 19, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-21384 MEDIUM
shescape < 1.1.3 - Command Injection via Newline Character
Mar 19, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-23359 HIGH
port-killer - OS Command Injection via Unsanitized Input to child_process exec
Mar 18, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27292 HIGH
ua-parser-js 0.7.14-0.7.23 - Denial of Service via Malicious User-Agent Header
Mar 17, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-25916 CRITICAL
patchmerge 1.0.0-1.0.1 - Prototype Pollution
Mar 16, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-23356 MEDIUM
kill-process-by-name - OS Command Injection via Unsanitized Input to child_process exec
Mar 15, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-23355 MEDIUM
ps-kill - OS Command Injection via Unsanitized Input to kill Function
Mar 15, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-28092 HIGH
is-svg 2.1.0-4.2.1 - Regular Expression Denial of Service
Mar 12, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27290 HIGH
ssri 5.2.2-8.0.0 - Denial of Service via SRI Processing Regular Expression
Mar 12, 2021
CVSS 7.5
EPSS 0.05
CVE-2021-21368 MEDIUM
msgpack5 < 3.6.1 - Prototype Poisoning via __proto__ Key Decoding
Mar 12, 2021
CVSS 6.7
EPSS 0.02
CVE-2021-21366 MEDIUM
xmldom < 0.5.0 - XML Processing Syntax Manipulation via Malicious Document Parsing
Mar 12, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-23354 MEDIUM
adaltas printf < 0.6.1 - Regular Expression Denial of Service via lib/printf.js Regex
Mar 12, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23353 MEDIUM
jspdf < 2.3.1 - Regular Expression Denial of Service via addImage Function
Mar 09, 2021
CVSS 5.9
EPSS 0.03