npm
4,201 tracked vulnerabilities.
CVE-2021-30109
MEDIUM
Froala Editor 3.2.6 - Stored Cross-Site Scripting via Hyperlink Creation Module
Apr 05, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-30074
MEDIUM
docsify < 4.12.2 - Cross-Site Scripting in Search Component
Apr 02, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-21421
HIGH
node-etsy-client < 0.3.0 - Sensitive Information Exposure via Error Message
Apr 01, 2021
CVSS 8.1
EPSS 0.01
CVE-2021-28918
CRITICAL
NUCLEI
netmask < 1.0.6 - Unauthenticated SSRF RFI and LFI via Octal String Bypass
Apr 01, 2021
CVSS 9.1
EPSS 0.17
CVE-2021-23348
MEDIUM
portprocesses <1.0.5 - Code Injection
Mar 31, 2021
CVSS 6.3
EPSS 0.02
CVE-2021-21413
HIGH
isolated-vm <4.0.0 - Info Disclosure
Mar 30, 2021
CVSS 8.0
EPSS 0.01
CVE-2021-23363
MEDIUM
kill-by-port < 0.0.2 - OS Command Injection via Unsanitized Input to killByPort Function
Mar 30, 2021
CVSS 6.3
EPSS 0.02
CVE-2021-29418
MEDIUM
netmask < 2.0.1 - IP Address Validation Bypass via Octal Digit Handling
Mar 30, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23358
LOW
underscore 1.3.2-1.12.1 - Arbitrary Code Injection via Template Function
Mar 29, 2021
CVSS 3.3
EPSS 0.04
CVE-2021-23362
MEDIUM
hosted-git-info < 2.8.9 - Regular Expression Denial of Service via shortcutMatch
Mar 23, 2021
CVSS 5.3
EPSS 0.04
CVE-2021-23360
HIGH
killport < 1.0.2 - OS Command Injection via Unsanitized Input to child_process exec
Mar 21, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-21267
HIGH
schema-inspector < 2.0.0 - Denial of Service via Email Validation ReDoS
Mar 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-26275
CRITICAL
eslint-fixer < 0.1.5 - Command Injection via Shell Metacharacters
Mar 19, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-21384
MEDIUM
shescape < 1.1.3 - Command Injection via Newline Character
Mar 19, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-23359
HIGH
port-killer - OS Command Injection via Unsanitized Input to child_process exec
Mar 18, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27292
HIGH
ua-parser-js 0.7.14-0.7.23 - Denial of Service via Malicious User-Agent Header
Mar 17, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-25916
CRITICAL
patchmerge 1.0.0-1.0.1 - Prototype Pollution
Mar 16, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-23356
MEDIUM
kill-process-by-name - OS Command Injection via Unsanitized Input to child_process exec
Mar 15, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-23355
MEDIUM
ps-kill - OS Command Injection via Unsanitized Input to kill Function
Mar 15, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-28092
HIGH
is-svg 2.1.0-4.2.1 - Regular Expression Denial of Service
Mar 12, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27290
HIGH
ssri 5.2.2-8.0.0 - Denial of Service via SRI Processing Regular Expression
Mar 12, 2021
CVSS 7.5
EPSS 0.05
CVE-2021-21368
MEDIUM
msgpack5 < 3.6.1 - Prototype Poisoning via __proto__ Key Decoding
Mar 12, 2021
CVSS 6.7
EPSS 0.02
CVE-2021-21366
MEDIUM
xmldom < 0.5.0 - XML Processing Syntax Manipulation via Malicious Document Parsing
Mar 12, 2021
CVSS 4.3
EPSS 0.01
CVE-2021-23354
MEDIUM
adaltas printf < 0.6.1 - Regular Expression Denial of Service via lib/printf.js Regex
Mar 12, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-23353
MEDIUM
jspdf < 2.3.1 - Regular Expression Denial of Service via addImage Function
Mar 09, 2021
CVSS 5.9
EPSS 0.03
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters