npm

4,201 tracked vulnerabilities.

CVE-2021-23352 HIGH
madge < 4.0.1 - OS Command Injection via GraphViz Path Parameter
Mar 09, 2021
CVSS 8.6
EPSS 0.02
CVE-2021-25915 CRITICAL
changeset 0.0.1-0.2.5 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Mar 09, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-24033 MEDIUM
react-dev-utils < 11.0.4 - OS Command Injection via getProcessForPort Function
Mar 09, 2021
CVSS 5.6
EPSS 0.03
CVE-2021-26814 HIGH
Wazuh 4.0.0-4.0.3 - Authenticated Remote Code Execution via /manager/files API
Mar 06, 2021
CVSS 8.8
EPSS 0.09
CVE-2021-3377 MEDIUM NUCLEI
ansi_up < 5.0.0 - Cross-Site Scripting via ANSI Escape Code URL Handling
Mar 05, 2021
CVSS 6.1
EPSS 0.08
CVE-2021-23346 MEDIUM
html-parse-stringify <2.0.1 - Memory Corruption
Mar 04, 2021
CVSS 4.8
EPSS 0.02
CVE-2021-23344 CRITICAL
total.js < 3.4.8 - Remote Code Execution via set
Mar 04, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-21353 MEDIUM
pug < 3.0.1 - Remote Code Execution via Pretty Option Injection
Mar 03, 2021
CVSS 6.8
EPSS 0.04
CVE-2021-21322 CRITICAL
fastify-http-proxy < 4.3.1 - URL Prefix Bypass via Crafted Request
Mar 02, 2021
CVSS 10.0
EPSS 0.02
CVE-2021-21321 CRITICAL
fastify-reply-from < 4.0.2 - URL Prefix Bypass via Crafted Request
Mar 02, 2021
CVSS 10.0
EPSS 0.02
CVE-2021-21320 LOW
matrix-react-sdk < 3.15.0 - Insufficient Verification of Data Authenticity
Mar 02, 2021
CVSS 2.6
EPSS 0.01
CVE-2021-27884 MEDIUM
YMFE YApi < 1.9.2 - Weak JWT Token Generation via Math.random
Mar 01, 2021
CVSS 5.1
EPSS 0.00
CVE-2021-25914 CRITICAL
object-collider 1.0.0-1.0.3 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Mar 01, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-26700 HIGH
vscode-npm-script - Remote Code Execution
Feb 25, 2021
CVSS 7.8
EPSS 0.06
CVE-2021-20327 MEDIUM
mongodb-client-encryption 1.2.0 - Improper Certificate Validation
Feb 25, 2021
CVSS 6.4
EPSS 0.00
CVE-2021-27516 HIGH
uri.js < 1.19.6 - URL Parsing Flaw via Backslash Handling
Feb 22, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27515 MEDIUM
url-parse < 1.5.0 - URL Parsing Flaw via Backslash Mishandling
Feb 22, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-3189 MEDIUM
slashify 1.0.0 - Open Redirect via Malformed URL Path
Feb 19, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-23342 HIGH
docsify < 4.12.0 - Stored Cross-Site Scripting via Sidebar HTML Injection
Feb 19, 2021
CVSS 8.6
EPSS 0.02
CVE-2021-23341 HIGH
prismjs < 1.23.0 - Regular Expression Denial of Service
Feb 18, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-20066 MEDIUM
jsdom < 16.5.0 - Local Resource Loading via Script Execution
Feb 16, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-21317 MEDIUM
uap-core < 0.11.0 - Regular Expression Denial of Service via User-Agent Header
Feb 16, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-21316 MEDIUM
less-openui5 < 0.10.0 - Remote Code Execution via Inline JavaScript in Less Files
Feb 16, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-21315 HIGH KEVNUCLEI
systeminformation < 5.3.1 - OS Command Injection via Service Parameter Handling
Feb 16, 2021
CVSS 7.1
EPSS 0.90
CVE-2021-23337 HIGH NUCLEI
Lodash <4.17.21 - Command Injection
Feb 15, 2021
CVSS 7.2
EPSS 0.22