npm
4,201 tracked vulnerabilities.
CVE-2021-23352
HIGH
madge < 4.0.1 - OS Command Injection via GraphViz Path Parameter
Mar 09, 2021
CVSS 8.6
EPSS 0.02
CVE-2021-25915
CRITICAL
changeset 0.0.1-0.2.5 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Mar 09, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-24033
MEDIUM
react-dev-utils < 11.0.4 - OS Command Injection via getProcessForPort Function
Mar 09, 2021
CVSS 5.6
EPSS 0.03
CVE-2021-26814
HIGH
Wazuh 4.0.0-4.0.3 - Authenticated Remote Code Execution via /manager/files API
Mar 06, 2021
CVSS 8.8
EPSS 0.09
CVE-2021-3377
MEDIUM
NUCLEI
ansi_up < 5.0.0 - Cross-Site Scripting via ANSI Escape Code URL Handling
Mar 05, 2021
CVSS 6.1
EPSS 0.08
CVE-2021-23346
MEDIUM
html-parse-stringify <2.0.1 - Memory Corruption
Mar 04, 2021
CVSS 4.8
EPSS 0.02
CVE-2021-23344
CRITICAL
total.js < 3.4.8 - Remote Code Execution via set
Mar 04, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-21353
MEDIUM
pug < 3.0.1 - Remote Code Execution via Pretty Option Injection
Mar 03, 2021
CVSS 6.8
EPSS 0.04
CVE-2021-21322
CRITICAL
fastify-http-proxy < 4.3.1 - URL Prefix Bypass via Crafted Request
Mar 02, 2021
CVSS 10.0
EPSS 0.02
CVE-2021-21321
CRITICAL
fastify-reply-from < 4.0.2 - URL Prefix Bypass via Crafted Request
Mar 02, 2021
CVSS 10.0
EPSS 0.02
CVE-2021-21320
LOW
matrix-react-sdk < 3.15.0 - Insufficient Verification of Data Authenticity
Mar 02, 2021
CVSS 2.6
EPSS 0.01
CVE-2021-27884
MEDIUM
YMFE YApi < 1.9.2 - Weak JWT Token Generation via Math.random
Mar 01, 2021
CVSS 5.1
EPSS 0.00
CVE-2021-25914
CRITICAL
object-collider 1.0.0-1.0.3 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Mar 01, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-26700
HIGH
vscode-npm-script - Remote Code Execution
Feb 25, 2021
CVSS 7.8
EPSS 0.06
CVE-2021-20327
MEDIUM
mongodb-client-encryption 1.2.0 - Improper Certificate Validation
Feb 25, 2021
CVSS 6.4
EPSS 0.00
CVE-2021-27516
HIGH
uri.js < 1.19.6 - URL Parsing Flaw via Backslash Handling
Feb 22, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-27515
MEDIUM
url-parse < 1.5.0 - URL Parsing Flaw via Backslash Mishandling
Feb 22, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-3189
MEDIUM
slashify 1.0.0 - Open Redirect via Malformed URL Path
Feb 19, 2021
CVSS 6.1
EPSS 0.01
CVE-2021-23342
HIGH
docsify < 4.12.0 - Stored Cross-Site Scripting via Sidebar HTML Injection
Feb 19, 2021
CVSS 8.6
EPSS 0.02
CVE-2021-23341
HIGH
prismjs < 1.23.0 - Regular Expression Denial of Service
Feb 18, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-20066
MEDIUM
jsdom < 16.5.0 - Local Resource Loading via Script Execution
Feb 16, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-21317
MEDIUM
uap-core < 0.11.0 - Regular Expression Denial of Service via User-Agent Header
Feb 16, 2021
CVSS 5.3
EPSS 0.03
CVE-2021-21316
MEDIUM
less-openui5 < 0.10.0 - Remote Code Execution via Inline JavaScript in Less Files
Feb 16, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-21315
HIGH
KEVNUCLEI
systeminformation < 5.3.1 - OS Command Injection via Service Parameter Handling
Feb 16, 2021
CVSS 7.1
EPSS 0.90
CVE-2021-23337
HIGH
NUCLEI
Lodash <4.17.21 - Command Injection
Feb 15, 2021
CVSS 7.2
EPSS 0.22
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters