npm

4,201 tracked vulnerabilities.

CVE-2021-21310 MEDIUM
next-auth < 3.3.0 - Authentication Bypass via Prisma Adapter Email Token Verification
Feb 11, 2021
CVSS 6.1
EPSS 0.02
CVE-2021-27191 HIGH
get-ip-range < 4.0.0 - Denial of Service via Large IP Range Input
Feb 11, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23335 HIGH
Package is-user-valid - LDAP Injection
Feb 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-27185 CRITICAL
samba-client < 4.0.0 - OS Command Injection via process.exec
Feb 10, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-23327 MEDIUM
apexcharts < 3.24.0 - Cross-Site Scripting via Graph Legend Fields
Feb 09, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-25913 CRITICAL
set-or-get 1.0.0-1.2.10 - Prototype Pollution
Feb 08, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-21306 MEDIUM
marked 1.1.1-2.0.0 - Regular Expression Denial of Service
Feb 08, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-21304 HIGH
Dynamoose <2.7.0 - Prototype Pollution
Feb 08, 2021
CVSS 7.2
EPSS 0.02
CVE-2021-26541 CRITICAL
gitlog < 4.0.4 - OS Command Injection via gitlog Function
Feb 08, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-26540 MEDIUM
Apostrophe Technologies sanitize-html <2.3.2 - Open Redirect
Feb 08, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-26539 MEDIUM
Apostrophe Technologies sanitize-html <2.3.1 - Info Disclosure
Feb 08, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-25912 CRITICAL
dotty 0.0.1-0.1.0 - Prototype Pollution
Feb 02, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23330 CRITICAL
bitovi launchpad - OS Command Injection via stop
Feb 01, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-21277 HIGH
angular-expressions < 1.1.2 - Remote Code Execution via Constructor Bypass
Feb 01, 2021
CVSS 8.5
EPSS 0.03
CVE-2021-23329 HIGH
nested-object-assign <1.0.4 - Info Disclosure
Jan 31, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23328 MEDIUM
iniparserjs - Prototype Pollution via Array Concatenation
Jan 29, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-26276 MEDIUM
GoDaddy node-config-shield <0.2.2 - Code Injection
Jan 27, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-26272 MEDIUM
CKEditor 4.0-4.15 - Regular Expression Denial of Service via Autolink Plugin
Jan 26, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-26271 MEDIUM
CKEditor 4 < 4.16 - Regular Expression Denial of Service via Styles Input Dialog
Jan 26, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-21278 HIGH
RSSHub < 2021-01-25 - Remote Code Execution via Unsafe Eval in Route Handlers
Jan 26, 2021
CVSS 8.6
EPSS 0.02
CVE-2021-3223 HIGH NUCLEI
Node-RED-Dashboard <2.26.2 - Path Traversal
Jan 26, 2021
CVSS 7.5
EPSS 0.19
CVE-2021-3190 CRITICAL
async-git < 1.13.2 - OS Command Injection via Shell Metacharacters
Jan 26, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-25864 HIGH NUCLEI
node-red-contrib-huemagic 3.0.0 - Path Traversal via hue/assets/..%2F in res.sendFile API
Jan 26, 2021
CVSS 7.5
EPSS 0.09
CVE-2021-21252 MEDIUM
jQuery Validation Plugin <1.19.3 - DoS
Jan 13, 2021
CVSS 5.3
EPSS 0.04
CVE-2021-1725 MEDIUM
Bot Framework SDK - Information Disclosure via Improper Authentication
Jan 12, 2021
CVSS 5.5
EPSS 0.01