npm
4,201 tracked vulnerabilities.
CVE-2021-21310
MEDIUM
next-auth < 3.3.0 - Authentication Bypass via Prisma Adapter Email Token Verification
Feb 11, 2021
CVSS 6.1
EPSS 0.02
CVE-2021-27191
HIGH
get-ip-range < 4.0.0 - Denial of Service via Large IP Range Input
Feb 11, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23335
HIGH
Package is-user-valid - LDAP Injection
Feb 11, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-27185
CRITICAL
samba-client < 4.0.0 - OS Command Injection via process.exec
Feb 10, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-23327
MEDIUM
apexcharts < 3.24.0 - Cross-Site Scripting via Graph Legend Fields
Feb 09, 2021
CVSS 6.3
EPSS 0.01
CVE-2021-25913
CRITICAL
set-or-get 1.0.0-1.2.10 - Prototype Pollution
Feb 08, 2021
CVSS 9.8
EPSS 0.04
CVE-2021-21306
MEDIUM
marked 1.1.1-2.0.0 - Regular Expression Denial of Service
Feb 08, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-21304
HIGH
Dynamoose <2.7.0 - Prototype Pollution
Feb 08, 2021
CVSS 7.2
EPSS 0.02
CVE-2021-26541
CRITICAL
gitlog < 4.0.4 - OS Command Injection via gitlog Function
Feb 08, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-26540
MEDIUM
Apostrophe Technologies sanitize-html <2.3.2 - Open Redirect
Feb 08, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-26539
MEDIUM
Apostrophe Technologies sanitize-html <2.3.1 - Info Disclosure
Feb 08, 2021
CVSS 5.3
EPSS 0.02
CVE-2021-25912
CRITICAL
dotty 0.0.1-0.1.0 - Prototype Pollution
Feb 02, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-23330
CRITICAL
bitovi launchpad - OS Command Injection via stop
Feb 01, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-21277
HIGH
angular-expressions < 1.1.2 - Remote Code Execution via Constructor Bypass
Feb 01, 2021
CVSS 8.5
EPSS 0.03
CVE-2021-23329
HIGH
nested-object-assign <1.0.4 - Info Disclosure
Jan 31, 2021
CVSS 7.5
EPSS 0.02
CVE-2021-23328
MEDIUM
iniparserjs - Prototype Pollution via Array Concatenation
Jan 29, 2021
CVSS 5.6
EPSS 0.01
CVE-2021-26276
MEDIUM
GoDaddy node-config-shield <0.2.2 - Code Injection
Jan 27, 2021
CVSS 5.3
EPSS 0.01
CVE-2021-26272
MEDIUM
CKEditor 4.0-4.15 - Regular Expression Denial of Service via Autolink Plugin
Jan 26, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-26271
MEDIUM
CKEditor 4 < 4.16 - Regular Expression Denial of Service via Styles Input Dialog
Jan 26, 2021
CVSS 6.5
EPSS 0.02
CVE-2021-21278
HIGH
RSSHub < 2021-01-25 - Remote Code Execution via Unsafe Eval in Route Handlers
Jan 26, 2021
CVSS 8.6
EPSS 0.02
CVE-2021-3223
HIGH
NUCLEI
Node-RED-Dashboard <2.26.2 - Path Traversal
Jan 26, 2021
CVSS 7.5
EPSS 0.19
CVE-2021-3190
CRITICAL
async-git < 1.13.2 - OS Command Injection via Shell Metacharacters
Jan 26, 2021
CVSS 9.8
EPSS 0.05
CVE-2021-25864
HIGH
NUCLEI
node-red-contrib-huemagic 3.0.0 - Path Traversal via hue/assets/..%2F in res.sendFile API
Jan 26, 2021
CVSS 7.5
EPSS 0.09
CVE-2021-21252
MEDIUM
jQuery Validation Plugin <1.19.3 - DoS
Jan 13, 2021
CVSS 5.3
EPSS 0.04
CVE-2021-1725
MEDIUM
Bot Framework SDK - Information Disclosure via Improper Authentication
Jan 12, 2021
CVSS 5.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters