npm
4,201 tracked vulnerabilities.
CVE-2020-36851
CRITICAL
cors-anywhere - Unauthenticated Server-Side Request Forgery via Open Proxy Configuration
Sep 25, 2025
EPSS 0.01
CVE-2020-26311
HIGH
useragent - Regular Expression Denial of Service via Inefficient Regex
Oct 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2020-26309
HIGH
nope-validator < 0.12.1 - Regular Expression Denial of Service
Oct 26, 2024
EPSS 0.00
CVE-2020-26308
HIGH
validate.js < 0.13.1 - Regular Expression Denial of Service
Oct 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2020-26306
HIGH
Knwl.js <= 1.0.2 - Denial of Service via Inefficient Regular Expression
Oct 26, 2024
EPSS 0.00
CVE-2020-26305
HIGH
CommonRegexJS - Regular Expression Denial of Service
Oct 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2020-26304
HIGH
Foundation < 6.3.3 - Regular Expression Denial of Service
Oct 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2020-26303
HIGH
bevacqua insane < 2.6.2 - Regular Expression Denial of Service
Oct 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2020-36830
MEDIUM
nescalante urlregex <0.5.1 - Info Disclosure
Sep 02, 2024
CVSS 4.3
EPSS 0.01
CVE-2020-36732
MEDIUM
crypto-js < 3.2.1 - Insufficient Entropy in Random Number Generation
Jun 12, 2023
CVSS 5.3
EPSS 0.01
CVE-2020-19850
MEDIUM
Directus 2.2.0 - Denial of Service via HTTP Request Flood
Apr 04, 2023
CVSS 6.5
EPSS 0.01
CVE-2020-19698
MEDIUM
Pandao Editor.md 1.5.0 - Cross-Site Scripting via Editor Parameter
Apr 04, 2023
CVSS 6.1
EPSS 0.01
CVE-2020-19697
MEDIUM
Pandao Editor.md 1.5.0 - Cross-Site Scripting via Iframe Src Parameter
Apr 04, 2023
CVSS 6.1
EPSS 0.01
CVE-2020-23256
CRITICAL
Electerm 1.3.22 - Unauthenticated Remote Code Execution via Unverified Service Request
Jan 20, 2023
CVSS 9.8
EPSS 0.01
CVE-2020-36651
MEDIUM
Youngerheart nodeserver - Path Traversal
Jan 18, 2023
CVSS 5.5
EPSS 0.01
CVE-2020-36650
MEDIUM
IonicaBizau node-gry <6.0.0 - Command Injection
Jan 11, 2023
CVSS 5.5
EPSS 0.02
CVE-2020-36649
LOW
mholt PapaParse <5.1.x - Regular Expression Complexity
Jan 11, 2023
CVSS 3.5
EPSS 0.01
CVE-2020-36632
MEDIUM
hughsk flat <5.0.0 - Prototype Pollution
Dec 25, 2022
CVSS 6.3
EPSS 0.01
CVE-2020-36629
MEDIUM
httpster < 1.1.0 - Path Traversal via fs.realpathSync
Dec 25, 2022
CVSS 5.5
EPSS 0.01
CVE-2020-26302
HIGH
is.js <0.9.0 - ReDoS
Dec 22, 2022
CVSS 7.5
EPSS 0.01
CVE-2020-36618
MEDIUM
Furqan node-whois - Prototype Pollution
Dec 19, 2022
CVSS 6.3
EPSS 0.01
CVE-2020-36604
HIGH
hoek <8.5.1, <9.0.3 - Prototype Poisoning
Sep 23, 2022
CVSS 8.1
EPSS 0.01
CVE-2020-26938
HIGH
oauth2-server < 3.1.1 - Open Redirect via Incorrect URI Pattern Validation
Aug 29, 2022
CVSS 7.2
EPSS 0.01
CVE-2020-7795
HIGH
get-npm-package-version <1.0.7 - Command Injection
Aug 02, 2022
CVSS 7.3
EPSS 0.04
CVE-2020-28453
CRITICAL
npos-tesseract - OS Command Injection in lib/ocr.js
Aug 02, 2022
CVSS 9.4
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters