npm

4,201 tracked vulnerabilities.

CVE-2020-36851 CRITICAL
cors-anywhere - Unauthenticated Server-Side Request Forgery via Open Proxy Configuration
Sep 25, 2025
EPSS 0.01
CVE-2020-26311 HIGH
useragent - Regular Expression Denial of Service via Inefficient Regex
Oct 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2020-26309 HIGH
nope-validator < 0.12.1 - Regular Expression Denial of Service
Oct 26, 2024
EPSS 0.00
CVE-2020-26308 HIGH
validate.js < 0.13.1 - Regular Expression Denial of Service
Oct 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2020-26306 HIGH
Knwl.js <= 1.0.2 - Denial of Service via Inefficient Regular Expression
Oct 26, 2024
EPSS 0.00
CVE-2020-26305 HIGH
CommonRegexJS - Regular Expression Denial of Service
Oct 26, 2024
CVSS 7.5
EPSS 0.00
CVE-2020-26304 HIGH
Foundation < 6.3.3 - Regular Expression Denial of Service
Oct 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2020-26303 HIGH
bevacqua insane < 2.6.2 - Regular Expression Denial of Service
Oct 26, 2024
CVSS 7.5
EPSS 0.01
CVE-2020-36830 MEDIUM
nescalante urlregex <0.5.1 - Info Disclosure
Sep 02, 2024
CVSS 4.3
EPSS 0.01
CVE-2020-36732 MEDIUM
crypto-js < 3.2.1 - Insufficient Entropy in Random Number Generation
Jun 12, 2023
CVSS 5.3
EPSS 0.01
CVE-2020-19850 MEDIUM
Directus 2.2.0 - Denial of Service via HTTP Request Flood
Apr 04, 2023
CVSS 6.5
EPSS 0.01
CVE-2020-19698 MEDIUM
Pandao Editor.md 1.5.0 - Cross-Site Scripting via Editor Parameter
Apr 04, 2023
CVSS 6.1
EPSS 0.01
CVE-2020-19697 MEDIUM
Pandao Editor.md 1.5.0 - Cross-Site Scripting via Iframe Src Parameter
Apr 04, 2023
CVSS 6.1
EPSS 0.01
CVE-2020-23256 CRITICAL
Electerm 1.3.22 - Unauthenticated Remote Code Execution via Unverified Service Request
Jan 20, 2023
CVSS 9.8
EPSS 0.01
CVE-2020-36651 MEDIUM
Youngerheart nodeserver - Path Traversal
Jan 18, 2023
CVSS 5.5
EPSS 0.01
CVE-2020-36650 MEDIUM
IonicaBizau node-gry <6.0.0 - Command Injection
Jan 11, 2023
CVSS 5.5
EPSS 0.02
CVE-2020-36649 LOW
mholt PapaParse <5.1.x - Regular Expression Complexity
Jan 11, 2023
CVSS 3.5
EPSS 0.01
CVE-2020-36632 MEDIUM
hughsk flat <5.0.0 - Prototype Pollution
Dec 25, 2022
CVSS 6.3
EPSS 0.01
CVE-2020-36629 MEDIUM
httpster < 1.1.0 - Path Traversal via fs.realpathSync
Dec 25, 2022
CVSS 5.5
EPSS 0.01
CVE-2020-26302 HIGH
is.js <0.9.0 - ReDoS
Dec 22, 2022
CVSS 7.5
EPSS 0.01
CVE-2020-36618 MEDIUM
Furqan node-whois - Prototype Pollution
Dec 19, 2022
CVSS 6.3
EPSS 0.01
CVE-2020-36604 HIGH
hoek <8.5.1, <9.0.3 - Prototype Poisoning
Sep 23, 2022
CVSS 8.1
EPSS 0.01
CVE-2020-26938 HIGH
oauth2-server < 3.1.1 - Open Redirect via Incorrect URI Pattern Validation
Aug 29, 2022
CVSS 7.2
EPSS 0.01
CVE-2020-7795 HIGH
get-npm-package-version <1.0.7 - Command Injection
Aug 02, 2022
CVSS 7.3
EPSS 0.04
CVE-2020-28453 CRITICAL
npos-tesseract - OS Command Injection in lib/ocr.js
Aug 02, 2022
CVSS 9.4
EPSS 0.01