npm
4,201 tracked vulnerabilities.
CVE-2020-28451
CRITICAL
image-tiler < 2.0.2 - OS Command Injection
Aug 02, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-28437
CRITICAL
heroku-env - OS Command Injection in lib/get.js
Aug 02, 2022
CVSS 9.4
EPSS 0.01
CVE-2020-28434
CRITICAL
gitblame - OS Command Injection via lib/gitblame.js
Aug 02, 2022
CVSS 9.4
EPSS 0.01
CVE-2020-28433
HIGH
node-latex-pdf - OS Command Injection
Aug 02, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28425
HIGH
curljs - OS Command Injection
Aug 02, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28423
CRITICAL
monorepo-build - OS Command Injection
Aug 02, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-7678
HIGH
node-import - Remote Code Execution via Unsanitized Params Argument
Jul 25, 2022
CVSS 8.6
EPSS 0.01
CVE-2020-7677
HIGH
thenify < 3.3.1 - Remote Code Execution via Unsanitized Name Argument
Jul 25, 2022
CVSS 8.6
EPSS 0.02
CVE-2020-7649
MEDIUM
Snyk Broker < 4.73.0 - Path Traversal via Directory Traversal
Jul 25, 2022
CVSS 4.9
EPSS 0.01
CVE-2020-28471
HIGH
properties-reader < 2.2.0 - Prototype Pollution
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28462
HIGH
ion-parser - Prototype Pollution via INI File Parsing
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28461
HIGH
js-ini < 1.3.0 - Prototype Pollution via Malicious INI File Parsing
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28459
HIGH
markdown-it-decorate - Cross-Site Scripting via Event Handler Injection
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28455
HIGH
markdown-it-toc - Cross-Site Scripting via Unescaped TOC Title and Header Content
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28447
CRITICAL
xopen - OS Command Injection via filepath Parameter
Jul 25, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-28446
CRITICAL
ntesseract < 0.2.9 - Command Injection via lib/tesseract.js
Jul 25, 2022
CVSS 9.8
EPSS 0.03
CVE-2020-28443
CRITICAL
sonar-wrapper - OS Command Injection in lib/sonarRunner.js
Jul 25, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-28441
HIGH
conf-cfg-ini < 1.2.2 - Prototype Pollution via Malicious INI File Parsing
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28438
CRITICAL
deferred-exec - OS Command Injection via lib/deferred-exec.js
Jul 25, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-28436
HIGH
google-cloudstorage-commands - OS Command Injection via Unsanitized Input
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28435
CRITICAL
ffmpeg-sdk - OS Command Injection via index.js
Jul 25, 2022
CVSS 9.4
EPSS 0.01
CVE-2020-28422
MEDIUM
git-archive - Command Injection via Exports Function
Jul 25, 2022
CVSS 6.4
EPSS 0.00
CVE-2020-7641
MEDIUM
grunt-util-property - Prototype Pollution via __proto__ Payload
Jul 17, 2022
CVSS 4.0
EPSS 0.00
CVE-2020-28246
CRITICAL
Form.io 2.0.0 - Authenticated Server-Side Template Injection via Email Template Deletion
Jun 02, 2022
CVSS 9.8
EPSS 0.02
CVE-2020-28847
MEDIUM
Valine < 1.4.15 - Cross-Site Scripting via Nick Parameter
Apr 05, 2022
CVSS 5.4
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters