npm

4,201 tracked vulnerabilities.

CVE-2020-28451 CRITICAL
image-tiler < 2.0.2 - OS Command Injection
Aug 02, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-28437 CRITICAL
heroku-env - OS Command Injection in lib/get.js
Aug 02, 2022
CVSS 9.4
EPSS 0.01
CVE-2020-28434 CRITICAL
gitblame - OS Command Injection via lib/gitblame.js
Aug 02, 2022
CVSS 9.4
EPSS 0.01
CVE-2020-28433 HIGH
node-latex-pdf - OS Command Injection
Aug 02, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28425 HIGH
curljs - OS Command Injection
Aug 02, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28423 CRITICAL
monorepo-build - OS Command Injection
Aug 02, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-7678 HIGH
node-import - Remote Code Execution via Unsanitized Params Argument
Jul 25, 2022
CVSS 8.6
EPSS 0.01
CVE-2020-7677 HIGH
thenify < 3.3.1 - Remote Code Execution via Unsanitized Name Argument
Jul 25, 2022
CVSS 8.6
EPSS 0.02
CVE-2020-7649 MEDIUM
Snyk Broker < 4.73.0 - Path Traversal via Directory Traversal
Jul 25, 2022
CVSS 4.9
EPSS 0.01
CVE-2020-28471 HIGH
properties-reader < 2.2.0 - Prototype Pollution
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28462 HIGH
ion-parser - Prototype Pollution via INI File Parsing
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28461 HIGH
js-ini < 1.3.0 - Prototype Pollution via Malicious INI File Parsing
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28459 HIGH
markdown-it-decorate - Cross-Site Scripting via Event Handler Injection
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28455 HIGH
markdown-it-toc - Cross-Site Scripting via Unescaped TOC Title and Header Content
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28447 CRITICAL
xopen - OS Command Injection via filepath Parameter
Jul 25, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-28446 CRITICAL
ntesseract < 0.2.9 - Command Injection via lib/tesseract.js
Jul 25, 2022
CVSS 9.8
EPSS 0.03
CVE-2020-28443 CRITICAL
sonar-wrapper - OS Command Injection in lib/sonarRunner.js
Jul 25, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-28441 HIGH
conf-cfg-ini < 1.2.2 - Prototype Pollution via Malicious INI File Parsing
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28438 CRITICAL
deferred-exec - OS Command Injection via lib/deferred-exec.js
Jul 25, 2022
CVSS 9.8
EPSS 0.01
CVE-2020-28436 HIGH
google-cloudstorage-commands - OS Command Injection via Unsanitized Input
Jul 25, 2022
CVSS 7.3
EPSS 0.01
CVE-2020-28435 CRITICAL
ffmpeg-sdk - OS Command Injection via index.js
Jul 25, 2022
CVSS 9.4
EPSS 0.01
CVE-2020-28422 MEDIUM
git-archive - Command Injection via Exports Function
Jul 25, 2022
CVSS 6.4
EPSS 0.00
CVE-2020-7641 MEDIUM
grunt-util-property - Prototype Pollution via __proto__ Payload
Jul 17, 2022
CVSS 4.0
EPSS 0.00
CVE-2020-28246 CRITICAL
Form.io 2.0.0 - Authenticated Server-Side Template Injection via Email Template Deletion
Jun 02, 2022
CVSS 9.8
EPSS 0.02
CVE-2020-28847 MEDIUM
Valine < 1.4.15 - Cross-Site Scripting via Nick Parameter
Apr 05, 2022
CVSS 5.4
EPSS 0.00