npm

4,201 tracked vulnerabilities.

CVE-2020-27428 MEDIUM
Scratch-Svg-Renderer 0.2.0 - DOM-based Cross-Site Scripting via Crafted SB3 File
Jan 06, 2022
CVSS 6.1
EPSS 0.01
CVE-2020-36381 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36380 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36379 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36378 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36377 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36376 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-22864 MEDIUM
Froala Editor < 4.0.11 - Cross-Site Scripting via Insert Video Function
Oct 26, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-26301 HIGH
ssh2 < 1.4.0 - OS Command Injection
Sep 20, 2021
CVSS 7.5
EPSS 0.04
CVE-2020-26300 MEDIUM
systeminformation <4.26.2 - Command Injection
Sep 09, 2021
CVSS 5.9
EPSS 0.01
CVE-2020-22403 HIGH
express-cart < 1.1.17 - Cross-Site Request Forgery
Aug 12, 2021
CVSS 8.8
EPSS 0.01
CVE-2020-24939 HIGH
Stampit supermixer < 1.0.5 - Prototype Pollution
Jun 16, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-28469 MEDIUM
glob-parent < 5.1.2 - Uncontrolled Resource Consumption
Jun 03, 2021
CVSS 5.3
EPSS 0.05
CVE-2020-1920 HIGH
React Native 0.59.0-0.64.0 - Regular Expression Denial of Service in validateBaseUrl
Jun 01, 2021
CVSS 7.5
EPSS 0.01
CVE-2020-24391 CRITICAL NUCLEI
mongo-express <1.0.0 - Info Disclosure
Mar 30, 2021
CVSS 9.8
EPSS 0.75
CVE-2020-28503 HIGH
copy-props < 2.0.5 - Prototype Pollution
Mar 23, 2021
CVSS 7.3
EPSS 0.02
CVE-2020-28501 MEDIUM
es6-crawler-detect <3.1.3 - Info Disclosure
Mar 22, 2021
CVSS 5.3
EPSS 0.01
CVE-2020-28502 HIGH
xmlhttprequest < 1.7.0 and xmlhttprequest-ssl < 1.6.2 - Remote Code Execution via Synchronous Request
Mar 05, 2021
CVSS 8.1
EPSS 0.05
CVE-2020-8298 CRITICAL
fs-path <0.0.25 - Command Injection
Mar 04, 2021
CVSS 9.8
EPSS 0.11
CVE-2020-27543 HIGH
restify-paginate 0.0.5 - Denial of Service via Missing HTTP Host Header
Feb 25, 2021
CVSS 7.5
EPSS 0.03
CVE-2020-28429 HIGH NUCLEI
geojson2kml - OS Command Injection via index.js
Feb 23, 2021
CVSS 7.3
EPSS 0.63
CVE-2020-8902 LOW
Rendertron < 3.0.0 - Server-Side Request Forgery via Headless Chrome Process
Feb 23, 2021
CVSS 3.5
EPSS 0.00
CVE-2020-28248 HIGH
png-img < 3.1.0 - Heap-Based Buffer Overflow via Integer Overflow in PngImg::InitStorage_()
Feb 20, 2021
CVSS 8.8
EPSS 0.02
CVE-2020-28499 HIGH
merge < 2.1.1 - Prototype Pollution via _recursiveMerge
Feb 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2020-28496 HIGH
three < 0.125.0 - Uncontrolled Resource Consumption via RGB/HSL Color Parsing
Feb 18, 2021
CVSS 7.5
EPSS 0.03