npm
4,201 tracked vulnerabilities.
CVE-2020-27428
MEDIUM
Scratch-Svg-Renderer 0.2.0 - DOM-based Cross-Site Scripting via Crafted SB3 File
Jan 06, 2022
CVSS 6.1
EPSS 0.01
CVE-2020-36381
CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36380
CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36379
CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36378
CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36377
CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-36376
CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
Oct 31, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-22864
MEDIUM
Froala Editor < 4.0.11 - Cross-Site Scripting via Insert Video Function
Oct 26, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-26301
HIGH
ssh2 < 1.4.0 - OS Command Injection
Sep 20, 2021
CVSS 7.5
EPSS 0.04
CVE-2020-26300
MEDIUM
systeminformation <4.26.2 - Command Injection
Sep 09, 2021
CVSS 5.9
EPSS 0.01
CVE-2020-22403
HIGH
express-cart < 1.1.17 - Cross-Site Request Forgery
Aug 12, 2021
CVSS 8.8
EPSS 0.01
CVE-2020-24939
HIGH
Stampit supermixer < 1.0.5 - Prototype Pollution
Jun 16, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-28469
MEDIUM
glob-parent < 5.1.2 - Uncontrolled Resource Consumption
Jun 03, 2021
CVSS 5.3
EPSS 0.05
CVE-2020-1920
HIGH
React Native 0.59.0-0.64.0 - Regular Expression Denial of Service in validateBaseUrl
Jun 01, 2021
CVSS 7.5
EPSS 0.01
CVE-2020-24391
CRITICAL
NUCLEI
mongo-express <1.0.0 - Info Disclosure
Mar 30, 2021
CVSS 9.8
EPSS 0.75
CVE-2020-28503
HIGH
copy-props < 2.0.5 - Prototype Pollution
Mar 23, 2021
CVSS 7.3
EPSS 0.02
CVE-2020-28501
MEDIUM
es6-crawler-detect <3.1.3 - Info Disclosure
Mar 22, 2021
CVSS 5.3
EPSS 0.01
CVE-2020-28502
HIGH
xmlhttprequest < 1.7.0 and xmlhttprequest-ssl < 1.6.2 - Remote Code Execution via Synchronous Request
Mar 05, 2021
CVSS 8.1
EPSS 0.05
CVE-2020-8298
CRITICAL
fs-path <0.0.25 - Command Injection
Mar 04, 2021
CVSS 9.8
EPSS 0.11
CVE-2020-27543
HIGH
restify-paginate 0.0.5 - Denial of Service via Missing HTTP Host Header
Feb 25, 2021
CVSS 7.5
EPSS 0.03
CVE-2020-28429
HIGH
NUCLEI
geojson2kml - OS Command Injection via index.js
Feb 23, 2021
CVSS 7.3
EPSS 0.63
CVE-2020-8902
LOW
Rendertron < 3.0.0 - Server-Side Request Forgery via Headless Chrome Process
Feb 23, 2021
CVSS 3.5
EPSS 0.00
CVE-2020-28248
HIGH
png-img < 3.1.0 - Heap-Based Buffer Overflow via Integer Overflow in PngImg::InitStorage_()
Feb 20, 2021
CVSS 8.8
EPSS 0.02
CVE-2020-28499
HIGH
merge < 2.1.1 - Prototype Pollution via _recursiveMerge
Feb 18, 2021
CVSS 7.3
EPSS 0.01
CVE-2020-28496
HIGH
three < 0.125.0 - Uncontrolled Resource Consumption via RGB/HSL Color Parsing
Feb 18, 2021
CVSS 7.5
EPSS 0.03
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters