npm
4,201 tracked vulnerabilities.
CVE-2020-28490
CRITICAL
async-git < 1.13.2 - OS Command Injection via Shell Meta-Characters
Feb 18, 2021
CVSS 9.1
EPSS 0.03
CVE-2020-28500
MEDIUM
lodash < 4.17.21 - Regular Expression Denial of Service via toNumber trim and trimEnd
Feb 15, 2021
CVSS 5.3
EPSS 0.07
CVE-2020-26299
MEDIUM
ftp-srv < 4.4.0 - Path Traversal via CWD and UPDR Commands
Feb 10, 2021
CVSS 6.3
EPSS 0.02
CVE-2020-7786
CRITICAL
macfromip - OS Command Injection in macfromip.js
Feb 08, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-7785
CRITICAL
node-ps - OS Command Injection via lib/index.js
Feb 08, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-7782
CRITICAL
spritesheet-js - OS Command Injection via platform-command Dependency
Feb 08, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-28450
HIGH
decal - Prototype Pollution via Extend Function
Feb 04, 2021
CVSS 8.6
EPSS 0.02
CVE-2020-28449
HIGH
decal - Prototype Pollution via set Function
Feb 04, 2021
CVSS 8.6
EPSS 0.02
CVE-2020-7775
CRITICAL
Package freediskspace - Code Injection
Feb 02, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-28498
MEDIUM
elliptic < 6.5.4 - Cryptographic Side-Channel via secp256k1 ECDH Key Derivation
Feb 02, 2021
CVSS 6.8
EPSS 0.01
CVE-2020-28495
HIGH
total.js < 3.4.7 - Prototype Pollution via Path Key Sanitization Bypass
Feb 02, 2021
CVSS 7.3
EPSS 0.04
CVE-2020-28494
HIGH
total.js < 3.4.7 - OS Command Injection via Image Type Parameter
Feb 02, 2021
CVSS 8.6
EPSS 0.02
CVE-2020-21176
CRITICAL
ThinkJS 3.2.10 - SQL Injection via model.increment and model.decrement step parameter
Feb 01, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-28426
HIGH
kill-process-on-port - OS Command Injection via a.getProcessPortId
Feb 01, 2021
CVSS 7.3
EPSS 0.02
CVE-2020-26272
MEDIUM
Electron <9.4.0, 10.2.0, 11.1.0, 12.0.0-beta.9 - Info Disclosure
Jan 28, 2021
CVSS 5.4
EPSS 0.02
CVE-2020-28487
MEDIUM
vis-timeline < 7.4.4 - Cross-Site Scripting via Timeline Items
Jan 22, 2021
CVSS 6.8
EPSS 0.01
CVE-2020-28482
MEDIUM
fastify-csrf < 3.0.0 - Exposure of Sensitive Information via Insecure Cookie and GET Query Parameter
Jan 19, 2021
CVSS 5.9
EPSS 0.01
CVE-2020-28481
MEDIUM
socket.io < 2.4.0 - Insecure Defaults via CORS Misconfiguration
Jan 19, 2021
CVSS 5.3
EPSS 0.01
CVE-2020-28480
HIGH
jointjs < 3.3.0 - Prototype Pollution via util.setByPath
Jan 19, 2021
CVSS 7.3
EPSS 0.01
CVE-2020-28479
MEDIUM
jointjs < 3.3.0 - Denial of Service via unsetByPath Function
Jan 19, 2021
CVSS 5.9
EPSS 0.02
CVE-2020-28478
HIGH
gsap <3.6.0 - Info Disclosure
Jan 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-28477
HIGH
immer < 8.0.1 - Prototype Pollution
Jan 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-28472
HIGH
@aws-sdk/shared-ini-file-loader <1.0.0-rc.9 - Prototype Pollution
Jan 19, 2021
CVSS 7.3
EPSS 0.02
CVE-2020-24025
MEDIUM
node-sass <4.14.1 - Info Disclosure
Jan 11, 2021
CVSS 5.3
EPSS 0.01
CVE-2020-23849
MEDIUM
jsoneditor < 9.0.2 - Stored Cross-Site Scripting in Tree Mode
Jan 11, 2021
CVSS 6.1
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters