npm

4,201 tracked vulnerabilities.

CVE-2020-28490 CRITICAL
async-git < 1.13.2 - OS Command Injection via Shell Meta-Characters
Feb 18, 2021
CVSS 9.1
EPSS 0.03
CVE-2020-28500 MEDIUM
lodash < 4.17.21 - Regular Expression Denial of Service via toNumber trim and trimEnd
Feb 15, 2021
CVSS 5.3
EPSS 0.07
CVE-2020-26299 MEDIUM
ftp-srv < 4.4.0 - Path Traversal via CWD and UPDR Commands
Feb 10, 2021
CVSS 6.3
EPSS 0.02
CVE-2020-7786 CRITICAL
macfromip - OS Command Injection in macfromip.js
Feb 08, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-7785 CRITICAL
node-ps - OS Command Injection via lib/index.js
Feb 08, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-7782 CRITICAL
spritesheet-js - OS Command Injection via platform-command Dependency
Feb 08, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-28450 HIGH
decal - Prototype Pollution via Extend Function
Feb 04, 2021
CVSS 8.6
EPSS 0.02
CVE-2020-28449 HIGH
decal - Prototype Pollution via set Function
Feb 04, 2021
CVSS 8.6
EPSS 0.02
CVE-2020-7775 CRITICAL
Package freediskspace - Code Injection
Feb 02, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-28498 MEDIUM
elliptic < 6.5.4 - Cryptographic Side-Channel via secp256k1 ECDH Key Derivation
Feb 02, 2021
CVSS 6.8
EPSS 0.01
CVE-2020-28495 HIGH
total.js < 3.4.7 - Prototype Pollution via Path Key Sanitization Bypass
Feb 02, 2021
CVSS 7.3
EPSS 0.04
CVE-2020-28494 HIGH
total.js < 3.4.7 - OS Command Injection via Image Type Parameter
Feb 02, 2021
CVSS 8.6
EPSS 0.02
CVE-2020-21176 CRITICAL
ThinkJS 3.2.10 - SQL Injection via model.increment and model.decrement step parameter
Feb 01, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-28426 HIGH
kill-process-on-port - OS Command Injection via a.getProcessPortId
Feb 01, 2021
CVSS 7.3
EPSS 0.02
CVE-2020-26272 MEDIUM
Electron <9.4.0, 10.2.0, 11.1.0, 12.0.0-beta.9 - Info Disclosure
Jan 28, 2021
CVSS 5.4
EPSS 0.02
CVE-2020-28487 MEDIUM
vis-timeline < 7.4.4 - Cross-Site Scripting via Timeline Items
Jan 22, 2021
CVSS 6.8
EPSS 0.01
CVE-2020-28482 MEDIUM
fastify-csrf < 3.0.0 - Exposure of Sensitive Information via Insecure Cookie and GET Query Parameter
Jan 19, 2021
CVSS 5.9
EPSS 0.01
CVE-2020-28481 MEDIUM
socket.io < 2.4.0 - Insecure Defaults via CORS Misconfiguration
Jan 19, 2021
CVSS 5.3
EPSS 0.01
CVE-2020-28480 HIGH
jointjs < 3.3.0 - Prototype Pollution via util.setByPath
Jan 19, 2021
CVSS 7.3
EPSS 0.01
CVE-2020-28479 MEDIUM
jointjs < 3.3.0 - Denial of Service via unsetByPath Function
Jan 19, 2021
CVSS 5.9
EPSS 0.02
CVE-2020-28478 HIGH
gsap <3.6.0 - Info Disclosure
Jan 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-28477 HIGH
immer < 8.0.1 - Prototype Pollution
Jan 19, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-28472 HIGH
@aws-sdk/shared-ini-file-loader <1.0.0-rc.9 - Prototype Pollution
Jan 19, 2021
CVSS 7.3
EPSS 0.02
CVE-2020-24025 MEDIUM
node-sass <4.14.1 - Info Disclosure
Jan 11, 2021
CVSS 5.3
EPSS 0.01
CVE-2020-23849 MEDIUM
jsoneditor < 9.0.2 - Stored Cross-Site Scripting in Tree Mode
Jan 11, 2021
CVSS 6.1
EPSS 0.01