npm
4,203 tracked vulnerabilities.
CVE-2020-24025
MEDIUM
node-sass <4.14.1 - Info Disclosure
Jan 11, 2021
CVSS 5.3
EPSS 0.01
CVE-2020-23849
MEDIUM
jsoneditor < 9.0.2 - Stored Cross-Site Scripting in Tree Mode
Jan 11, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-7794
CRITICAL
buns - OS Command Injection via install Function
Jan 08, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-7784
CRITICAL
ts-process-promises - Code Injection
Jan 08, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-36049
HIGH
socket.io-parser < 3.4.1 - Denial of Service via Large Packet Memory Consumption
Jan 08, 2021
CVSS 7.5
EPSS 0.03
CVE-2020-36048
HIGH
Engine.IO < 4.0.0 - Denial of Service via Long Polling Transport
Jan 08, 2021
CVSS 7.5
EPSS 0.03
CVE-2020-26768
MEDIUM
formstone <=1.4.16 - Reflected Cross-Site Scripting in upload-target.php and upload-chunked.php
Jan 07, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-7771
HIGH
asciitable.js <1.0.3 - Info Disclosure
Jan 04, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-28464
CRITICAL
djv < 2.1.4 - Remote Code Execution via Schema File Injection
Jan 04, 2021
CVSS 9.8
EPSS 0.03
CVE-2020-26291
MEDIUM
URI.js <1.19.4 - Hostname Spoofing via Backslash-At URL Parsing
Dec 31, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-26296
HIGH
Vega < 5.17.3 - Cross-Site Scripting via Crafted Expression
Dec 30, 2020
CVSS 8.7
EPSS 0.01
CVE-2020-26288
HIGH
Parse Server <4.5.0 - Info Disclosure
Dec 30, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-28283
CRITICAL
libnested < 1.5.0 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28282
CRITICAL
getobject < 1.0.0 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-28281
CRITICAL
set-object-value < 0.0.5 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-28280
CRITICAL
predefine < 0.1.2 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28279
CRITICAL
flattenizer 0.0.5-1.0.5 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28278
CRITICAL
shvl 1.0.0-2.0.1 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28277
CRITICAL
dset 1.0.0-2.0.1 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28276
CRITICAL
deep-set 1.0.0-1.0.1 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-26289
HIGH
date-and-time < 0.14.2 - Denial of Service via Regular Expression Parsing
Dec 28, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-28460
MEDIUM
multi-ini < 2.1.2 - Prototype Pollution via Constructor Proto Array Bypass
Dec 22, 2020
CVSS 5.6
EPSS 0.02
CVE-2020-28448
MEDIUM
multi-ini < 2.1.1 - Prototype Pollution via Array Input
Dec 22, 2020
CVSS 5.6
EPSS 0.01
CVE-2020-26274
MEDIUM
systeminformation <4.31.1 - Command Injection
Dec 16, 2020
CVSS 6.4
EPSS 0.03
CVE-2020-7781
CRITICAL
Package connection-tester <0.2.1 - Code Injection
Dec 16, 2020
CVSS 9.8
EPSS 0.02
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
astro 18
tinymce 18
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters