npm

4,203 tracked vulnerabilities.

CVE-2020-24025 MEDIUM
node-sass <4.14.1 - Info Disclosure
Jan 11, 2021
CVSS 5.3
EPSS 0.01
CVE-2020-23849 MEDIUM
jsoneditor < 9.0.2 - Stored Cross-Site Scripting in Tree Mode
Jan 11, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-7794 CRITICAL
buns - OS Command Injection via install Function
Jan 08, 2021
CVSS 9.8
EPSS 0.02
CVE-2020-7784 CRITICAL
ts-process-promises - Code Injection
Jan 08, 2021
CVSS 9.8
EPSS 0.01
CVE-2020-36049 HIGH
socket.io-parser < 3.4.1 - Denial of Service via Large Packet Memory Consumption
Jan 08, 2021
CVSS 7.5
EPSS 0.03
CVE-2020-36048 HIGH
Engine.IO < 4.0.0 - Denial of Service via Long Polling Transport
Jan 08, 2021
CVSS 7.5
EPSS 0.03
CVE-2020-26768 MEDIUM
formstone <=1.4.16 - Reflected Cross-Site Scripting in upload-target.php and upload-chunked.php
Jan 07, 2021
CVSS 6.1
EPSS 0.01
CVE-2020-7771 HIGH
asciitable.js <1.0.3 - Info Disclosure
Jan 04, 2021
CVSS 7.5
EPSS 0.02
CVE-2020-28464 CRITICAL
djv < 2.1.4 - Remote Code Execution via Schema File Injection
Jan 04, 2021
CVSS 9.8
EPSS 0.03
CVE-2020-26291 MEDIUM
URI.js <1.19.4 - Hostname Spoofing via Backslash-At URL Parsing
Dec 31, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-26296 HIGH
Vega < 5.17.3 - Cross-Site Scripting via Crafted Expression
Dec 30, 2020
CVSS 8.7
EPSS 0.01
CVE-2020-26288 HIGH
Parse Server <4.5.0 - Info Disclosure
Dec 30, 2020
CVSS 7.7
EPSS 0.01
CVE-2020-28283 CRITICAL
libnested < 1.5.0 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28282 CRITICAL
getobject < 1.0.0 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-28281 CRITICAL
set-object-value < 0.0.5 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-28280 CRITICAL
predefine < 0.1.2 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28279 CRITICAL
flattenizer 0.0.5-1.0.5 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28278 CRITICAL
shvl 1.0.0-2.0.1 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28277 CRITICAL
dset 1.0.0-2.0.1 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28276 CRITICAL
deep-set 1.0.0-1.0.1 - Prototype Pollution
Dec 29, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-26289 HIGH
date-and-time < 0.14.2 - Denial of Service via Regular Expression Parsing
Dec 28, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-28460 MEDIUM
multi-ini < 2.1.2 - Prototype Pollution via Constructor Proto Array Bypass
Dec 22, 2020
CVSS 5.6
EPSS 0.02
CVE-2020-28448 MEDIUM
multi-ini < 2.1.1 - Prototype Pollution via Array Input
Dec 22, 2020
CVSS 5.6
EPSS 0.01
CVE-2020-26274 MEDIUM
systeminformation <4.31.1 - Command Injection
Dec 16, 2020
CVSS 6.4
EPSS 0.03
CVE-2020-7781 CRITICAL
Package connection-tester <0.2.1 - Code Injection
Dec 16, 2020
CVSS 9.8
EPSS 0.02