npm

4,203 tracked vulnerabilities.

CVE-2020-28458 HIGH
datatables.net < 1.10.23 - Prototype Pollution
Dec 16, 2020
CVSS 7.3
EPSS 0.04
CVE-2020-28442 HIGH
js-data < 3.0.10 - Prototype Pollution via deepFillIn Function
Dec 15, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-35149 MEDIUM
mquery < 3.2.3 - Prototype Pollution via Merge/Clone Operation
Dec 11, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-28440 CRITICAL
corenlp-js-interface - OS Command Injection via Main Function
Dec 11, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-28439 CRITICAL
corenlp-js-prefab - OS Command Injection via corenlp-js-interface Dependency
Dec 11, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7793 HIGH
ua-parser-js < 0.7.23 - Regular Expression Denial of Service
Dec 11, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-7792 HIGH
mout < 1.2.3 - Prototype Pollution via deepFillIn and deepMixIn Functions
Dec 11, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7788 HIGH
ini < 1.3.6 - Prototype Pollution via Malicious INI File Parsing
Dec 11, 2020
CVSS 7.3
EPSS 0.04
CVE-2020-7789 MEDIUM
node-notifier <9.0.0 - Command Injection
Dec 11, 2020
CVSS 5.6
EPSS 0.02
CVE-2020-7787 HIGH
react-adal < 0.5.1 - Improper Authentication via Empty Nonce and Session Values
Dec 09, 2020
CVSS 8.2
EPSS 0.01
CVE-2020-28274 CRITICAL
deepref 1.1.1-1.2.1 - Prototype Pollution
Dec 08, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-26256 MEDIUM
fast-csv < 4.3.6 - Regular Expression Denial of Service via ignoreEmpty Parsing Option
Dec 08, 2020
CVSS 5.7
EPSS 0.02
CVE-2020-28273 CRITICAL
set-in 1.0.0-2.0.0 - Prototype Pollution
Dec 02, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-28272 CRITICAL
keyget 1.0.0-2.2.0 - Prototype Pollution
Dec 02, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-26245 HIGH
systeminformation <4.30.5 - Command Injection
Nov 27, 2020
CVSS 8.1
EPSS 0.02
CVE-2020-7779 MEDIUM
djvalidator - Regular Expression Denial of Service via Crafted Email Input
Nov 26, 2020
CVSS 5.3
EPSS 0.02
CVE-2020-7778 HIGH
Package Systeminformation <4.30.2 - Code Injection
Nov 26, 2020
CVSS 7.3
EPSS 0.02
CVE-2020-26237 MEDIUM
highlight.js < 9.18.2 - Prototype Pollution via Malicious HTML Code Block
Nov 24, 2020
CVSS 5.8
EPSS 0.01
CVE-2020-28360 CRITICAL
private-ip < 1.0.5 - Server-Side Request Forgery via Insufficient RegEx Filtering
Nov 23, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-7777 HIGH
jsen - Code Execution via Untrusted Schema required Field
Nov 23, 2020
CVSS 7.2
EPSS 0.02
CVE-2020-26226 HIGH
semantic-release <17.2.3 - Info Disclosure
Nov 18, 2020
CVSS 8.1
EPSS 0.01
CVE-2020-7774 HIGH
y18n <3.2.2, 4.0.1, 5.0.5 - Prototype Pollution
Nov 17, 2020
CVSS 7.3
EPSS 0.69
CVE-2020-7773 MEDIUM
markdown-it-highlightjs <3.3.1 - XSS
Nov 16, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-28268 HIGH
controlled-merge 1.0.0-1.2.0 - Prototype Pollution
Nov 15, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-7772 HIGH
doc-path < 2.1.2 - Remote Code Execution via Untrusted Input
Nov 15, 2020
CVSS 7.5
EPSS 0.03