npm
4,203 tracked vulnerabilities.
CVE-2020-28458
HIGH
datatables.net < 1.10.23 - Prototype Pollution
Dec 16, 2020
CVSS 7.3
EPSS 0.04
CVE-2020-28442
HIGH
js-data < 3.0.10 - Prototype Pollution via deepFillIn Function
Dec 15, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-35149
MEDIUM
mquery < 3.2.3 - Prototype Pollution via Merge/Clone Operation
Dec 11, 2020
CVSS 5.3
EPSS 0.01
CVE-2020-28440
CRITICAL
corenlp-js-interface - OS Command Injection via Main Function
Dec 11, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-28439
CRITICAL
corenlp-js-prefab - OS Command Injection via corenlp-js-interface Dependency
Dec 11, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7793
HIGH
ua-parser-js < 0.7.23 - Regular Expression Denial of Service
Dec 11, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-7792
HIGH
mout < 1.2.3 - Prototype Pollution via deepFillIn and deepMixIn Functions
Dec 11, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7788
HIGH
ini < 1.3.6 - Prototype Pollution via Malicious INI File Parsing
Dec 11, 2020
CVSS 7.3
EPSS 0.04
CVE-2020-7789
MEDIUM
node-notifier <9.0.0 - Command Injection
Dec 11, 2020
CVSS 5.6
EPSS 0.02
CVE-2020-7787
HIGH
react-adal < 0.5.1 - Improper Authentication via Empty Nonce and Session Values
Dec 09, 2020
CVSS 8.2
EPSS 0.01
CVE-2020-28274
CRITICAL
deepref 1.1.1-1.2.1 - Prototype Pollution
Dec 08, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-26256
MEDIUM
fast-csv < 4.3.6 - Regular Expression Denial of Service via ignoreEmpty Parsing Option
Dec 08, 2020
CVSS 5.7
EPSS 0.02
CVE-2020-28273
CRITICAL
set-in 1.0.0-2.0.0 - Prototype Pollution
Dec 02, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-28272
CRITICAL
keyget 1.0.0-2.2.0 - Prototype Pollution
Dec 02, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-26245
HIGH
systeminformation <4.30.5 - Command Injection
Nov 27, 2020
CVSS 8.1
EPSS 0.02
CVE-2020-7779
MEDIUM
djvalidator - Regular Expression Denial of Service via Crafted Email Input
Nov 26, 2020
CVSS 5.3
EPSS 0.02
CVE-2020-7778
HIGH
Package Systeminformation <4.30.2 - Code Injection
Nov 26, 2020
CVSS 7.3
EPSS 0.02
CVE-2020-26237
MEDIUM
highlight.js < 9.18.2 - Prototype Pollution via Malicious HTML Code Block
Nov 24, 2020
CVSS 5.8
EPSS 0.01
CVE-2020-28360
CRITICAL
private-ip < 1.0.5 - Server-Side Request Forgery via Insufficient RegEx Filtering
Nov 23, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-7777
HIGH
jsen - Code Execution via Untrusted Schema required Field
Nov 23, 2020
CVSS 7.2
EPSS 0.02
CVE-2020-26226
HIGH
semantic-release <17.2.3 - Info Disclosure
Nov 18, 2020
CVSS 8.1
EPSS 0.01
CVE-2020-7774
HIGH
y18n <3.2.2, 4.0.1, 5.0.5 - Prototype Pollution
Nov 17, 2020
CVSS 7.3
EPSS 0.69
CVE-2020-7773
MEDIUM
markdown-it-highlightjs <3.3.1 - XSS
Nov 16, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-28268
HIGH
controlled-merge 1.0.0-1.2.0 - Prototype Pollution
Nov 15, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-7772
HIGH
doc-path < 2.1.2 - Remote Code Execution via Untrusted Input
Nov 15, 2020
CVSS 7.5
EPSS 0.03
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
astro 18
tinymce 18
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters