npm
4,203 tracked vulnerabilities.
CVE-2020-27193
MEDIUM
CKEditor 4.15.0 - Cross-Site Scripting via Color Dialog Plugin
Nov 12, 2020
CVSS 6.1
EPSS 0.02
CVE-2020-28271
CRITICAL
deephas 1.0.0-1.0.5 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Nov 12, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28270
CRITICAL
object-hierarchy-access 0.2.0-0.32.0 - Prototype Pollution
Nov 12, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-28269
CRITICAL
field 0.0.1-1.0.1 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Nov 12, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-7770
MEDIUM
json8 < 1.0.3 - Prototype Pollution
Nov 12, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-7769
HIGH
nodemailer <6.4.16 - Command Injection
Nov 12, 2020
CVSS 8.6
EPSS 0.02
CVE-2020-7768
HIGH
grpc < 1.24.4 and @grpc/grpc-js < 1.1.8 - Prototype Pollution via loadPackageDefinition
Nov 11, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-7767
MEDIUM
express-validators - Regular Expression Denial of Service via URL Validation
Nov 11, 2020
CVSS 5.3
EPSS 0.02
CVE-2020-7766
HIGH
json-ptr < 2.0.0 - Prototype Pollution via Force Flag in Set Operation
Nov 10, 2020
CVSS 7.3
EPSS 0.02
CVE-2020-8268
HIGH
json8-merge-patch < 1.0.3 - Code Injection
Nov 09, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7764
MEDIUM
find-my-way <2.2.5 & 3.0.0-3.0.5 - DoS
Nov 08, 2020
CVSS 5.9
EPSS 0.02
CVE-2020-28168
MEDIUM
axios 0.19.0-0.20.0 - Server-Side Request Forgery via Redirect Bypass
Nov 06, 2020
CVSS 5.9
EPSS 0.02
CVE-2020-28249
MEDIUM
Joplin < 1.3.11 - Stored Cross-Site Scripting via LINK Element in Note
Nov 06, 2020
CVSS 6.1
EPSS 0.03
CVE-2020-7763
HIGH
Phantom-html-to-pdf <0.6.1 - Info Disclosure
Nov 05, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7762
MEDIUM
jsreport-chrome-pdf <1.10.0 - Info Disclosure
Nov 05, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-7758
HIGH
browserless/chrome < 1.40.2 - Path Traversal via Workspace Endpoint
Nov 02, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7757
MEDIUM
droppy - Path Traversal
Nov 02, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-7760
MEDIUM
CodeMirror < 5.58.2 - Uncontrolled Resource Consumption via Regular Expression
Oct 30, 2020
CVSS 5.3
EPSS 0.05
CVE-2020-7746
HIGH
chart.js < 2.9.4 - Prototype Pollution via Options Parameter
Oct 29, 2020
CVSS 7.5
EPSS 0.05
CVE-2020-7755
HIGH
dat.gui - Regular Expression Denial of Service via RGB and RGBA Value Parsing
Oct 27, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7754
HIGH
npm-user-validate <1.0.1 - Info Disclosure
Oct 27, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-7753
HIGH
trim < 0.0.3 - Regular Expression Denial of Service via trim()
Oct 27, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-1915
HIGH
Facebook Hermes < 2020-09-25 - Out-of-bounds Read in JavaScript Interpreter
Oct 26, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7752
HIGH
systeminformation < 4.27.11 - OS Command Injection via curl Parameter Concatenation
Oct 26, 2020
CVSS 8.8
EPSS 0.06
CVE-2020-7751
MEDIUM
pathval < 1.1.1 - Prototype Pollution
Oct 26, 2020
CVSS 6.0
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
astro 18
tinymce 18
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters