npm

4,203 tracked vulnerabilities.

CVE-2020-27193 MEDIUM
CKEditor 4.15.0 - Cross-Site Scripting via Color Dialog Plugin
Nov 12, 2020
CVSS 6.1
EPSS 0.02
CVE-2020-28271 CRITICAL
deephas 1.0.0-1.0.5 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Nov 12, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-28270 CRITICAL
object-hierarchy-access 0.2.0-0.32.0 - Prototype Pollution
Nov 12, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-28269 CRITICAL
field 0.0.1-1.0.1 - Prototype Pollution leading to Denial of Service and Remote Code Execution
Nov 12, 2020
CVSS 9.8
EPSS 0.04
CVE-2020-7770 MEDIUM
json8 < 1.0.3 - Prototype Pollution
Nov 12, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-7769 HIGH
nodemailer <6.4.16 - Command Injection
Nov 12, 2020
CVSS 8.6
EPSS 0.02
CVE-2020-7768 HIGH
grpc < 1.24.4 and @grpc/grpc-js < 1.1.8 - Prototype Pollution via loadPackageDefinition
Nov 11, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-7767 MEDIUM
express-validators - Regular Expression Denial of Service via URL Validation
Nov 11, 2020
CVSS 5.3
EPSS 0.02
CVE-2020-7766 HIGH
json-ptr < 2.0.0 - Prototype Pollution via Force Flag in Set Operation
Nov 10, 2020
CVSS 7.3
EPSS 0.02
CVE-2020-8268 HIGH
json8-merge-patch < 1.0.3 - Code Injection
Nov 09, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7764 MEDIUM
find-my-way <2.2.5 & 3.0.0-3.0.5 - DoS
Nov 08, 2020
CVSS 5.9
EPSS 0.02
CVE-2020-28168 MEDIUM
axios 0.19.0-0.20.0 - Server-Side Request Forgery via Redirect Bypass
Nov 06, 2020
CVSS 5.9
EPSS 0.02
CVE-2020-28249 MEDIUM
Joplin < 1.3.11 - Stored Cross-Site Scripting via LINK Element in Note
Nov 06, 2020
CVSS 6.1
EPSS 0.03
CVE-2020-7763 HIGH
Phantom-html-to-pdf <0.6.1 - Info Disclosure
Nov 05, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7762 MEDIUM
jsreport-chrome-pdf <1.10.0 - Info Disclosure
Nov 05, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-7758 HIGH
browserless/chrome < 1.40.2 - Path Traversal via Workspace Endpoint
Nov 02, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7757 MEDIUM
droppy - Path Traversal
Nov 02, 2020
CVSS 6.5
EPSS 0.02
CVE-2020-7760 MEDIUM
CodeMirror < 5.58.2 - Uncontrolled Resource Consumption via Regular Expression
Oct 30, 2020
CVSS 5.3
EPSS 0.05
CVE-2020-7746 HIGH
chart.js < 2.9.4 - Prototype Pollution via Options Parameter
Oct 29, 2020
CVSS 7.5
EPSS 0.05
CVE-2020-7755 HIGH
dat.gui - Regular Expression Denial of Service via RGB and RGBA Value Parsing
Oct 27, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7754 HIGH
npm-user-validate <1.0.1 - Info Disclosure
Oct 27, 2020
CVSS 7.5
EPSS 0.03
CVE-2020-7753 HIGH
trim < 0.0.3 - Regular Expression Denial of Service via trim()
Oct 27, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-1915 HIGH
Facebook Hermes < 2020-09-25 - Out-of-bounds Read in JavaScript Interpreter
Oct 26, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7752 HIGH
systeminformation < 4.27.11 - OS Command Injection via curl Parameter Concatenation
Oct 26, 2020
CVSS 8.8
EPSS 0.06
CVE-2020-7751 MEDIUM
pathval < 1.1.1 - Prototype Pollution
Oct 26, 2020
CVSS 6.0
EPSS 0.01