npm

4,203 tracked vulnerabilities.

CVE-2020-15270 MEDIUM
parse-server < 4.3.0 and >= 0 < 4.4.0 - Unauthenticated Event Broadcast to Expired Sessions
Oct 22, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-27666 MEDIUM
Strapi < 3.2.5 - Stored Cross-Site Scripting in WYSIWYG Editor Preview
Oct 22, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-27665 HIGH
Strapi < 3.2.5 - Unauthenticated Content-Type Builder Route Access
Oct 22, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-27664 CRITICAL
Strapi < 3.2.5 - Server-Side Request Forgery via Proxy Endpoint
Oct 22, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7750 CRITICAL
scratch-svg-renderer < 0.2.0-prerelease.20201019174008 - Cross-Site Scripting via SVG Injection in loadString
Oct 21, 2020
CVSS 9.6
EPSS 0.06
CVE-2020-7749 HIGH
osm-static-maps < 3.9.0 - Cross-Site Scripting and Server-Side Request Forgery via Template Injection
Oct 20, 2020
CVSS 7.6
EPSS 0.02
CVE-2020-7747 MEDIUM
lightning-server - Cross-Site Scripting in Session Controller
Oct 20, 2020
CVSS 6.3
EPSS 0.01
CVE-2020-15256 HIGH
object-path <= 0.11.4 - Prototype Pollution
Oct 19, 2020
CVSS 7.7
EPSS 0.02
CVE-2020-15262 LOW
Webpack-subresource-integrity <1.5.1 - Info Disclosure
Oct 19, 2020
CVSS 3.7
EPSS 0.01
CVE-2020-7743 HIGH
mathjs < 7.5.1 - Prototype Pollution via deepExtend Function
Oct 13, 2020
CVSS 7.3
EPSS 0.04
CVE-2020-15242 MEDIUM
Next.js >=9.5.0-<9.5.4 - Open Redirect
Oct 08, 2020
CVSS 4.7
EPSS 0.01
CVE-2020-1914 CRITICAL
Facebook Hermes < 2020-10-01 - Always-Incorrect Control Flow Implementation in SaveGeneratorLong Instruction
Oct 08, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-26870 MEDIUM
DOMPurify < 2.0.17 - Mutation Cross-Site Scripting via MathML Namespace Bypass
Oct 07, 2020
CVSS 6.1
EPSS 0.05
CVE-2020-7742 HIGH
simpl-schema <1.10.2 - Info Disclosure
Oct 07, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7740 HIGH
node-pdf-generator - Server-Side Request Forgery via Unsanitized URL Content
Oct 06, 2020
CVSS 8.2
EPSS 0.02
CVE-2020-24807 HIGH
socket.io-file < 2.0.31 - Remote Code Execution via Modified JSON Name Field
Oct 06, 2020
CVSS 7.8
EPSS 0.02
CVE-2020-15215 MEDIUM
Electron <11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 - Privilege Escalation
Oct 06, 2020
CVSS 5.6
EPSS 0.01
CVE-2020-15174 HIGH
Electron <11.0.0-beta.1,10.0.1,9.3.0,8.5.1 - CSRF
Oct 06, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7741 CRITICAL
hello.js < 1.18.6 - Cross-Site Scripting via oauth_redirect URL Parameter
Oct 06, 2020
CVSS 9.9
EPSS 0.01
CVE-2020-7739 HIGH
phantomjs-seo - Server-Side Request Forgery via Crafted URL
Oct 06, 2020
CVSS 8.2
EPSS 0.01
CVE-2020-7709 MEDIUM
json-pointer < 0.6.1 - Prototype Pollution via Slash Reference Handling
Oct 05, 2020
CVSS 6.0
EPSS 0.02
CVE-2020-7738 HIGH
shiba - Code Execution via Unsafe js-yaml load()
Oct 02, 2020
CVSS 8.3
EPSS 0.02
CVE-2020-7737 HIGH
safetydance - Prototype Pollution via set Function
Oct 02, 2020
CVSS 7.3
EPSS 0.01
CVE-2020-7736 HIGH
bmoor < 0.8.12 - Prototype Pollution via set Function
Oct 02, 2020
CVSS 7.3
EPSS 0.01
CVE-2020-26149 HIGH
NATS nats.js < 2.0.0-209, nats.ws < 1.0.0-111, and nats.deno < 1.0.0-9 - Insufficiently Protected Credentials
Sep 30, 2020
CVSS 7.5
EPSS 0.01