npm
4,203 tracked vulnerabilities.
CVE-2020-15270
MEDIUM
parse-server < 4.3.0 and >= 0 < 4.4.0 - Unauthenticated Event Broadcast to Expired Sessions
Oct 22, 2020
CVSS 4.3
EPSS 0.01
CVE-2020-27666
MEDIUM
Strapi < 3.2.5 - Stored Cross-Site Scripting in WYSIWYG Editor Preview
Oct 22, 2020
CVSS 5.4
EPSS 0.01
CVE-2020-27665
HIGH
Strapi < 3.2.5 - Unauthenticated Content-Type Builder Route Access
Oct 22, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-27664
CRITICAL
Strapi < 3.2.5 - Server-Side Request Forgery via Proxy Endpoint
Oct 22, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7750
CRITICAL
scratch-svg-renderer < 0.2.0-prerelease.20201019174008 - Cross-Site Scripting via SVG Injection in loadString
Oct 21, 2020
CVSS 9.6
EPSS 0.06
CVE-2020-7749
HIGH
osm-static-maps < 3.9.0 - Cross-Site Scripting and Server-Side Request Forgery via Template Injection
Oct 20, 2020
CVSS 7.6
EPSS 0.02
CVE-2020-7747
MEDIUM
lightning-server - Cross-Site Scripting in Session Controller
Oct 20, 2020
CVSS 6.3
EPSS 0.01
CVE-2020-15256
HIGH
object-path <= 0.11.4 - Prototype Pollution
Oct 19, 2020
CVSS 7.7
EPSS 0.02
CVE-2020-15262
LOW
Webpack-subresource-integrity <1.5.1 - Info Disclosure
Oct 19, 2020
CVSS 3.7
EPSS 0.01
CVE-2020-7743
HIGH
mathjs < 7.5.1 - Prototype Pollution via deepExtend Function
Oct 13, 2020
CVSS 7.3
EPSS 0.04
CVE-2020-15242
MEDIUM
Next.js >=9.5.0-<9.5.4 - Open Redirect
Oct 08, 2020
CVSS 4.7
EPSS 0.01
CVE-2020-1914
CRITICAL
Facebook Hermes < 2020-10-01 - Always-Incorrect Control Flow Implementation in SaveGeneratorLong Instruction
Oct 08, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-26870
MEDIUM
DOMPurify < 2.0.17 - Mutation Cross-Site Scripting via MathML Namespace Bypass
Oct 07, 2020
CVSS 6.1
EPSS 0.05
CVE-2020-7742
HIGH
simpl-schema <1.10.2 - Info Disclosure
Oct 07, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-7740
HIGH
node-pdf-generator - Server-Side Request Forgery via Unsanitized URL Content
Oct 06, 2020
CVSS 8.2
EPSS 0.02
CVE-2020-24807
HIGH
socket.io-file < 2.0.31 - Remote Code Execution via Modified JSON Name Field
Oct 06, 2020
CVSS 7.8
EPSS 0.02
CVE-2020-15215
MEDIUM
Electron <11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 - Privilege Escalation
Oct 06, 2020
CVSS 5.6
EPSS 0.01
CVE-2020-15174
HIGH
Electron <11.0.0-beta.1,10.0.1,9.3.0,8.5.1 - CSRF
Oct 06, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-7741
CRITICAL
hello.js < 1.18.6 - Cross-Site Scripting via oauth_redirect URL Parameter
Oct 06, 2020
CVSS 9.9
EPSS 0.01
CVE-2020-7739
HIGH
phantomjs-seo - Server-Side Request Forgery via Crafted URL
Oct 06, 2020
CVSS 8.2
EPSS 0.01
CVE-2020-7709
MEDIUM
json-pointer < 0.6.1 - Prototype Pollution via Slash Reference Handling
Oct 05, 2020
CVSS 6.0
EPSS 0.02
CVE-2020-7738
HIGH
shiba - Code Execution via Unsafe js-yaml load()
Oct 02, 2020
CVSS 8.3
EPSS 0.02
CVE-2020-7737
HIGH
safetydance - Prototype Pollution via set Function
Oct 02, 2020
CVSS 7.3
EPSS 0.01
CVE-2020-7736
HIGH
bmoor < 0.8.12 - Prototype Pollution via set Function
Oct 02, 2020
CVSS 7.3
EPSS 0.01
CVE-2020-26149
HIGH
NATS nats.js < 2.0.0-209, nats.ws < 1.0.0-111, and nats.deno < 1.0.0-9 - Insufficiently Protected Credentials
Sep 30, 2020
CVSS 7.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
astro 18
tinymce 18
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters