npm
4,203 tracked vulnerabilities.
CVE-2020-7735
MEDIUM
ng-packagr < 10.1.1 - OS Command Injection via styleIncludePaths Option
Sep 25, 2020
CVSS 6.6
EPSS 0.02
CVE-2020-15930
MEDIUM
Joplin 1.0.190-1.0.245 - Cross-Site Scripting via HTML Embed Tag
Sep 24, 2020
CVSS 6.1
EPSS 0.04
CVE-2020-8237
HIGH
json-bigint < 1.0.0 - Denial of Service via Prototype Pollution
Sep 18, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-8158
CRITICAL
TypeORM <0.2.25 - Prototype Pollution
Sep 18, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7733
HIGH
ua-parser-js < 0.7.22 - Regular Expression Denial of Service via Redmi and Mi Pad User-Agent Parsing
Sep 16, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-24660
CRITICAL
LemonLDAP::NG < 2.0.8 - Unauthenticated URL Access Control Bypass via Non-Normalized URI
Sep 14, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-15168
LOW
node-fetch <2.6.1,3.0.0-beta.9 - Info Disclosure
Sep 10, 2020
CVSS 2.6
EPSS 0.02
CVE-2020-1913
HIGH
Facebook Hermes < 0.4.3 / hermes-engine < 0.5.2 - DoS or RCE via Integer Signedness Error
Sep 09, 2020
CVSS 8.1
EPSS 0.01
CVE-2020-1912
HIGH
Facebook Hermes - Out-of-bounds Read/Write via Lazily Compiled Inner Generator Functions
Sep 09, 2020
CVSS 8.1
EPSS 0.02
CVE-2020-7730
CRITICAL
bestzip < 2.1.7 - OS Command Injection via Options Parameter
Sep 04, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-1911
CRITICAL
Facebook Hermes < 0.4.3 and hermes-engine < 0.5.2 - Type Confusion via Prototype Chain Manipulation
Sep 04, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7729
HIGH
grunt < 1.3.0 - Arbitrary Code Execution via Insecure YAML Deserialization
Sep 03, 2020
CVSS 7.1
EPSS 0.02
CVE-2020-7727
CRITICAL
gedi - Prototype Pollution via set Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7726
CRITICAL
safe-object2 - Prototype Pollution via Setter Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7725
CRITICAL
worksmith - Prototype Pollution via setValue Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7724
CRITICAL
tiny-conf - Prototype Pollution via Set Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7723
CRITICAL
promisehelpers - Prototype Pollution via Insert Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7722
CRITICAL
nodee-utils < 1.2.3 - Prototype Pollution via deepSet Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7721
CRITICAL
node-oojs - Prototype Pollution via setPath Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7720
CRITICAL
node-forge < 0.10.0 - Prototype Pollution via util.setPath
Sep 01, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-7719
CRITICAL
locutus < 2.0.12 - Prototype Pollution via php.strings.parse_str
Sep 01, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-7718
CRITICAL
gammautils - Prototype Pollution via deepSet and deepMerge Functions
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7717
CRITICAL
dot-notes - Prototype Pollution via create Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7716
CRITICAL
deeps - Prototype Pollution via set Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7715
CRITICAL
deep-get-set < 1.1.1 - Prototype Pollution via Main Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
astro 18
tinymce 18
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
angular 13
flowise-components 13
react-router 13
signalk-server 13
Quick Filters