npm

4,203 tracked vulnerabilities.

CVE-2020-7735 MEDIUM
ng-packagr < 10.1.1 - OS Command Injection via styleIncludePaths Option
Sep 25, 2020
CVSS 6.6
EPSS 0.02
CVE-2020-15930 MEDIUM
Joplin 1.0.190-1.0.245 - Cross-Site Scripting via HTML Embed Tag
Sep 24, 2020
CVSS 6.1
EPSS 0.04
CVE-2020-8237 HIGH
json-bigint < 1.0.0 - Denial of Service via Prototype Pollution
Sep 18, 2020
CVSS 7.5
EPSS 0.02
CVE-2020-8158 CRITICAL
TypeORM <0.2.25 - Prototype Pollution
Sep 18, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7733 HIGH
ua-parser-js < 0.7.22 - Regular Expression Denial of Service via Redmi and Mi Pad User-Agent Parsing
Sep 16, 2020
CVSS 7.5
EPSS 0.04
CVE-2020-24660 CRITICAL
LemonLDAP::NG < 2.0.8 - Unauthenticated URL Access Control Bypass via Non-Normalized URI
Sep 14, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-15168 LOW
node-fetch <2.6.1,3.0.0-beta.9 - Info Disclosure
Sep 10, 2020
CVSS 2.6
EPSS 0.02
CVE-2020-1913 HIGH
Facebook Hermes < 0.4.3 / hermes-engine < 0.5.2 - DoS or RCE via Integer Signedness Error
Sep 09, 2020
CVSS 8.1
EPSS 0.01
CVE-2020-1912 HIGH
Facebook Hermes - Out-of-bounds Read/Write via Lazily Compiled Inner Generator Functions
Sep 09, 2020
CVSS 8.1
EPSS 0.02
CVE-2020-7730 CRITICAL
bestzip < 2.1.7 - OS Command Injection via Options Parameter
Sep 04, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-1911 CRITICAL
Facebook Hermes < 0.4.3 and hermes-engine < 0.5.2 - Type Confusion via Prototype Chain Manipulation
Sep 04, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7729 HIGH
grunt < 1.3.0 - Arbitrary Code Execution via Insecure YAML Deserialization
Sep 03, 2020
CVSS 7.1
EPSS 0.02
CVE-2020-7727 CRITICAL
gedi - Prototype Pollution via set Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7726 CRITICAL
safe-object2 - Prototype Pollution via Setter Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7725 CRITICAL
worksmith - Prototype Pollution via setValue Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7724 CRITICAL
tiny-conf - Prototype Pollution via Set Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7723 CRITICAL
promisehelpers - Prototype Pollution via Insert Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7722 CRITICAL
nodee-utils < 1.2.3 - Prototype Pollution via deepSet Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7721 CRITICAL
node-oojs - Prototype Pollution via setPath Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7720 CRITICAL
node-forge < 0.10.0 - Prototype Pollution via util.setPath
Sep 01, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-7719 CRITICAL
locutus < 2.0.12 - Prototype Pollution via php.strings.parse_str
Sep 01, 2020
CVSS 9.8
EPSS 0.03
CVE-2020-7718 CRITICAL
gammautils - Prototype Pollution via deepSet and deepMerge Functions
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7717 CRITICAL
dot-notes - Prototype Pollution via create Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7716 CRITICAL
deeps - Prototype Pollution via set Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02
CVE-2020-7715 CRITICAL
deep-get-set < 1.1.1 - Prototype Pollution via Main Function
Sep 01, 2020
CVSS 9.8
EPSS 0.02