npm
4,193 tracked vulnerabilities.
CVE-2026-39412
MEDIUM
LiquidJS <10.25.4 sort_natural - Prototype Property Disclosure
Apr 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-35525
HIGH
LiquidJS <10.25.3 Symlinked Templates - Root Restriction Bypass
Apr 08, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-23869
HIGH
React Server Components 19.0.0-19.0.4 19.1.0-19.1.5 19.2.0-19.2.4 - Denial of Service via Crafted HTTP Requests
Apr 08, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-34166
LOW
LiquidJS <10.25.3 replace Filter - Memory Limit Bypass
Apr 08, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-39865
MEDIUM
Axios HTTP/2 Session Cleanup State Corruption Vulnerability
Apr 08, 2026
CVSS 5.9
EPSS 0.01
CVE-2026-39410
MEDIUM
Hono <4.12.12 getCookie() - Cookie Prefix Bypass
Apr 08, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-39409
MEDIUM
Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses
Apr 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-39408
HIGH
Hono <4.12.12 toSSG() - Path Traversal
Apr 08, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-39407
MEDIUM
Hono <4.12.12 serveStatic - Middleware Bypass
Apr 08, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-34781
LOW
Electron crashes in clipboard.readImage() on malformed clipboard image data
Apr 07, 2026
CVSS 2.8
EPSS 0.00
CVE-2026-34765
MEDIUM
Electron named window.open targets not scoped to the opener's browsing context
Apr 07, 2026
CVSS 6.0
EPSS 0.00
CVE-2026-39381
MEDIUM
Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields`
Apr 07, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-39371
HIGH
RedwoodSDK <1.0.6 Server Function Dispatch - Cross-Site Request Forgery
Apr 07, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-39365
MEDIUM
NUCLEI
Vite Optimized Dependency Source Maps - Path Traversal
Apr 07, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-39364
HIGH
NUCLEI
Vite Dev Server server.fs.deny - File Access Bypass
Apr 07, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-39363
HIGH
NUCLEI
Vite Affected by Arbitrary File Read via Vite Dev Server WebSocket
Apr 07, 2026
CVSS 7.5
EPSS 0.03
CVE-2026-39356
HIGH
SQL Injection via escapeName() in all Drizzle ORM SQL dialects
Apr 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-39321
LOW
Parse Server Login Endpoint - User Enumeration Timing Side-Channel
Apr 07, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-35613
MEDIUM
Path traversal in coursevault-preview due to improper base-directory boundary validation
Apr 07, 2026
CVSS 5.1
EPSS 0.00
CVE-2026-35442
HIGH
Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries
Apr 06, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-35441
MEDIUM
Directus Affected by GraphQL Alias Amplification Denial-of-Service Due to Missing Query Cost/Complexity Limits
Apr 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-35413
MEDIUM
Directus GraphQL Schema SDL Disclosure Setting
Apr 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-35412
HIGH
Directus <11.16.1 TUS Uploads - Arbitrary File Overwrite
Apr 06, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-35411
MEDIUM
Directus is an Open Redirect in Admin 2FA Setup Page
Apr 06, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-35410
MEDIUM
Directus <11.16.1 OAuth2/SAML Login - Open Redirect
Apr 06, 2026
CVSS 6.1
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters