npm

3,968 tracked vulnerabilities.

CVE-2026-1525 MEDIUM
Undici < 6.24.0 - HTTP Request Smuggling via Duplicate Content-Length Headers
Mar 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-32242 HIGH
Parse Server <9.6.0-alpha.11/8.6.37 - Auth Bypass
Mar 12, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-32230 MEDIUM NUCLEI
Uptime Kuma 2.0.0-2.1.3 - Info Disclosure
Mar 12, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32141 HIGH
flatted < 3.4.0 - Denial of Service via Uncontrolled Recursion in parse() Function
Mar 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31988 MEDIUM
yauzl 3.2.0 - Denial of Service via Off-by-One Error in NTFS Timestamp Parser
Mar 11, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-32106 MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
Mar 11, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-32104 MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
Mar 11, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-32103 MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
Mar 11, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-32234 MEDIUM
Parse Server <9.6.0-alpha.10/8.6.36 - SQL Injection
Mar 11, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-32098 HIGH
Parse Server <9.6.0-alpha.9/8.6.35 - Info Disclosure
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30226 HIGH
Svelte devalue <=5.6.3 - Deserialization
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32063 HIGH
OpenClaw <2026.2.21 - Command Injection
Mar 11, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-32062 HIGH
OpenClaw 2026.2.21-2-2026.2.22 & @openclaw/voice-call 2026.2.21-2026.2.22 - DoS via Media-Stream WebSocket
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32061 MEDIUM
OpenClaw <2026.2.17 - Path Traversal
Mar 11, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-32060 HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 11, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-32059 HIGH
OpenClaw <2026.2.23 - Command Injection
Mar 11, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31829 HIGH
Flowise < 3.0.13 - Server-Side Request Forgery via HTTP Node
Mar 10, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-31828 HIGH
Parse Server <9.5.2-alpha.13/8.6.26 - LDAP Injection
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31800 CRITICAL
Parse Server <9.5.2-alpha.12/8.6.25 - Auth Bypass
Mar 10, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-30972 HIGH
Parse Server <9.5.2-alpha.10/8.6.23 - Auth Bypass
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30967 HIGH
Parse Server <9.5.2-alpha.9/8.6.22 - Auth Bypass
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30966 CRITICAL
Parse Server <9.5.2-alpha.7/8.6.20 - Auth Bypass
Mar 10, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-30965 CRITICAL
Parse Server <9.5.2-alpha.8/8.6.21 - Info Disclosure
Mar 10, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-30962 MEDIUM
Parse Server <9.5.2-alpha.6/8.6.19 - Auth Bypass
Mar 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-30952 HIGH
liquidjs < 10.25.0 - Path Traversal via Layout, Render, and Include Tags
Mar 10, 2026
CVSS 7.5
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV