npm
4,193 tracked vulnerabilities.
CVE-2026-33671
HIGH
Picomatch Extglob Quantifiers - Regular Expression Denial of Service
Mar 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33532
MEDIUM
yaml is vulnerable to Stack Overflow via deeply nested YAML collections
Mar 26, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-4926
HIGH
path-to-regexp vulnerable to Denial of Service via sequential optional groups
Mar 26, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-4923
MEDIUM
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple wildcards
Mar 26, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-33732
MEDIUM
srvx is vulnerable to middleware bypass via absolute URI in request line
Mar 26, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-33490
LOW
h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes
Mar 26, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-4867
HIGH
path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters
Mar 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33468
HIGH
Kysely <0.28.14 MySQL String Literals - SQL Injection
Mar 26, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-33442
HIGH
Kysely 0.28.12-0.28.13 MySQL JSON Path Keys - SQL Injection
Mar 26, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-32846
HIGH
OpenClaw Media Parsing Path Traversal to Arbitrary File Read
Mar 26, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-33287
HIGH
LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern
Mar 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33285
HIGH
LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash
Mar 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33751
MEDIUM
n8n Vulnerable to LDAP Filter Injection in LDAP Node
Mar 25, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-33749
CRITICAL
n8n Vulnerable to XSS via Binary Data Inline HTML Rendering
Mar 25, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-33724
HIGH
n8n's Source Control SSH Configuration Uses StrictHostKeyChecking=no
Mar 25, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-33722
MEDIUM
n8n Has External Secrets Authorization Bypass in Credential Saving
Mar 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-33720
MEDIUM
n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK
Mar 25, 2026
CVSS 4.2
EPSS 0.00
CVE-2026-33713
HIGH
n8n Vulnerable to SQL Injection in Data Table Node via orderByColumn Expression
Mar 25, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33696
HIGH
n8n Vulnerable to Prototype Pollution in XML & GSuiteAdmin node parameters lead to RCE
Mar 25, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-33665
HIGH
n8n: LDAP Email-Based Account Linking Allows Privilege Escalation and Account Takeover
Mar 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-33663
MEDIUM
n8n Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition
Mar 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-33660
HIGH
n8n Has Multiple Remote Code Execution Vulnerabilities in Merge Node AlaSQL SQL Mode
Mar 25, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-27496
MEDIUM
n8n has In-Process Memory Disclosure in its Task Runner
Mar 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26833
CRITICAL
thumbler <=1.1.2 - Command Injection
Mar 25, 2026
CVSS 9.8
EPSS 0.02
CVE-2026-26832
CRITICAL
node-tesseract-ocr through 2.2.1 - Command Injection
Mar 25, 2026
CVSS 9.8
EPSS 0.02
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters