npm

3,968 tracked vulnerabilities.

CVE-2026-30951 HIGH
Sequelize < 6.37.8 - SQL Injection via Unescaped Cast Type in JSON/JSONB Where Clause
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30949 HIGH
Parse Server <9.5.2-alpha.5/8.6.18 - Auth Bypass
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30948 MEDIUM
Parse Server <9.5.2-alpha.4/8.6.17 - XSS
Mar 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-30947 HIGH
Parse Server <9.5.2-alpha.3/8.6.16 - Info Disclosure
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30946 HIGH
Parse Server <9.5.2-alpha.2/8.6.15 - DoS
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28292 CRITICAL
simple-git 3.15.0-3.32.2 - Remote Code Execution
Mar 10, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-26801 HIGH
pdfmake 0.3.0-beta.2-0.3.5 - Server-Side Request Forgery via URLResolver
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30945 HIGH
StudioCMS <0.4.0 - Privilege Escalation
Mar 10, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-30941 HIGH
Parse Server <8.6.14/9.5.2-alpha.1 - NoSQL Injection
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31802 MEDIUM
tar < 7.5.11 - Path Traversal via Drive-Relative Symlink Target
Mar 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-30863 CRITICAL
Parse Server <8.6.10/9.5.0-alpha.11 - Auth Bypass
Mar 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-30854 MEDIUM
Parse Server 9.3.1-alpha.3-9.5.0-alpha.10 - Info Disclosure
Mar 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-30850 MEDIUM
Parse Server <8.6.9/9.5.0-alpha.9 - Auth Bypass
Mar 07, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-30848 LOW
Parse Server <8.6.8/9.5.0-alpha.8 - Path Traversal
Mar 07, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-29786 MEDIUM
tar < 7.5.10 - Path Traversal via Drive-Relative Hardlink
Mar 07, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-29784 HIGH
Ghost 5.101.6-6.19.2 - Cross-Site Request Forgery via Session Verification
Mar 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30830 MEDIUM
defuddle < 0.9.0 - Cross-Site Scripting via Image Alt Attribute
Mar 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-30827 HIGH
express-rate-limit 8.0.0-8.0.1 - DoS
Mar 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30824 CRITICAL NUCLEI
Flowise < 3.0.13 - Unauthenticated Privileged Endpoint Access via NVIDIA NIM Router Whitelist
Mar 07, 2026
CVSS 9.8
EPSS 0.22
CVE-2026-30823 HIGH
Flowise < 3.0.13 - Unauthenticated IDOR and Account Takeover via SSO Configuration
Mar 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30822 HIGH
Flowise < 3.0.13 - Unauthenticated Arbitrary Database Field Injection via Lead Creation
Mar 07, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-30821 CRITICAL
Flowise < 3.0.13 - Unauthenticated Unrestricted Upload of File with Dangerous Type via Spoofed Content-Type
Mar 07, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-30820 HIGH
Flowise <3.0.13 - Privilege Escalation
Mar 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30241 HIGH
mercurius < 16.8.0 - Incorrect Authorization via WebSocket Subscription Query Depth Bypass
Mar 06, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-29063 CRITICAL
Immutable.js <3.8.3/4.3.7/5.1.5 - Prototype Pollution
Mar 06, 2026
CVSS 9.8
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV