npm

3,968 tracked vulnerabilities.

CVE-2026-28399 HIGH
NocoDB < 0.301.3 - Authenticated SQL Injection via DATEADD Formula Unit Parameter
Mar 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-28398 MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via v-html Rendering
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28397 MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via Comment Rendering
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28396 MEDIUM
NocoDB < 0.301.3 - Insufficient Session Expiration via Password Reset Flow
Mar 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28361 MEDIUM
NocoDB <0.301.3 - Privilege Escalation
Mar 02, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-28360 MEDIUM
NocoDB < 0.301.3 - Plaintext Password Storage in Shared View
Mar 02, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-28359 MEDIUM
NocoDB < 0.301.3 - Authenticated Stored Cross-Site Scripting via Rich Text Cell HTML Injection
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28358 MEDIUM NUCLEI
NocoDB < 0.301.3 - User Enumeration via Password Reset Endpoint
Mar 02, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-28357 MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting in Formula Virtual Cell
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-26862 HIGH
CleverTap Web SDK < 1.15.2 - DOM-based Cross-Site Scripting via Window PostMessage Origin Validation Bypass
Feb 27, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-26861 HIGH
CleverTap Web SDK < 1.15.2 - Cross-Site Scripting via PostMessage Origin Validation Bypass
Feb 27, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-3304 HIGH
Multer < 2.1.0 - Denial of Service via Malformed Request Handling
Feb 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-2359 HIGH
Multer < 2.1.0 - Denial of Service via Connection Drop During File Upload
Feb 27, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28363 CRITICAL
OpenClaw <2026.2.23 - Command Injection
Feb 27, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27959 HIGH
Koa 3.0.0-3.1.1 and <2.16.14 - Host Header Injection via ctx.hostname
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27942 HIGH
fast-xml-parser < 5.3.8 - Denial of Service via XML Builder with preserveOrder:true
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27904 HIGH
minimatch < 10.2.3, < 3.1.4 - Inefficient Regular Expression Complexity via Nested Extglob Patterns
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27903 HIGH
minimatch < 10.2.3 DoS via Globstar Pattern Backtracking
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27902 MEDIUM
Svelte 5.53.0-5.53.5 - Cross-Site Scripting via transformError HTML Injection
Feb 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27901 MEDIUM
Svelte < 5.53.5 - Cross-Site Scripting via contenteditable Element Binding
Feb 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27837 MEDIUM
Dottie 2.0.4-2.0.6 - Prototype Pollution
Feb 26, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-27818 HIGH
TerriaJS-Server < 4.0.3 - Server-Side Request Forgery via Proxy Domain Validation Bypass
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27804 CRITICAL
Parse Server <8.6.3/9.1.1-alpha.4 - Auth Bypass
Feb 26, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-27578 MEDIUM
n8n <2.10.1/2.9.3/1.123.22 - XSS
Feb 25, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27577 CRITICAL
n8n <2.10.1/2.9.3/1.123.22 - Command Injection
Feb 25, 2026
CVSS 9.9
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV