npm

3,968 tracked vulnerabilities.

CVE-2026-27498 HIGH
n8n <2.2.0/1.123.8 - Authenticated RCE
Feb 25, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-27497 HIGH
n8n <2.10.1/2.9.3/1.123.22 - Code Injection
Feb 25, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-27495 CRITICAL
n8n <2.10.1/2.9.3/1.123.22 - Code Injection
Feb 25, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27494 CRITICAL
n8n <2.10.1/2.9.3/1.123.22 - Authenticated RCE
Feb 25, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27493 CRITICAL
n8n <2.10.1/2.9.3/1.123.22 - Code Injection
Feb 25, 2026
CVSS 9.0
EPSS 0.00
CVE-2026-27148 CRITICAL
Storybook <7.6.23/8.6.17/9.1.19/10.2.10 - WebSocket Hijacking
Feb 25, 2026
CVSS 9.6
EPSS 0.00
CVE-2026-27702 CRITICAL
Budibase < 3.30.4 - Authenticated Remote Code Execution via Unsafe Eval in View Filtering
Feb 25, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27700 HIGH
Hono 4.12.0-4.12.1 - IP Spoofing via X-Forwarded-For Header Mishandling
Feb 25, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-27699 CRITICAL
basic-ftp < 5.2.0 - Path Traversal via Malicious FTP Server Directory Listing
Feb 25, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-27612 MEDIUM
repostat < 1.0.1 - Reflected Cross-Site Scripting via RepoCard Component
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27610 MEDIUM
Parse Dashboard 7.3.0-alpha.42-9.0.0-alpha.7 - Privilege Escalation
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27609 MEDIUM
Parse Dashboard 7.3.0-alpha.42-9.0.0-alpha.7 - CSRF
Feb 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27608 HIGH
Parse Dashboard 7.3.0-9.0.0 - Auth Bypass
Feb 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-27606 CRITICAL
Rollup <2.80.0/3.30.0/4.59.0 - Path Traversal
Feb 25, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-27595 HIGH
Parse Dashboard 7.3.0-9.0.0 - Auth Bypass
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27567 MEDIUM
Payload < 3.75.0 - Authenticated Server-Side Request Forgery via External File Upload
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27492 MEDIUM
Lettermint Node.js SDK <=1.5.0 - Info Disclosure
Feb 21, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-27576 MEDIUM
OpenClaw < 2026.2.17 - Uncontrolled Resource Consumption via Large Prompt Payloads
Feb 21, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-27488 HIGH
OpenClaw < 2026.2.19 - Server-Side Request Forgery via Cron Webhook Delivery
Feb 21, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-27487 HIGH
OpenClaw <2026.2.13 - Command Injection
Feb 21, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-27486 MEDIUM
OpenClaw CLI <2026.2.13 - Privilege Escalation
Feb 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27485 MEDIUM
OpenClaw <=2026.2.17 - Info Disclosure
Feb 21, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-27484 MEDIUM
OpenClaw <2026.2.17 - Privilege Escalation
Feb 21, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27212 HIGH
Swiper 6.5.1-12.1.1 - Prototype Pollution
Feb 21, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-27210 MEDIUM
Pannellum 2.5.0-2.5.6 - Stored Cross-Site Scripting via Hot Spot Attributes
Feb 21, 2026
CVSS 6.1
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV