npm

3,968 tracked vulnerabilities.

CVE-2026-27203 HIGH
eBay API MCP Server - Code Injection
Feb 21, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-27125 MEDIUM
svelte < 5.51.5 - Prototype Pollution in Server-Side Rendering Attribute Spreading
Feb 20, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-27122 MEDIUM
svelte < 5.51.5 - Cross-Site Scripting via Server-Side Rendering Tag Injection
Feb 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27121 MEDIUM
svelte < 5.51.5 - Cross-Site Scripting via Spread Syntax Attribute Rendering
Feb 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27119 MEDIUM
svelte 5.39.3-5.51.4 - Cross-Site Scripting in Server-Side Rendering Option Element
Feb 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-25896 CRITICAL
fast-xml-parser 4.1.3-5.3.4 - Cross-Site Scripting via DOCTYPE Entity Name Regex Bypass
Feb 20, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-2739 MEDIUM
bn.js <5.2.3 - DoS
Feb 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-26996 HIGH
minimatch < 10.2.1 - Regular Expression Denial of Service via Glob Pattern with Consecutive Wildcards
Feb 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26980 CRITICAL NUCLEI
Ghost 3.24.0-6.19.0 - Info Disclosure
Feb 20, 2026
CVSS 9.4
EPSS 0.63
CVE-2026-26960 HIGH
tar < 7.5.8 - Arbitrary File Read and Write via Hardlink Extraction
Feb 20, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-27009 MEDIUM
OpenClaw < 2026.2.15 - Stored Cross-Site Scripting via Assistant Identity Rendering
Feb 20, 2026
CVSS 5.8
EPSS 0.00
CVE-2026-27008 MEDIUM
OpenClaw <2026.2.15 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-27007 LOW
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 3.3
EPSS 0.00
CVE-2026-27004 MEDIUM
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27003 MEDIUM
OpenClaw <2026.2.15 - Info Disclosure
Feb 20, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-27002 CRITICAL
OpenClaw <2026.2.15 - Privilege Escalation
Feb 20, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-27001 HIGH
OpenClaw <2026.2.15 - Command Injection
Feb 20, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-26972 MEDIUM
OpenClaw 2026.1.12-2026.2.12 - Path Traversal
Feb 20, 2026
CVSS 6.7
EPSS 0.00
CVE-2026-26329 MEDIUM
OpenClaw <2026.2.14 - Path Traversal
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26328 MEDIUM
OpenClaw <2026.2.14 - Privilege Escalation
Feb 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26327 MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated TLS Certificate Pinning Bypass via Discovery Beacon TXT Records
Feb 19, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-26326 MEDIUM
OpenClaw <2026.2.14 - Info Disclosure
Feb 19, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-26325 HIGH
OpenClaw <2026.2.14 - Command Injection
Feb 19, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-26324 HIGH
OpenClaw < 2026.2.14 - Server-Side Request Forgery via IPv6 Literal Bypass
Feb 19, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-26323 HIGH
OpenClaw 2026.1.8-2026.2.13 - Command Injection
Feb 19, 2026
CVSS 8.8
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV