npm

4,193 tracked vulnerabilities.

CVE-2026-32104 MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
Mar 11, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-32103 MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
Mar 11, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-32234 MEDIUM
Parse Server <9.6.0-alpha.10/8.6.36 - SQL Injection
Mar 11, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-32098 HIGH
Parse Server <9.6.0-alpha.9/8.6.35 - Info Disclosure
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30226 HIGH
Svelte devalue <=5.6.3 - Deserialization
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32063 HIGH
OpenClaw <2026.2.21 - Command Injection
Mar 11, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-32062 HIGH
OpenClaw 2026.2.21-2-2026.2.22 & @openclaw/voice-call 2026.2.21-2026.2.22 - DoS via Media-Stream WebSocket
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32061 MEDIUM
OpenClaw <2026.2.17 - Path Traversal
Mar 11, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-32060 HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 11, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-32059 HIGH
OpenClaw <2026.2.23 - Command Injection
Mar 11, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31829 HIGH
Flowise < 3.0.13 - Server-Side Request Forgery via HTTP Node
Mar 10, 2026
CVSS 7.1
EPSS 0.02
CVE-2026-31828 HIGH
Parse Server <9.5.2-alpha.13/8.6.26 - LDAP Injection
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31800 CRITICAL
Parse Server <9.5.2-alpha.12/8.6.25 - Auth Bypass
Mar 10, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-30972 HIGH
Parse Server <9.5.2-alpha.10/8.6.23 - Auth Bypass
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30967 HIGH
Parse Server <9.5.2-alpha.9/8.6.22 - Auth Bypass
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30966 CRITICAL
Parse Server <9.5.2-alpha.7/8.6.20 - Auth Bypass
Mar 10, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-30965 CRITICAL
Parse Server <9.5.2-alpha.8/8.6.21 - Info Disclosure
Mar 10, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-30962 MEDIUM
Parse Server <9.5.2-alpha.6/8.6.19 - Auth Bypass
Mar 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-30952 HIGH
liquidjs < 10.25.0 - Path Traversal via Layout, Render, and Include Tags
Mar 10, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-30951 HIGH
Sequelize < 6.37.8 - SQL Injection via Unescaped Cast Type in JSON/JSONB Where Clause
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30949 HIGH
Parse Server <9.5.2-alpha.5/8.6.18 - Auth Bypass
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30948 MEDIUM
Parse Server <9.5.2-alpha.4/8.6.17 - XSS
Mar 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-30947 HIGH
Parse Server <9.5.2-alpha.3/8.6.16 - Info Disclosure
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30946 HIGH
Parse Server <9.5.2-alpha.2/8.6.15 - DoS
Mar 10, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28292 CRITICAL
simple-git 3.15.0-3.32.2 - Remote Code Execution
Mar 10, 2026
CVSS 9.8
EPSS 0.01