npm
4,193 tracked vulnerabilities.
CVE-2026-32104
MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
Mar 11, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-32103
MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
Mar 11, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-32234
MEDIUM
Parse Server <9.6.0-alpha.10/8.6.36 - SQL Injection
Mar 11, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-32098
HIGH
Parse Server <9.6.0-alpha.9/8.6.35 - Info Disclosure
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30226
HIGH
Svelte devalue <=5.6.3 - Deserialization
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32063
HIGH
OpenClaw <2026.2.21 - Command Injection
Mar 11, 2026
CVSS 7.1
EPSS 0.01
CVE-2026-32062
HIGH
OpenClaw 2026.2.21-2-2026.2.22 & @openclaw/voice-call 2026.2.21-2026.2.22 - DoS via Media-Stream WebSocket
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-32061
MEDIUM
OpenClaw <2026.2.17 - Path Traversal
Mar 11, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-32060
HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 11, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-32059
HIGH
OpenClaw <2026.2.23 - Command Injection
Mar 11, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31829
HIGH
Flowise < 3.0.13 - Server-Side Request Forgery via HTTP Node
Mar 10, 2026
CVSS 7.1
EPSS 0.02
CVE-2026-31828
HIGH
Parse Server <9.5.2-alpha.13/8.6.26 - LDAP Injection
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31800
CRITICAL
Parse Server <9.5.2-alpha.12/8.6.25 - Auth Bypass
Mar 10, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-30972
HIGH
Parse Server <9.5.2-alpha.10/8.6.23 - Auth Bypass
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30967
HIGH
Parse Server <9.5.2-alpha.9/8.6.22 - Auth Bypass
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30966
CRITICAL
Parse Server <9.5.2-alpha.7/8.6.20 - Auth Bypass
Mar 10, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-30965
CRITICAL
Parse Server <9.5.2-alpha.8/8.6.21 - Info Disclosure
Mar 10, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-30962
MEDIUM
Parse Server <9.5.2-alpha.6/8.6.19 - Auth Bypass
Mar 10, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-30952
HIGH
liquidjs < 10.25.0 - Path Traversal via Layout, Render, and Include Tags
Mar 10, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-30951
HIGH
Sequelize < 6.37.8 - SQL Injection via Unescaped Cast Type in JSON/JSONB Where Clause
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30949
HIGH
Parse Server <9.5.2-alpha.5/8.6.18 - Auth Bypass
Mar 10, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30948
MEDIUM
Parse Server <9.5.2-alpha.4/8.6.17 - XSS
Mar 10, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-30947
HIGH
Parse Server <9.5.2-alpha.3/8.6.16 - Info Disclosure
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30946
HIGH
Parse Server <9.5.2-alpha.2/8.6.15 - DoS
Mar 10, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28292
CRITICAL
simple-git 3.15.0-3.32.2 - Remote Code Execution
Mar 10, 2026
CVSS 9.8
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters