npm
4,193 tracked vulnerabilities.
CVE-2026-26801
HIGH
pdfmake 0.3.0-beta.2-0.3.5 - Server-Side Request Forgery via URLResolver
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30945
HIGH
StudioCMS <0.4.0 - Privilege Escalation
Mar 10, 2026
CVSS 7.1
EPSS 0.00
CVE-2026-30941
HIGH
Parse Server <8.6.14/9.5.2-alpha.1 - NoSQL Injection
Mar 10, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-31802
MEDIUM
tar < 7.5.11 - Path Traversal via Drive-Relative Symlink Target
Mar 10, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-30863
CRITICAL
Parse Server <8.6.10/9.5.0-alpha.11 - Auth Bypass
Mar 07, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-30854
MEDIUM
Parse Server 9.3.1-alpha.3-9.5.0-alpha.10 - Info Disclosure
Mar 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-30850
MEDIUM
Parse Server <8.6.9/9.5.0-alpha.9 - Auth Bypass
Mar 07, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-30848
LOW
Parse Server <8.6.8/9.5.0-alpha.8 - Path Traversal
Mar 07, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-29786
MEDIUM
tar < 7.5.10 - Path Traversal via Drive-Relative Hardlink
Mar 07, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-29784
HIGH
Ghost 5.101.6-6.19.2 - Cross-Site Request Forgery via Session Verification
Mar 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30830
MEDIUM
defuddle < 0.9.0 - Cross-Site Scripting via Image Alt Attribute
Mar 07, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-30827
HIGH
express-rate-limit 8.0.0-8.0.1 - DoS
Mar 07, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-30824
CRITICAL
NUCLEI
Flowise < 3.0.13 - Unauthenticated Privileged Endpoint Access via NVIDIA NIM Router Whitelist
Mar 07, 2026
CVSS 9.8
EPSS 0.36
CVE-2026-30823
HIGH
Flowise < 3.0.13 - Unauthenticated IDOR and Account Takeover via SSO Configuration
Mar 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30822
HIGH
Flowise < 3.0.13 - Unauthenticated Arbitrary Database Field Injection via Lead Creation
Mar 07, 2026
CVSS 7.7
EPSS 0.13
CVE-2026-30821
CRITICAL
Flowise < 3.0.13 - Unauthenticated Unrestricted Upload of File with Dangerous Type via Spoofed Content-Type
Mar 07, 2026
CVSS 9.8
EPSS 0.18
CVE-2026-30820
HIGH
Flowise <3.0.13 - Privilege Escalation
Mar 07, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-30241
HIGH
mercurius < 16.8.0 - Incorrect Authorization via WebSocket Subscription Query Depth Bypass
Mar 06, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-29063
CRITICAL
Immutable.js <3.8.3/4.3.7/5.1.5 - Prototype Pollution
Mar 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-29074
HIGH
SVGO 2.1.0-2.8.0/3.0.0-3.3.2/4.0.0 - DoS
Mar 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-29613
MEDIUM
OpenClaw < 2026.2.12 - Unauthenticated Webhook Authentication Bypass via Loopback RemoteAddress Trust
Mar 05, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-29612
MEDIUM
OpenClaw < 2026.2.14 - Denial of Service via Large Base64 Media File Decoding
Mar 05, 2026
CVSS 5.5
EPSS 0.00
CVE-2026-29610
HIGH
OpenClaw <2026.2.14 - Command Injection
Mar 05, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-29606
MEDIUM
OpenClaw < 2026.2.14 - Unauthenticated Webhook Signature Verification Bypass via Ngrok Loopback Compatibility
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28486
MEDIUM
OpenClaw 2026.1.16-2 - Path Traversal
Mar 05, 2026
CVSS 6.1
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters