npm
4,193 tracked vulnerabilities.
CVE-2026-28450
MEDIUM
OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints
Mar 05, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-28448
HIGH
OpenClaw 2026.1.29-2026.2.1 - Auth Bypass
Mar 05, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-28447
HIGH
OpenClaw 2026.1.29-beta.1-2026.2.1 - Path Traversal
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28446
CRITICAL
OpenClaw < 2026.2.2 - Authentication Bypass via Empty Caller ID or Suffix Matching
Mar 05, 2026
CVSS 9.4
EPSS 0.01
CVE-2026-28395
MEDIUM
OpenClaw 2026.1.14-1 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28393
HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-28392
HIGH
OpenClaw <2026.2.14 - Privilege Escalation
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28391
CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28343
MEDIUM
CKEditor5 29.0.0-47.6.0 - Cross-Site Scripting via General HTML Support Feature
Mar 05, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-29053
HIGH
Ghost 0.7.2-6.19.0 - Code Injection
Mar 05, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-29086
MEDIUM
Hono < 4.12.4 - Cookie Attribute Injection via Set-Cookie Header
Mar 04, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-29085
MEDIUM
Hono < 4.12.4 - Server-Sent Events Injection via Unvalidated Event Fields
Mar 04, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-29045
HIGH
Hono < 4.12.4 - Unauthenticated Path Traversal via URL-Encoded Slash Bypass
Mar 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3520
HIGH
Multer < 2.1.1 - Denial of Service via Malformed Request
Mar 04, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-27601
MEDIUM
Underscore.js < 1.13.8 - Denial of Service via Recursive Data Structure in _.flatten and _.isEqual
Mar 03, 2026
CVSS 5.9
EPSS 0.01
CVE-2026-3484
MEDIUM
PhialsBasement nmap-mcp-server - Command Injection
Mar 03, 2026
CVSS 6.3
EPSS 0.03
CVE-2026-0540
MEDIUM
DOMPurify 2.5.3-2.5.8/3.1.3-3.3.1 - XSS
Mar 03, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-3455
MEDIUM
mailparser < 3.9.3 - Cross-Site Scripting via textToHtml URL Sanitization Bypass
Mar 03, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28401
MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via Rich Text Cell Rendering
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28399
HIGH
NocoDB < 0.301.3 - Authenticated SQL Injection via DATEADD Formula Unit Parameter
Mar 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-28398
MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via v-html Rendering
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28397
MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via Comment Rendering
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28396
MEDIUM
NocoDB < 0.301.3 - Insufficient Session Expiration via Password Reset Flow
Mar 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28361
MEDIUM
NocoDB <0.301.3 - Privilege Escalation
Mar 02, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-28360
MEDIUM
NocoDB < 0.301.3 - Plaintext Password Storage in Shared View
Mar 02, 2026
CVSS 5.3
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters