npm

4,193 tracked vulnerabilities.

CVE-2026-28450 MEDIUM
OpenClaw < 2026.2.12 - Unauthenticated Profile Tampering via Nostr Plugin HTTP Endpoints
Mar 05, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-28448 HIGH
OpenClaw 2026.1.29-2026.2.1 - Auth Bypass
Mar 05, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-28447 HIGH
OpenClaw 2026.1.29-beta.1-2026.2.1 - Path Traversal
Mar 05, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-28446 CRITICAL
OpenClaw < 2026.2.2 - Authentication Bypass via Empty Caller ID or Suffix Matching
Mar 05, 2026
CVSS 9.4
EPSS 0.01
CVE-2026-28395 MEDIUM
OpenClaw 2026.1.14-1 - Info Disclosure
Mar 05, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28393 HIGH
OpenClaw <2026.2.14 - Path Traversal
Mar 05, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-28392 HIGH
OpenClaw <2026.2.14 - Privilege Escalation
Mar 05, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28391 CRITICAL
OpenClaw <2026.2.2 - Command Injection
Mar 05, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28343 MEDIUM
CKEditor5 29.0.0-47.6.0 - Cross-Site Scripting via General HTML Support Feature
Mar 05, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-29053 HIGH
Ghost 0.7.2-6.19.0 - Code Injection
Mar 05, 2026
CVSS 7.6
EPSS 0.00
CVE-2026-29086 MEDIUM
Hono < 4.12.4 - Cookie Attribute Injection via Set-Cookie Header
Mar 04, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-29085 MEDIUM
Hono < 4.12.4 - Server-Sent Events Injection via Unvalidated Event Fields
Mar 04, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-29045 HIGH
Hono < 4.12.4 - Unauthenticated Path Traversal via URL-Encoded Slash Bypass
Mar 04, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3520 HIGH
Multer < 2.1.1 - Denial of Service via Malformed Request
Mar 04, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-27601 MEDIUM
Underscore.js < 1.13.8 - Denial of Service via Recursive Data Structure in _.flatten and _.isEqual
Mar 03, 2026
CVSS 5.9
EPSS 0.01
CVE-2026-3484 MEDIUM
PhialsBasement nmap-mcp-server - Command Injection
Mar 03, 2026
CVSS 6.3
EPSS 0.03
CVE-2026-0540 MEDIUM
DOMPurify 2.5.3-2.5.8/3.1.3-3.3.1 - XSS
Mar 03, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-3455 MEDIUM
mailparser < 3.9.3 - Cross-Site Scripting via textToHtml URL Sanitization Bypass
Mar 03, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-28401 MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via Rich Text Cell Rendering
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28399 HIGH
NocoDB < 0.301.3 - Authenticated SQL Injection via DATEADD Formula Unit Parameter
Mar 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-28398 MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via v-html Rendering
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28397 MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting via Comment Rendering
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28396 MEDIUM
NocoDB < 0.301.3 - Insufficient Session Expiration via Password Reset Flow
Mar 02, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-28361 MEDIUM
NocoDB <0.301.3 - Privilege Escalation
Mar 02, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-28360 MEDIUM
NocoDB < 0.301.3 - Plaintext Password Storage in Shared View
Mar 02, 2026
CVSS 5.3
EPSS 0.00