npm

4,193 tracked vulnerabilities.

CVE-2026-28359 MEDIUM
NocoDB < 0.301.3 - Authenticated Stored Cross-Site Scripting via Rich Text Cell HTML Injection
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-28358 MEDIUM NUCLEI
NocoDB < 0.301.3 - User Enumeration via Password Reset Endpoint
Mar 02, 2026
CVSS 5.3
EPSS 0.01
CVE-2026-28357 MEDIUM
NocoDB < 0.301.3 - Stored Cross-Site Scripting in Formula Virtual Cell
Mar 02, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-26862 HIGH
CleverTap Web SDK < 1.15.2 - DOM-based Cross-Site Scripting via Window PostMessage Origin Validation Bypass
Feb 27, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-26861 HIGH
CleverTap Web SDK < 1.15.2 - Cross-Site Scripting via PostMessage Origin Validation Bypass
Feb 27, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-3304 HIGH
Multer < 2.1.0 - Denial of Service via Malformed Request Handling
Feb 27, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-2359 HIGH
Multer < 2.1.0 - Denial of Service via Connection Drop During File Upload
Feb 27, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-28363 CRITICAL
OpenClaw <2026.2.23 - Command Injection
Feb 27, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27959 HIGH
Koa 3.0.0-3.1.1 and <2.16.14 - Host Header Injection via ctx.hostname
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27942 HIGH
fast-xml-parser < 5.3.8 - Denial of Service via XML Builder with preserveOrder:true
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27904 HIGH
minimatch < 10.2.3, < 3.1.4 - Inefficient Regular Expression Complexity via Nested Extglob Patterns
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27903 HIGH
minimatch < 10.2.3 DoS via Globstar Pattern Backtracking
Feb 26, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-27902 MEDIUM
Svelte 5.53.0-5.53.5 - Cross-Site Scripting via transformError HTML Injection
Feb 26, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27901 MEDIUM
Svelte < 5.53.5 - Cross-Site Scripting via contenteditable Element Binding
Feb 26, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27837 MEDIUM
Dottie 2.0.4-2.0.6 - Prototype Pollution
Feb 26, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-27818 HIGH
TerriaJS-Server < 4.0.3 - Server-Side Request Forgery via Proxy Domain Validation Bypass
Feb 26, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27804 CRITICAL
Parse Server <8.6.3/9.1.1-alpha.4 - Auth Bypass
Feb 26, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-27578 MEDIUM
n8n <2.10.1/2.9.3/1.123.22 - XSS
Feb 25, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27577 CRITICAL
n8n <2.10.1/2.9.3/1.123.22 - Command Injection
Feb 25, 2026
CVSS 9.9
EPSS 0.10
CVE-2026-27498 HIGH
n8n <2.2.0/1.123.8 - Authenticated RCE
Feb 25, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-27497 HIGH
n8n <2.10.1/2.9.3/1.123.22 - Code Injection
Feb 25, 2026
CVSS 8.8
EPSS 0.01
CVE-2026-27495 CRITICAL
n8n <2.10.1/2.9.3/1.123.22 - Code Injection
Feb 25, 2026
CVSS 9.9
EPSS 0.01
CVE-2026-27494 CRITICAL
n8n <2.10.1/2.9.3/1.123.22 - Authenticated RCE
Feb 25, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27493 CRITICAL
n8n <2.10.1/2.9.3/1.123.22 - Code Injection
Feb 25, 2026
CVSS 9.0
EPSS 0.01
CVE-2026-27148 CRITICAL
Storybook <7.6.23/8.6.17/9.1.19/10.2.10 - WebSocket Hijacking
Feb 25, 2026
CVSS 9.6
EPSS 0.01