npm

4,193 tracked vulnerabilities.

CVE-2026-27702 CRITICAL
Budibase < 3.30.4 - Authenticated Remote Code Execution via Unsafe Eval in View Filtering
Feb 25, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27700 HIGH
Hono 4.12.0-4.12.1 - IP Spoofing via X-Forwarded-For Header Mishandling
Feb 25, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-27699 CRITICAL
basic-ftp < 5.2.0 - Path Traversal via Malicious FTP Server Directory Listing
Feb 25, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-27612 MEDIUM
repostat < 1.0.1 - Reflected Cross-Site Scripting via RepoCard Component
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27610 MEDIUM
Parse Dashboard 7.3.0-alpha.42-9.0.0-alpha.7 - Privilege Escalation
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27609 MEDIUM
Parse Dashboard 7.3.0-alpha.42-9.0.0-alpha.7 - CSRF
Feb 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27608 HIGH
Parse Dashboard 7.3.0-9.0.0 - Auth Bypass
Feb 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-27606 CRITICAL
Rollup <2.80.0/3.30.0/4.59.0 - Path Traversal
Feb 25, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-27595 HIGH
Parse Dashboard 7.3.0-9.0.0 - Auth Bypass
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27567 MEDIUM
Payload < 3.75.0 - Authenticated Server-Side Request Forgery via External File Upload
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27492 MEDIUM
Lettermint Node.js SDK <=1.5.0 - Info Disclosure
Feb 21, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-27576 MEDIUM
OpenClaw < 2026.2.17 - Uncontrolled Resource Consumption via Large Prompt Payloads
Feb 21, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-27488 HIGH
OpenClaw < 2026.2.19 - Server-Side Request Forgery via Cron Webhook Delivery
Feb 21, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-27487 HIGH
OpenClaw <2026.2.13 - Command Injection
Feb 21, 2026
CVSS 7.6
EPSS 0.01
CVE-2026-27486 MEDIUM
OpenClaw CLI <2026.2.13 - Privilege Escalation
Feb 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27485 MEDIUM
OpenClaw <=2026.2.17 - Info Disclosure
Feb 21, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-27484 MEDIUM
OpenClaw <2026.2.17 - Privilege Escalation
Feb 21, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27212 HIGH
Swiper 6.5.1-12.1.1 - Prototype Pollution
Feb 21, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-27210 MEDIUM
Pannellum 2.5.0-2.5.6 - Stored Cross-Site Scripting via Hot Spot Attributes
Feb 21, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27203 HIGH
eBay API MCP Server - Code Injection
Feb 21, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-27125 MEDIUM
svelte < 5.51.5 - Prototype Pollution in Server-Side Rendering Attribute Spreading
Feb 20, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-27122 MEDIUM
svelte < 5.51.5 - Cross-Site Scripting via Server-Side Rendering Tag Injection
Feb 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27121 MEDIUM
svelte < 5.51.5 - Cross-Site Scripting via Spread Syntax Attribute Rendering
Feb 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27119 MEDIUM
svelte 5.39.3-5.51.4 - Cross-Site Scripting in Server-Side Rendering Option Element
Feb 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-25896 CRITICAL
fast-xml-parser 4.1.3-5.3.4 - Cross-Site Scripting via DOCTYPE Entity Name Regex Bypass
Feb 20, 2026
CVSS 9.3
EPSS 0.00