npm
3,968 tracked vulnerabilities.
CVE-2025-69206
MEDIUM
Hemmelig < 7.3.3 - Authenticated Server-Side Request Forgery via Secret Requests Webhook URL Validation Bypass
Dec 29, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-68697
HIGH
n8n < 2.0.0 - Authenticated Arbitrary File Read and Write via Code Node Helper Functions
Dec 26, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-68668
CRITICAL
n8n 1.0.0-<2.0.0 - Authenticated Remote Code Execution via Python Code Node Sandbox Bypass
Dec 26, 2025
CVSS 9.9
EPSS 0.00
CVE-2025-61914
HIGH
n8n < 1.114.0 - Stored Cross-Site Scripting via Respond to Webhook Node
Dec 26, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-13158
CRITICAL
apidoc-core >=0.2.0 - Prototype Pollution via Malformed Data Structures
Dec 26, 2025
EPSS 0.00
CVE-2025-25341
HIGH
libxmljs 1.0.11 - Denial of Service via _ref Property Access on Entity Nodes
Dec 26, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-68665
HIGH
LangChain <0.3.80, 1.1.8 - Code Injection
Dec 23, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-68613
CRITICAL
KEVNUCLEI
n8n Workflow Expression Remote Code Execution
Dec 19, 2025
CVSS 9.9
EPSS 0.63
CVE-2025-68457
MEDIUM
Orejime < 2.3.2 - Cross-Site Scripting via Data Attribute Conversion
Dec 19, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-68278
HIGH
TinaCMS < 3.1.1 - Remote Code Execution via Gray-Matter Markdown Processing
Dec 18, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-14874
HIGH
Nodemailer < 7.0.11 - Denial of Service via Crafted Email Address Header
Dec 18, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-68429
HIGH
Storybook 7.0.0-7.6.20, 8.0.0-8.6.14, 9.0.0-9.1.16, 10.0.0-10.1.9 - .env File Exposure
Dec 17, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-13321
LOW
Mattermost Desktop App < 6.0.0 - Sensitive Information Exposure via Log File
Dec 17, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-68154
HIGH
systeminformation < 5.27.14 - OS Command Injection via fsSize() Drive Parameter
Dec 16, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-68150
MEDIUM
Parse Server <8.6.2 & >=9.0.0 <9.1.1-alpha.1 SSRF via Instagram Auth Adapter apiURL
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-68115
MEDIUM
Parse Server < 8.6.1 - Reflected Cross-Site Scripting in Password Reset and Email Verification Pages
Dec 16, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-68113
MEDIUM
ALTCHA Libraries - Cryptographic Semantic Binding Flaw via HMAC Signature Reinterpretation
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66482
MEDIUM
Misskey 13.1.0-2025.11.1 - IP Rate Limit Bypass via X-Forwarded-For Header
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-66402
MEDIUM
Misskey <2025.12.0 - Info Disclosure
Dec 16, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-67898
MEDIUM
MJML < 4.18.0 - Directory Traversal and Arbitrary File Read via mj-include
Dec 14, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-67750
HIGH
lightning-flow-scanner < 6.10.6 - Remote Code Execution via Malicious Flow Metadata
Dec 12, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-8083
HIGH
Vuetify 2.2.0-beta.2-3.0.0-alpha.10 - Prototype Pollution via Preset Configuration
Dec 12, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-8082
MEDIUM
Vuetify 2.0.0-3.0.0 - Stored Cross-Site Scripting via VDatePicker Title Date Format
Dec 12, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-67731
HIGH
servify-express < 1.2 - Denial of Service via Unlimited JSON Body Parsing
Dec 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-67779
HIGH
React Server Components 19.0.2, 19.1.3, 19.2.2 - Denial of Service via Unsafe Deserialization
Dec 12, 2025
CVSS 7.5
EPSS 0.01
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters