npm
4,193 tracked vulnerabilities.
CVE-2026-27702
CRITICAL
Budibase < 3.30.4 - Authenticated Remote Code Execution via Unsafe Eval in View Filtering
Feb 25, 2026
CVSS 9.9
EPSS 0.00
CVE-2026-27700
HIGH
Hono 4.12.0-4.12.1 - IP Spoofing via X-Forwarded-For Header Mishandling
Feb 25, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-27699
CRITICAL
basic-ftp < 5.2.0 - Path Traversal via Malicious FTP Server Directory Listing
Feb 25, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-27612
MEDIUM
repostat < 1.0.1 - Reflected Cross-Site Scripting via RepoCard Component
Feb 25, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27610
MEDIUM
Parse Dashboard 7.3.0-alpha.42-9.0.0-alpha.7 - Privilege Escalation
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27609
MEDIUM
Parse Dashboard 7.3.0-alpha.42-9.0.0-alpha.7 - CSRF
Feb 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27608
HIGH
Parse Dashboard 7.3.0-9.0.0 - Auth Bypass
Feb 25, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-27606
CRITICAL
Rollup <2.80.0/3.30.0/4.59.0 - Path Traversal
Feb 25, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-27595
HIGH
Parse Dashboard 7.3.0-9.0.0 - Auth Bypass
Feb 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-27567
MEDIUM
Payload < 3.75.0 - Authenticated Server-Side Request Forgery via External File Upload
Feb 24, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-27492
MEDIUM
Lettermint Node.js SDK <=1.5.0 - Info Disclosure
Feb 21, 2026
CVSS 4.7
EPSS 0.00
CVE-2026-27576
MEDIUM
OpenClaw < 2026.2.17 - Uncontrolled Resource Consumption via Large Prompt Payloads
Feb 21, 2026
CVSS 4.0
EPSS 0.00
CVE-2026-27488
HIGH
OpenClaw < 2026.2.19 - Server-Side Request Forgery via Cron Webhook Delivery
Feb 21, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-27487
HIGH
OpenClaw <2026.2.13 - Command Injection
Feb 21, 2026
CVSS 7.6
EPSS 0.01
CVE-2026-27486
MEDIUM
OpenClaw CLI <2026.2.13 - Privilege Escalation
Feb 21, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-27485
MEDIUM
OpenClaw <=2026.2.17 - Info Disclosure
Feb 21, 2026
CVSS 4.4
EPSS 0.00
CVE-2026-27484
MEDIUM
OpenClaw <2026.2.17 - Privilege Escalation
Feb 21, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-27212
HIGH
Swiper 6.5.1-12.1.1 - Prototype Pollution
Feb 21, 2026
CVSS 7.8
EPSS 0.00
CVE-2026-27210
MEDIUM
Pannellum 2.5.0-2.5.6 - Stored Cross-Site Scripting via Hot Spot Attributes
Feb 21, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-27203
HIGH
eBay API MCP Server - Code Injection
Feb 21, 2026
CVSS 8.3
EPSS 0.00
CVE-2026-27125
MEDIUM
svelte < 5.51.5 - Prototype Pollution in Server-Side Rendering Attribute Spreading
Feb 20, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-27122
MEDIUM
svelte < 5.51.5 - Cross-Site Scripting via Server-Side Rendering Tag Injection
Feb 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27121
MEDIUM
svelte < 5.51.5 - Cross-Site Scripting via Spread Syntax Attribute Rendering
Feb 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-27119
MEDIUM
svelte 5.39.3-5.51.4 - Cross-Site Scripting in Server-Side Rendering Option Element
Feb 20, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-25896
CRITICAL
fast-xml-parser 4.1.3-5.3.4 - Cross-Site Scripting via DOCTYPE Entity Name Regex Bypass
Feb 20, 2026
CVSS 9.3
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters