npm

3,968 tracked vulnerabilities.

CVE-2025-55184 HIGH NUCLEI
React Server Components <19.2.1 - DoS
Dec 11, 2025
CVSS 7.5
EPSS 0.41
CVE-2025-55183 MEDIUM
React Server Components <19.3 - Info Disclosure
Dec 11, 2025
CVSS 5.3
EPSS 0.26
CVE-2025-67718 HIGH
NPM Formio < 3.5.7 - Information Disclosure
Dec 11, 2025
EPSS 0.00
CVE-2025-65513 HIGH
fetch_mcp_server < 1.0.2 - Server-Side Request Forgery via Private IP Validation Bypass
Dec 09, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66457 HIGH
Elysia < 1.4.18 - Remote Code Execution via Cookie Config Injection
Dec 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-66456 CRITICAL
Elysia <1.4.16 - Prototype Pollution
Dec 09, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-66202 MEDIUM
Astro < 5.15.8 - Unauthenticated Authorization Bypass via Double URL Encoding
Dec 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-65964 HIGH
n8n 0.123.1-1.119.1 - Remote Code Execution via Git Hook Path Manipulation
Dec 09, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-65849 CRITICAL
Altcha Proof-of-Work >=0.8.0 - Info Disclosure
Dec 08, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-65959 HIGH
Open WebUI < 0.6.37 - Stored Cross-Site Scripting via Notes PDF Download
Dec 04, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-65945 HIGH
auth0/node-jws <4.0.0 - Improper Signature Verification
Dec 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66404 MEDIUM
MCP Server Kubernetes <2.9.8 - Code Injection
Dec 03, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-55182 CRITICAL KEVNUCLEI
React Server Components <19.2.0 - RCE
Dec 03, 2025
CVSS 10.0
EPSS 0.83
CVE-2025-66401 CRITICAL
MCP Watch <0.1.2 - Command Injection
Dec 01, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-66400 MEDIUM
mdast-util-to-hast <13.2.1 - Info Disclosure
Dec 01, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-66421 MEDIUM
Tryton sao < 7.6.11 - Cross-Site Scripting via Unescaped Completion Values
Nov 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-66420 MEDIUM
Tryton sao < 7.6.9 - Cross-Site Scripting via HTML Attachment
Nov 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-66219 CRITICAL
willitmerge <0.2.1 - Command Injection
Nov 29, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-12758 HIGH
Package Validator <13.15.22 - Incomplete Filtering
Nov 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66031 HIGH
node-forge < 1.3.2 - Unauthenticated Denial of Service via ASN.1 Recursive Parsing
Nov 26, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-66030 MEDIUM
node-forge < 1.3.2 - Integer Overflow via ASN.1 OID Arc Truncation
Nov 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-66020 HIGH
Valibot 0.31.0-1.1.0 - Denial of Service via EMOJI_REGEX ReDoS
Nov 26, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-12816 HIGH
node-forge < 1.3.2 - Unauthenticated ASN.1 Interpretation Conflict via Schema Desynchronization
Nov 25, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-13466 MEDIUM
body-parser 2.2.0 - Denial of Service via URL-Encoded Parameter Flood
Nov 24, 2025
EPSS 0.00
CVE-2025-65108 CRITICAL
md-to-pdf < 5.2.5 - Remote Code Execution via Markdown Front-Matter JavaScript Delimiter
Nov 21, 2025
CVSS 10.0
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV