npm
3,968 tracked vulnerabilities.
CVE-2025-13437
MEDIUM
zx - Use After Free
Nov 20, 2025
EPSS 0.00
CVE-2025-65019
MEDIUM
Astro < 5.15.9 - Cross-Site Scripting via Cloudflare Image Optimization Endpoint
Nov 19, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-64765
MEDIUM
Astro < 5.15.8 - Path Traversal via Decoded URI Bypass
Nov 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-64764
HIGH
NUCLEI
Astro < 5.15.8 - Reflected Cross-Site Scripting via Server Islands Feature
Nov 19, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-64757
LOW
Astro < 5.14.3 - Unauthenticated Arbitrary Local File Read via Image Optimization Endpoint
Nov 19, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-64756
HIGH
glob 10.2.0-10.4.9 and 11.0.0 - OS Command Injection via -c/--cmd Option
Nov 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-13033
HIGH
Nodemailer <=7.0.7 - Quoted Recipient Address Email Misdirection
Nov 14, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-13204
HIGH
expr-eval < 2.0.2 - Prototype Pollution via JavaScript Expression Evaluation
Nov 14, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-64749
MEDIUM
Directus < 11.13.0 - Information Disclosure via Collection Existence Error Messages
Nov 13, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-64748
MEDIUM
Directus <11.13.0 - Info Disclosure
Nov 13, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-64747
MEDIUM
Directus < 11.13.0 - Stored Cross-Site Scripting via Block Editor Interface
Nov 13, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-64746
MEDIUM
Directus < 11.13.0 - Improper Access Control via Stale Field Permission References
Nov 13, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-64745
LOW
Astro 5.2.0-5.15.6 - Reflected Cross-Site Scripting via Development Server Error Pages
Nov 13, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-59840
HIGH
Vega < 6.2.0 - Remote Code Execution via User-Defined JSON Definitions
Nov 13, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-64718
MEDIUM
js-yaml < 3.14.2 and 4.0.0-4.1.1 - Prototype Pollution via __proto__
Nov 13, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-64525
MEDIUM
NUCLEI
Astro 2.16.0-5.15.4 - Server-Side Request Forgery via x-forwarded-proto Header
Nov 13, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-64502
MEDIUM
Parse Server <8.5.0-alpha.5 - Info Disclosure
Nov 10, 2025
EPSS 0.00
CVE-2025-12613
HIGH
Cloudinary <2.7.0 - Command Injection
Nov 10, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-64496
HIGH
Open WebUI < 0.6.35 - Remote Code Execution via Direct Connections SSE Event Injection
Nov 08, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-64495
HIGH
Open WebUI < 0.6.35 - Stored Cross-Site Scripting via Rich Text Prompt Insertion
Nov 08, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-64430
HIGH
Parse Server 4.2.0-7.5.3 and 8.0.0-8.3.1-alpha.1 - Server-Side Request Forgery via File Upload URI Parameter
Nov 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-48985
LOW
Vercel AI SDK <6.0.0-beta - Auth Bypass
Nov 07, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-12735
CRITICAL
expr-eval - Crafted Context Object Code Execution
Nov 05, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-64118
MEDIUM
tar 7.5.1 - Information Exposure via Uninitialized Memory in .list with sync: true
Oct 30, 2025
EPSS 0.00
CVE-2025-62726
HIGH
n8n < 1.113.0 - Remote Code Execution via Git Node Pre-Commit Hook
Oct 30, 2025
CVSS 8.8
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters