npm
3,969 tracked vulnerabilities.
CVE-2025-62726
HIGH
n8n < 1.113.0 - Remote Code Execution via Git Node Pre-Commit Hook
Oct 30, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-60542
MEDIUM
TypeORM < 0.3.26 - SQL Injection via repository.save or repository.update
Oct 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59837
HIGH
Astro 5.13.4-5.13.9 - Server-Side Request Forgery via Backslash Bypass in Image Proxy
Oct 28, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-62517
MEDIUM
rollbar.js < 2.26.5 and 3.0.0-alpha1-3.0.0-beta5 - Prototype Pollution via merge()
Oct 23, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-62610
HIGH
Hono 1.1.0-4.10.1 - Improper Authorization via JWT Audience Claim Mismatch
Oct 22, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-62595
MEDIUM
koa 2.16.2-2.16.3 and 3.0.1-3.0.3 - Open Redirect via Referer Header Manipulation
Oct 21, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-62522
MEDIUM
NUCLEI
Vite 2.9.18-2.9.x 3.2.9-3.x 4.5.3-4.x 5.2.6-5.4.20 6.0.0-6.4.0 7.0.0-7.0.7 7.1.0-7.1.10 Path Traversal
Oct 20, 2025
EPSS 0.01
CVE-2025-57164
MEDIUM
Flowise < 3.0.6 - Remote Code Execution via Supabase RPC Filter Input
Oct 17, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-11849
CRITICAL
mammoth < 1.11.0 - Directory Traversal via DOCX Image External Link
Oct 17, 2025
CVSS 9.3
EPSS 0.00
CVE-2025-62410
CRITICAL
happy-dom < 20.0.2 - Prototype Pollution via Incomplete Isolate Protection
Oct 15, 2025
EPSS 0.00
CVE-2025-62381
HIGH
sveltekit-superforms < 2.27.4 - Prototype Pollution via parseFormData Function
Oct 15, 2025
EPSS 0.01
CVE-2025-62380
LOW
mailgen < 2.0.32 - Cross-Site Scripting via Plaintext Email Generation
Oct 15, 2025
EPSS 0.00
CVE-2025-62378
MEDIUM
CommandKit 1.2.0-rc.1-1.2.0-rc.11 - Info Disclosure
Oct 15, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-62374
MEDIUM
Parse < 7.0.0 - Prototype Pollution via ParseObject.fromJSON
Oct 14, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-34267
CRITICAL
Flowise 3.0.1-3.0.8 - Remote Code Execution via Puppeteer/Playwright Path Injection
Oct 14, 2025
CVSS 9.9
EPSS 0.02
CVE-2025-59288
MEDIUM
Playwright < 1.55.1 - Improper Verification of Cryptographic Signature
Oct 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-62366
LOW
mailgen < 2.0.31 - Cross-Site Scripting via HTML Entity Encoding Bypass
Oct 14, 2025
EPSS 0.00
CVE-2025-11183
MEDIUM
QGIS QWC2 < 2025.08.14 - Cross-Site Scripting in Attribute Table
Oct 13, 2025
EPSS 0.00
CVE-2025-61927
HIGH
happy-dom < 20.0.0 - Remote Code Execution via VM Context Escape
Oct 10, 2025
EPSS 0.01
CVE-2025-61925
MEDIUM
Astro < 5.14.2 - Unsafe Reflection via X-Forwarded-Host Header
Oct 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-61928
CRITICAL
better-auth < 1.3.26 - Unauthenticated API Key Creation and Modification via User ID Injection
Oct 09, 2025
EPSS 0.00
CVE-2025-61913
CRITICAL
Flowise < 3.0.8 - Authenticated Path Traversal and Arbitrary File Write via WriteFileTool and ReadFileTool
Oct 08, 2025
CVSS 9.9
EPSS 0.01
CVE-2025-53967
HIGH
Framelink Figma MCP Server <0.6.3 - fetchWithRetry Command Injection
Oct 08, 2025
CVSS 8.0
EPSS 0.00
CVE-2025-11362
HIGH
pdfmake < 0.3.0-beta.17 - Denial of Service via Repeated URL Redirects in File Embedding
Oct 07, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-61687
HIGH
Flowise 3.0.7 - Authenticated Arbitrary File Upload and Persistent Web Shell Storage
Oct 06, 2025
CVSS 8.3
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters