Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,969 tracked vulnerabilities.

CVE-2025-59159 CRITICAL

SillyTavern < 1.13.4 - DNS Rebinding via Host Whitelist Bypass

CVE-2025-50538 HIGH

Flowise < 3.0.5 - Stored Cross-Site Scripting via IFRAME in Chat Log

CVE-2025-29192 HIGH

Flowise < 3.0.5 - Stored Cross-Site Scripting via FORM and INPUT Elements in Chat Log

CVE-2025-56515 HIGH

Fiora 1.0.0 - Stored Cross-Site Scripting via Malicious SVG Avatar Upload

CVE-2025-56514 MEDIUM

Fiora 1.0.0 - Stored Cross-Site Scripting via Malicious SVG File Rendering

CVE-2025-56200 MEDIUM

validator.js < 13.15.20 - Cross-Site Scripting via URL Validation Bypass

CVE-2025-56572 HIGH

finance.js 4.1.0 - Denial of Service via seekZero() Parameter

CVE-2025-56571 HIGH

finance.js 4.1.0 - Denial of Service via IRR Function Depth Parameter

CVE-2025-11148 CRITICAL

check-branches - OS Command Injection via Unsanitized Branch Name

CVE-2025-3193 HIGH

algoliasearch-helper 2.0.0-rc1-3.11.1 - Prototype Pollution via _merge() Function

CVE-2025-59936 CRITICAL

get-jwks < 11.0.2 - JWKS Cache Poisoning via Issuer Validation Bypass

CVE-2025-59834 CRITICAL

srmorete adb_mcp_server < 0.1.0 - OS Command Injection in MCP Server Tool Implementation

CVE-2025-59831 HIGH

git-commiters < 0.1.2 - OS Command Injection via Unsanitized Options

CVE-2025-57317 HIGH

apidoc-core < 0.15.0 - Prototype Pollution via PreProcess Function

CVE-2025-26278 HIGH

dref 0.1.2 - Denial of Service via Prototype Pollution in lib.set

CVE-2025-10894 CRITICAL

Nx Build System and Plugins - Malicious Code Injection via npm

CVE-2025-57324 MEDIUM

parse < 5.3.0 - Prototype Pollution via SingleInstanceStateController.initializeState

CVE-2025-57320 MEDIUM

json-schema-editor-visual < 1.1.1 - Prototype Pollution via setData and deleteData Functions

CVE-2025-57319 HIGH

fast-redact 3.5.0 - Prototype Pollution via nestedRestore Function

CVE-2025-57318 HIGH

csvjson < 5.1.0 - Prototype Pollution via toCsv Function

CVE-2025-57329 HIGH

web3-core-method < 1.10.4 - Prototype Pollution via attachToObject Function

CVE-2025-57328 HIGH

toggle-array < 1.0.1 - Prototype Pollution via Enable/Disable Function

CVE-2025-57327 HIGH

spmrc < 1.2.0 - Prototype Pollution via set and config Functions

CVE-2025-57326 HIGH

sassdoc-extras < 2.5.1 - Prototype Pollution via byGroupAndType Function

CVE-2025-57325 HIGH

rollbar < 2.26.4 - Prototype Pollution via utility.set Function

Previous Page 48 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy