Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,969 tracked vulnerabilities.

CVE-2025-57323 HIGH

mpregular < 0.2.0 - Prototype Pollution via mp.addEventHandler

CVE-2025-57321 CRITICAL

magix-combine-ex < 1.2.10 - Prototype Pollution via util-deps.addFileDepend

CVE-2025-57351 MEDIUM

ts-fns < 13.0.7 - Prototype Pollution via Insufficient Key Validation in assign Function

CVE-2025-57349 HIGH

messageformat < 2.3.0 - Prototype Pollution via Nested Message Key Paths

CVE-2025-57348 MEDIUM

node-cube < 5.0.0 - Prototype Pollution via Improper Input Validation

CVE-2025-57330 HIGH

web3-core-subscriptions < 1.10.4 - Prototype Pollution via attachToObject Function

CVE-2025-59343 HIGH

tar-fs < 3.1.1, < 2.1.3, < 1.16.5 - Path Traversal via Symlink Validation Bypass

CVE-2025-57354 MEDIUM

counterpart < 0.18.6 - Prototype Pollution via Translation Key Processing

CVE-2025-57352 MEDIUM

min-document < 2.19.1 - Prototype Pollution via removeAttributeNS Method

CVE-2025-57350 HIGH

csvtojson < 2.0.10 - Prototype Pollution via Nested Header Parsing

CVE-2025-59528 CRITICAL NUCLEI

Flowise 3.0.5 - Remote Code Execution via CustomMCP Node Configuration Parsing

CVE-2025-59527 HIGH

Flowise 3.0.5 - Server-Side Request Forgery via Fetch-Links Endpoint

CVE-2025-59526 LOW

mailgen < 2.0.30 - Cross-Site Scripting via Plaintext Email Generation

CVE-2025-59414 LOW

Nuxt 3.6.0-3.18.9 - Client-Side Path Traversal via Island Payload Revival

CVE-2025-9862 MEDIUM

Ghost 5.99.0-5.130.3 and 6.0.0-6.0.8 - Server-Side Request Forgery

CVE-2025-59160 LOW

matrix-js-sdk < 38.2.0 - Insufficient Verification of Room Predecessor Links

CVE-2025-59145 HIGH

color-name 2.0.1 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59331 HIGH

is-arrayish <0.3.3 - Code Injection

CVE-2025-59330 HIGH

error-ex 1.3.3 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59162 HIGH

color-convert 3.1.1 - Command Injection

CVE-2025-59144 HIGH

debug 4.4.2 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59143 HIGH

color 5.0.1 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59142 HIGH

color-string 2.1.1 - Embedded Malicious Code via Compromised npm Package

CVE-2025-59141 HIGH

simple-swizzle 0.2.3 - Code Injection

CVE-2025-59140 HIGH

backslash 0.2.1 - Embedded Malicious Code via Compromised npm Package

Previous Page 49 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy