npm
3,969 tracked vulnerabilities.
CVE-2025-59155
MEDIUM
hackmd-mcp 1.4.0-1.4.9 - Server-Side Request Forgery via Hackmd-Api-Url Header
Sep 15, 2025
EPSS 0.00
CVE-2025-58177
MEDIUM
n8n 1.24.0-1.106.9 - Authenticated Stored Cross-Site Scripting via LangChain Chat Trigger Initial Messages
Sep 15, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59364
MEDIUM
express-xss-sanitizer < 2.0.1 - Denial of Service via Unbounded Recursion in JSON Request Body Sanitization
Sep 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-58434
CRITICAL
NUCLEI
Flowise <3.0.5 - Privilege Escalation
Sep 12, 2025
CVSS 9.8
EPSS 0.32
CVE-2025-59139
MEDIUM
Hono < 4.9.7 - Denial of Service via Body Size Limit Bypass
Sep 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-58754
HIGH
Axios <0.30.2, <1.12.0 - Buffer Overflow
Sep 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-9910
MEDIUM
jsondiffpatch < 0.7.2 - Cross-Site Scripting via HtmlFormatter::nodeBegin
Sep 11, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-57520
MEDIUM
Decap CMS < 3.8.3 - Stored Cross-Site Scripting in Content Preview Pane
Sep 10, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-59046
CRITICAL
interactive-git-checkout <= 1.1.4 - Command Injection via Branch Name
Sep 09, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-59039
CRITICAL
prebid-universal-creative 1.17.3 - Embedded Malicious Code
Sep 09, 2025
EPSS 0.00
CVE-2025-59038
HIGH
prebid.js 10.9.2 - Embedded Malicious Code
Sep 09, 2025
EPSS 0.00
CVE-2025-59037
HIGH
DuckDB Node.js Packages 1.3.3 and 1.29.2 - Embedded Malicious Code
Sep 09, 2025
EPSS 0.00
CVE-2025-58765
HIGH
wabac.js < 2.23.11 - Reflected Cross-Site Scripting via 404 Error Handler
Sep 09, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-57665
MEDIUM
element-plus < 2.10.6 - Open Redirect and XSS via Link Component href Attribute
Sep 09, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-58752
MEDIUM
Vite <7.1.5, 7.0.7, 6.3.6, 5.4.20 - Info Disclosure
Sep 08, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-58751
MEDIUM
NUCLEI
Vite <7.1.5, <7.0.7, <6.3.6, <5.4.20 - Auth Bypass
Sep 08, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-58451
HIGH
cattown < 1.0.2 - Denial of Service via Inefficient Regular Expression Complexity
Sep 08, 2025
EPSS 0.00
CVE-2025-57285
CRITICAL
codeceptjs 3.5.0-3.7.5 - OS Command Injection via emptyFolder Function
Sep 08, 2025
CVSS 9.8
EPSS 0.03
CVE-2025-10097
MEDIUM
SimStudioAI sim < 1.0.0 - Remote Code Injection via Execute API Code Argument
Sep 08, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-58362
HIGH
Hono 4.8.0-4.9.5 - Path Confusion via Malformed Absolute-Form Request-URI
Sep 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55305
MEDIUM
Electron <38.0.0-beta.6 - ASAR Integrity Bypass
Sep 04, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-58358
HIGH
Markdownify <0.0.2 - Command Injection
Sep 04, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-58064
LOW
CKEditor 5 44.2.0-45.2.1 46.0.0-46.0.2 - Cross-Site Scripting via Malicious Content Insertion
Sep 04, 2025
EPSS 0.00
CVE-2025-57822
MEDIUM
NUCLEI
Next.js < 14.2.32 - Server-Side Request Forgery via next() Function
Aug 29, 2025
CVSS 6.5
EPSS 0.08
CVE-2025-57752
MEDIUM
Next.js <14.2.31, 15.0.0-15.4.4 - Info Disclosure
Aug 29, 2025
CVSS 6.2
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters