Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,969 tracked vulnerabilities.

CVE-2025-55173 MEDIUM

Next.js <14.2.31, 15.0.0-15.4.4 - Code Injection

CVE-2025-4644 MEDIUM

Payload CMS < 3.44.0 - Session Fixation via SQLite Adapter Identifier Reuse

CVE-2025-4643 MEDIUM

Payload CMS < 3.44.0 - Insufficient Session Expiration via JWT Reuse

CVE-2025-50979 HIGH

NodeBB v4.3.0 - Unauthenticated SQL Injection via Search-Categories API Endpoint

CVE-2025-57820 HIGH

devalue < 5.3.2 - Prototype Pollution via __proto__ Property Parsing

CVE-2025-57810 HIGH

jspdf < 3.0.2 - Denial of Service via addImage Method

CVE-2025-57814 MEDIUM

request-filtering-agent < 2.0.0 - Server-Side Request Forgery via HTTPS 127.0.0.1 Bypass

CVE-2025-43761 MEDIUM

Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via CKEditor

CVE-2025-57753 MEDIUM

vite-plugin-static-copy 0.4.3-2.3.1 and 3.0.0-3.1.1 - Path Traversal

CVE-2025-9288 CRITICAL

sha.js < 2.4.11 - Input Data Manipulation via Improper Input Validation

CVE-2025-9287 CRITICAL

cipher-base <1.0.4 - Info Disclosure

CVE-2025-57749 MEDIUM

n8n < 1.106.0 - Symlink Traversal in Read/Write File Node

CVE-2025-55746 CRITICAL

Directus 10.8.0-11.9.2 - Unauthenticated Arbitrary File Upload via File Update Mechanism

CVE-2025-55303 MEDIUM NUCLEI

Astro < 4.16.18 and 5.0.0-alpha.0-5.13.2 - Unauthorized Image Serving via Protocol-Relative URL Bypass

CVE-2025-55294 CRITICAL

screenshot-desktop <1.15.2 - Command Injection

CVE-2025-54881 MEDIUM

mermaid 10.9.0-rc.1-11.9.0 - Cross-Site Scripting via Sequence Diagram Label Input

CVE-2025-54880 MEDIUM

mermaid 11.1.0-11.9.0 - Cross-Site Scripting via Architecture Diagram Icon Input

CVE-2025-52478 HIGH

n8n 1.77.0-1.98.2 - Authenticated Stored Cross-Site Scripting via Form Trigger Node HTML Injection

CVE-2025-9096 LOW

ExpressGateway express-gateway <= 1.16.10 - Cross-Site Scripting in REST Endpoint

CVE-2025-9095 LOW

ExpressGateway express-gateway <= 1.16.10 - Cross-Site Scripting in REST Endpoint

CVE-2025-8943 CRITICAL NUCLEI

Flowise < 3.0.1 - Unauthenticated Remote Code Execution via Custom MCPs Feature

CVE-2025-55346 CRITICAL

flowise - Remote Code Execution via Dynamic Function Constructor

CVE-2025-55164 HIGH

content-security-policy-parser <0.6.0 - Prototype Pollution

CVE-2025-54793 MEDIUM NUCLEI

Astro 5.2.0-5.12.7 - Open Redirect via Trailing Slash Logic

CVE-2025-54885 MEDIUM

Thinbus Javascript Secure Remote Password <2.0.0 - Info Disclosure

Previous Page 51 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy