npm
3,969 tracked vulnerabilities.
CVE-2025-54798
LOW
raszi/tmp < 0.2.4 - Arbitrary File Write via Symbolic Link
Aug 07, 2025
CVSS 2.5
EPSS 0.00
CVE-2025-54803
HIGH
js-toml < 1.0.2 - Prototype Pollution via Malicious TOML Input
Aug 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54387
CRITICAL
unjs/ipx <1.3.2, 2.0.0-2.1.0, 3.0.0-3.1.0 - Path Traversal via Path Prefix Bypass
Aug 05, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-54590
MEDIUM
webfinger.js < 2.8.1 - Server-Side Request Forgery via User Address Lookup
Aug 01, 2025
EPSS 0.00
CVE-2025-54419
CRITICAL
node-saml < 5.1.0 - Authentication Bypass via SAML Assertion Manipulation
Jul 28, 2025
CVSS 10.0
EPSS 0.00
CVE-2025-8267
HIGH
ssrfcheck < 1.2.0 - Server-Side Request Forgery via Multicast IP Bypass
Jul 28, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-8101
HIGH
linkifyjs 4.3.1 - Prototype Pollution leading to Cross-Site Scripting
Jul 25, 2025
EPSS 0.01
CVE-2025-43712
LOW
JHipster < 8.9.0 - Privilege Escalation via Authorities Parameter Manipulation
Jul 25, 2025
CVSS 2.9
EPSS 0.00
CVE-2025-8129
LOW
KoaJS Koa 2.0.0-2.16.2 - Open Redirect via Referrer Header
Jul 25, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-54369
CRITICAL
node-saml < 5.1.0 - Improper Verification of Cryptographic Signature
Jul 24, 2025
EPSS 0.00
CVE-2025-8021
HIGH
files-bucket-server - Path Traversal
Jul 23, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-8020
HIGH
private-ip - Server-Side Request Forgery via Multicast IP Address
Jul 23, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-54313
HIGH
KEV
eslint-config-prettier <10.1.7 - Code Injection
Jul 19, 2025
CVSS 7.5
EPSS 0.15
CVE-2025-7783
CRITICAL
form-data <2.5.4, 3.0.0-3.0.3, 4.0.0-4.0.3 - HPP
Jul 18, 2025
EPSS 0.01
CVE-2025-54073
HIGH
mcp-package-docs < 0.1.28 - Remote Code Execution via Unsanitized Input in child_process.exec
Jul 18, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-7339
LOW
on-headers <1.1.0 - Buffer Overflow
Jul 17, 2025
CVSS 3.4
EPSS 0.00
CVE-2025-7338
HIGH
multer >=1.4.4-lts.1 <2.0.2 - Denial of Service via Malformed Multi-Part Upload Request
Jul 17, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53892
MEDIUM
Vue I18n <9.14.5, 10.0.8, 11.1.0 - XSS
Jul 16, 2025
EPSS 0.01
CVE-2025-53889
MEDIUM
Directus <11.9.0 - Privilege Escalation
Jul 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-53887
MEDIUM
Directus 9.0.0-11.8.0 - Unauthenticated Exposure of Sensitive Version Information via OpenAPI Spec Endpoint
Jul 15, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-53886
MEDIUM
Directus 9.0.0-11.8.0 - Sensitive Information Exposure in WebHook Flow Logs
Jul 15, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-53885
MEDIUM
Directus 9.0.0-11.8.0 - Sensitive Information Exposure via Log to Console Operation
Jul 15, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-53364
MEDIUM
NUCLEI
Parse Server <7.5.3-8.2.2 - Info Disclosure
Jul 10, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-53624
CRITICAL
NUCLEI
Docusaurus-plugin-content-gists <4.0.0 - Info Disclosure
Jul 09, 2025
CVSS 10.0
EPSS 0.14
CVE-2025-6514
CRITICAL
mcp-remote >=0.0.5 <0.1.16 - OS Command Injection via Authorization Endpoint Response URL
Jul 09, 2025
CVSS 9.6
EPSS 0.12
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters