npm
3,969 tracked vulnerabilities.
CVE-2025-53355
HIGH
MCP Server Kubernetes <2.5.0 - Command Injection
Jul 08, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53372
HIGH
node-code-sandbox-mcp <1.3.0 - Command Injection
Jul 08, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-53535
LOW
better-auth < 1.2.10 - Open Redirect via originCheck Middleware
Jul 07, 2025
EPSS 0.00
CVE-2025-49826
HIGH
Next.js 15.0.4-15.1.8 - Denial of Service via HTTP 204 Response Cache Poisoning
Jul 03, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-49005
LOW
Next.js 15.3.0-15.3.3 and Vercel CLI 41.4.1-42.2.0 - Cache Poisoning via HTML/RSC Content Type Confusion
Jul 03, 2025
CVSS 3.7
EPSS 0.00
CVE-2025-52554
MEDIUM
n8n < 1.99.1 - Authenticated Workflow Execution Termination via /rest/executions/:id/stop Endpoint
Jul 03, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-48939
MEDIUM
tarteaucitron.js <1.22.0 - Code Injection
Jul 03, 2025
CVSS 4.2
EPSS 0.00
CVE-2025-49595
MEDIUM
n8n < 1.99.0 - Authenticated Denial of Service via Empty Filesystem URI
Jul 03, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-45143
HIGH
string-math 1.2.2 - Denial of Service via Regex Input
Jun 30, 2025
CVSS 7.0
EPSS 0.00
CVE-2025-49592
MEDIUM
n8n < 1.98.0 - Authenticated Open Redirect via Login Flow Redirect Parameter
Jun 26, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-52573
MEDIUM
ios-simulator-mcp < 1.3.3 - OS Command Injection via ui_tap Tool
Jun 26, 2025
CVSS 6.0
EPSS 0.00
CVE-2025-6624
HIGH
Snyk CLI < 1.1297.3 - Sensitive Information Exposure in Debug Logs
Jun 26, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-6547
CRITICAL
pbkdf2 <=3.1.2 - Signature Spoofing
Jun 23, 2025
EPSS 0.00
CVE-2025-6545
CRITICAL
pbkdf2 3.0.10-3.1.2 - Signature Spoofing via Improper Input Validation in lib/to-buffer.js
Jun 23, 2025
EPSS 0.00
CVE-2025-45526
LOW
microlight 0.0.7 - Denial of Service via Large Content Processing in HTML Elements
Jun 17, 2025
CVSS 2.9
EPSS 0.00
CVE-2025-45525
LOW
microlight 0.0.7 - NULL Pointer Dereference in CSS Color Value Processing
Jun 17, 2025
CVSS 2.9
EPSS 0.00
CVE-2025-29744
MEDIUM
pg-promise < 11.5.5 - SQL Injection via Negative Number Handling
Jun 12, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-5896
MEDIUM
tarojs taro <4.1.1 - Info Disclosure
Jun 09, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-5891
MEDIUM
Unitech pm2 <6.0.6 - Info Disclosure
Jun 09, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-5889
LOW
juliangruber brace-expansion <1.1.11/2.0.1/3.0.0/4.0.0 - Inefficien...
Jun 09, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-45001
HIGH
react-native-keys 0.7.11 - Cleartext Storage of Sensitive Information in Compiled Native Binary
Jun 09, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-2336
MEDIUM
AngularJS >=1.3.1 - Content Spoofing
Jun 04, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-49223
CRITICAL
billboard.js < 3.15.1 - Prototype Pollution via Generate Function
Jun 04, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-48997
HIGH
multer >=1.4.4-lts.1 <2.0.1 - Denial of Service via Empty String Field Name
Jun 03, 2025
EPSS 0.00
CVE-2025-30360
MEDIUM
webpack-dev-server < 5.2.1 - Origin Validation Error via IP Address Origin Header
Jun 03, 2025
CVSS 6.5
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters