npm
3,969 tracked vulnerabilities.
CVE-2025-30359
MEDIUM
webpack-dev-server <5.2.1 - Info Disclosure
Jun 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-48387
HIGH
tar-fs <3.0.9, <2.1.3, <1.16.5 - Path Traversal
Jun 02, 2025
EPSS 0.01
CVE-2025-48068
MEDIUM
Next.js <14.2.30, <15.2.2 - Info Disclosure
May 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-5276
HIGH
mcp-markdownify-server - Server-Side Request Forgery via Markdownify.get() Function
May 29, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-5273
MEDIUM
mcp-markdownify-server - Info Disclosure
May 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48054
MEDIUM
Radashi < 12.5.1 - Prototype Pollution via set Function Path Argument
May 27, 2025
EPSS 0.03
CVE-2025-47949
HIGH
samlify < 2.10.0 - Signature Wrapping Attack via SAML Response Forgery
May 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-47944
HIGH
multer 1.4.4-lts.1-2.0.0 - Denial of Service via Malformed Multi-Part Upload Request
May 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-47935
HIGH
Multer < 2.0.0 - Denial of Service via Unclosed Stream Handling
May 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-47934
HIGH
OpenPGP.js 5.0.1-5.11.2 & 6.0.0-alpha.0-6.1.0 Signature Verification Spoofing
May 19, 2025
EPSS 0.00
CVE-2025-47948
HIGH
cocotais-bot 1.5.0-test2-hotfix-1.6.2 - Unauthenticated Privilege Escalation via Command Echo Injection
May 17, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-4759
HIGH
Package Lockfile-Lint-API <5.9.2 - Info Disclosure
May 16, 2025
CVSS 8.3
EPSS 0.00
CVE-2025-4727
LOW
Meteor < 3.2.2 - Inefficient Regular Expression Complexity in Object.assign
May 15, 2025
CVSS 3.7
EPSS 0.01
CVE-2025-47279
LOW
Undici < 5.29.0, 6.0.0-6.21.1, 7.0.0-7.4.9 - Memory Leak via Repeated Webhook Calls
May 15, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-1647
MEDIUM
Bootstrap 3.4.1-4.0.0 - Cross-Site Scripting
May 15, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-32421
LOW
Next.js < 14.2.24 - Race Condition in Pages Router via x-now-route-matches Header
May 14, 2025
CVSS 3.7
EPSS 0.01
CVE-2025-47204
MEDIUM
NUCLEI
bootstrap-multiselect 1.1.2 - Reflective Cross-Site Scripting via POST Data Echo
May 13, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-47269
HIGH
code-server < 4.99.4 - Unintended Proxy via Malicious URL
May 09, 2025
CVSS 8.3
EPSS 0.00
CVE-2025-46812
LOW
Trix < 2.1.15 - Stored Cross-Site Scripting via Pasting Malicious Code
May 08, 2025
EPSS 0.00
CVE-2025-46573
HIGH
passport-wsfed-saml2 <4.6.3 - Auth Bypass
May 06, 2025
EPSS 0.00
CVE-2025-46572
CRITICAL
passport-wsfed-saml2 <4.6.3 - Auth Bypass
May 06, 2025
EPSS 0.00
CVE-2025-46332
MEDIUM
flags < 4.0.0 and @vercel/flags < 4.0.0 - Unauthenticated Exposure of Sensitive Information via Discovery Endpoint
May 02, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-46565
MEDIUM
NUCLEI
Vite <6.3.4, 6.2.7, 6.1.6, 5.4.19, 4.5.14 - Info Disclosure
May 01, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-27611
HIGH
base-x < 3.0.11, 4.0.0, 5.0.0 - Insufficient Visual Distinction of Homoglyphs
Apr 30, 2025
EPSS 0.00
CVE-2025-0716
MEDIUM
AngularJS - Content Spoofing via Improper Sanitization of SVG Image Href Attributes
Apr 29, 2025
CVSS 4.8
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters