npm
3,969 tracked vulnerabilities.
CVE-2025-46343
MEDIUM
n8n < 1.90.0 - Authenticated Stored Cross-Site Scripting via Attachments View Endpoint
Apr 29, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-46328
LOW
Snowflake-Connector-NodeJS <2.0.4 - Privilege Escalation
Apr 28, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-46653
LOW
Formidable 2.1.0-3.5.2 - Info Disclosure
Apr 26, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-43865
HIGH
React Router 7.0.0-pre.0-7.5.1 - Insufficient Verification of Data Authenticity via Request Header
Apr 25, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-43864
HIGH
React Router 7.2.0-7.5.1 - Cache Poisoning via Forced SPA Mode Switch
Apr 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-32965
CRITICAL
xrpl.js <4.2.1-4.2.4, 2.14.2 - Code Injection
Apr 22, 2025
EPSS 0.00
CVE-2025-32792
HIGH
ses < 1.12.0 - Exposure of Sensitive System Information via Compartment API
Apr 18, 2025
EPSS 0.01
CVE-2025-32442
HIGH
fastify 5.0.0-5.3.0 and 4.29.0 - Content-Type Validation Bypass via Altered Whitespace or Casing
Apr 18, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-3573
MEDIUM
jquery-validation < 1.20.0 - Cross-Site Scripting via showLabel Function
Apr 15, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-32997
MEDIUM
http-proxy-middleware < 2.0.9 and 3.x < 3.0.5 - Request Body Processing After Parser Failure
Apr 15, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-32996
MEDIUM
http-proxy-middleware <2.0.8, <3.0.4 - Info Disclosure
Apr 15, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-32395
MEDIUM
NUCLEI
NPM Vite < 6.2.6 - Information Disclosure
Apr 10, 2025
EPSS 0.03
CVE-2025-32379
MEDIUM
koa < 2.16.1 and < 3.0.0-alpha.5 - Cross-Site Scripting via ctx.redirect()
Apr 09, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-29189
HIGH
Flowise <= 2.2.3 - SQL Injection via tableName Parameter
Apr 09, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-32020
CRITICAL
crud-query-parser < 0.1.0 - SQL Injection via TypeORM Order/Sort Parameter
Apr 08, 2025
EPSS 0.00
CVE-2025-32014
MEDIUM
estree-util-value-to-estree < 3.3.3 - Prototype Pollution via __proto__ Property
Apr 07, 2025
EPSS 0.01
CVE-2025-31476
MEDIUM
Amauri Tarteaucitronjs < 1.20.1 - XSS
Apr 07, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-31475
MEDIUM
Amauri Tarteaucitronjs < 1.20.1 - Prototype Pollution
Apr 07, 2025
CVSS 5.5
EPSS 0.01
CVE-2025-31138
MEDIUM
tarteaucitron.js <1.20.1 - XSS
Apr 07, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-3197
HIGH
expand-object >=0.0.0 - Prototype Pollution via expand() Function
Apr 04, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-3194
HIGH
bigint-buffer - Buffer Overflow in toBigIntLE()
Apr 04, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-3191
MEDIUM
react-draft-wysiwyg - Stored Cross-Site Scripting via Embedded Button
Apr 04, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-31119
HIGH
generator-jhipster-entity-audit < 5.9.1 - Unsafe Reflection via Javers Entity Audit Framework
Apr 03, 2025
CVSS 7.6
EPSS 0.01
CVE-2025-31486
MEDIUM
NUCLEI
Vite server.fs.deny Bypass - Local File Inclusion
Apr 03, 2025
CVSS 5.3
EPSS 0.05
CVE-2025-30218
MEDIUM
Next.js <12.3.6, <13.5.10, <14 - SSRF
Apr 02, 2025
CVSS 5.9
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters