npm

3,969 tracked vulnerabilities.

CVE-2025-29049 MEDIUM
mathlive < 0.104.0 - Cross-Site Scripting via MathLive Function
Apr 01, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-31128 MEDIUM
gifplayer < 0.3.7 - Cross-Site Scripting
Mar 31, 2025
EPSS 0.00
CVE-2025-31125 MEDIUM KEVNUCLEI
Vite Development Server - Path Traversal
Mar 31, 2025
CVSS 5.3
EPSS 0.83
CVE-2025-27793 MEDIUM
Vega <5.32.0/5.17.0 - Code Injection
Mar 27, 2025
EPSS 0.00
CVE-2025-26619 MEDIUM
vega and vega-functions - Cross-Site Scripting via Unsupported JavaScript Function Calls
Mar 27, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-30353 HIGH
Directus 9.12.0-11.4.9 - Exposure of Sensitive Information via Webhook Flow ValidationError
Mar 26, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-30352 MEDIUM
Directus 9.0.0-alpha.4-11.4.9 - Unauthorized Sensitive Information Exposure via Search Query Parameter
Mar 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-30351 LOW
Directus <11.5.0 - Privilege Escalation
Mar 26, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-30350 MEDIUM
Directus 9.22.0-11.5.0 - Denial of Service via HEAD Request Burst
Mar 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-30225 MEDIUM
Directus 9.22.0-11.5.0 - Denial of Service via Malformed Transformation Requests
Mar 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-30222 LOW
shescape 1.7.2-2.1.1 - Environment Variable Exposure on Windows via CMD Shell
Mar 25, 2025
EPSS 0.00
CVE-2025-30208 MEDIUM NUCLEI
Vite - Arbitrary File Read
Mar 24, 2025
CVSS 5.3
EPSS 0.90
CVE-2025-2699 LOW
GetmeUK ContentTools < 1.6.16 - Cross-Site Scripting via Image Handler onload Argument
Mar 24, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-2691 HIGH
nossrf < 1.0.4 - Server-Side Request Forgery via Hostname Bypass
Mar 23, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-30168 MEDIUM
Parse Server <7.5.2-8.0.2 - Auth Bypass
Mar 21, 2025
CVSS 6.9
EPSS 0.00
CVE-2025-2598 MEDIUM
AWS Cloud Development Kit 2.172.0-2.178.2 - Exposure of Sensitive System Information via Credential Plugin
Mar 21, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-29927 CRITICAL NUCLEI
Next.js Middleware Bypass
Mar 21, 2025
CVSS 9.1
EPSS 0.92
CVE-2025-27415 HIGH
Nuxt 3.0.0-3.15.9 - Cache Poisoning via Crafted HTTP Request
Mar 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-30144 MEDIUM
fast-jwt < 5.0.6 - Authentication Bypass via Issuer Claim Spoofing
Mar 19, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-29907 HIGH
jsPDF < 3.0.1 - Denial of Service via addImage Method
Mar 18, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-26042 MEDIUM
Uptime Kuma >= 1.23.0 - Regular Expression Denial of Service via Notification String
Mar 17, 2025
CVSS 6.0
EPSS 0.00
CVE-2025-1398 LOW
Mattermost Desktop App <=5.10.0 - Untrusted Search Path via macOS Entitlements
Mar 17, 2025
CVSS 3.3
EPSS 0.00
CVE-2025-29775 CRITICAL
xml-crypto < 6.0.1, 3.0.0-3.2.1, < 2.1.6 - Cryptographic Signature Verification Bypass
Mar 14, 2025
EPSS 0.00
CVE-2025-29774 CRITICAL
xml-crypto < 6.0.1, 3.0.0-3.2.0, < 2.1.6 - Cryptographic Signature Verification Bypass
Mar 14, 2025
EPSS 0.00
CVE-2025-29776 HIGH
Azle 0.27.0-0.29.0 - Infinite Loop via setTimer
Mar 14, 2025
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV