npm

3,969 tracked vulnerabilities.

CVE-2025-25975 HIGH
parse-git-config 3.0.0 - Exposure of Sensitive Information via expandKeys Function
Mar 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-25977 CRITICAL
canvg 4.0.2 - Remote Code Execution via StyleElement Constructor
Mar 10, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-27597 HIGH
Intlify Message-resolver < 9.1.11 - Prototype Pollution
Mar 07, 2025
EPSS 0.00
CVE-2025-27152 MEDIUM
axios < 1.8.2 - Server-Side Request Forgery via Absolute URL Handling
Mar 07, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-27506 MEDIUM NUCLEI
NocoDB < 0.258.0 - Reflected Cross-Site Scripting via Password Reset Endpoint
Mar 06, 2025
CVSS 5.4
EPSS 0.04
CVE-2025-26319 CRITICAL NUCLEI
FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload
Mar 04, 2025
CVSS 9.8
EPSS 0.89
CVE-2025-27408 MEDIUM
Manifest < 4.9.2 - Weak Password Hashing via SHA3 Without Salt
Feb 28, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-1756 HIGH
mongosh <2.3.0 - Privilege Escalation
Feb 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1693 LOW
mongodb mongosh < 2.3.9 - Control Character Injection via Cluster Output
Feb 27, 2025
CVSS 3.9
EPSS 0.00
CVE-2025-1692 MEDIUM
MongoDB Shell <2.3.9 - Code Injection
Feb 27, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-1691 HIGH
mongodb/mongosh < 2.3.9 - Control Character Injection via Autocomplete Feature
Feb 27, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-27146 LOW
matrix-appservice-irc <3.0.3 - Command Injection
Feb 25, 2025
CVSS 2.7
EPSS 0.01
CVE-2025-27143 MEDIUM
Better Auth <1.1.21 - Open Redirect
Feb 24, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-1467 MEDIUM
tarteaucitronjs < 1.17.0 - Cross-Site Scripting via getElemWidth() and getElemHeight()
Feb 23, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-27109 HIGH
solid-js < 1.9.4 - Cross-Site Scripting via Inlined JSX Fragment
Feb 21, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-27108 HIGH
dom-expressions < 0.39.5 - Cross-Site Scripting via Special Replacement Patterns in .replace()
Feb 21, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-25299 LOW
CKEditor 5 Real-Time Collaboration 41.3.0-44.2.0 - Cross-Site Scripting in User Markers
Feb 20, 2025
EPSS 0.00
CVE-2025-0868 CRITICAL NUCLEI
DocsGPT 0.8.1-0.12.0 - Remote Code Execution via /api/remote Endpoint
Feb 20, 2025
EPSS 0.17
CVE-2025-27089 MEDIUM
Directus 11.0.0-11.1.1 - Incorrect Authorization via Overlapping Update Policies
Feb 19, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-25300 LOW
smartbanner.js <1.14.1 - Open Redirect
Feb 18, 2025
EPSS 0.00
CVE-2025-1302 CRITICAL NUCLEI
jsonpath-plus < 10.3.0 - Remote Code Execution via Unsafe Eval Mode
Feb 15, 2025
CVSS 9.8
EPSS 0.90
CVE-2025-25304 MEDIUM
Vega < 5.26.0 and vega-selections < 5.4.2 - Cross-Site Scripting via vlSelectionTuples Function
Feb 14, 2025
EPSS 0.00
CVE-2025-26791 MEDIUM
DOMPurify < 3.2.4 - Cross-Site Scripting via Incorrect Template Literal Regular Expression
Feb 14, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-25283 HIGH
parse-duraton <2.1.3 - Memory Corruption
Feb 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-25200 HIGH
Koa <0.21.2, 1.7.1, 2.15.4, 3.0.0-alpha.3 - DoS
Feb 12, 2025
CVSS 7.5
EPSS 0.01
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV