npm
4,193 tracked vulnerabilities.
CVE-2025-29192
HIGH
Flowise < 3.0.5 - Stored Cross-Site Scripting via FORM and INPUT Elements in Chat Log
Oct 06, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-56515
HIGH
Fiora 1.0.0 - Stored Cross-Site Scripting via Malicious SVG Avatar Upload
Oct 01, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-56514
MEDIUM
Fiora 1.0.0 - Stored Cross-Site Scripting via Malicious SVG File Rendering
Oct 01, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-56200
MEDIUM
validator.js < 13.15.20 - Cross-Site Scripting via URL Validation Bypass
Sep 30, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-56572
HIGH
finance.js 4.1.0 - Denial of Service via seekZero() Parameter
Sep 30, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-56571
HIGH
finance.js 4.1.0 - Denial of Service via IRR Function Depth Parameter
Sep 30, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-11148
CRITICAL
check-branches - OS Command Injection via Unsanitized Branch Name
Sep 30, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-3193
HIGH
algoliasearch-helper 2.0.0-rc1-3.11.1 - Prototype Pollution via _merge() Function
Sep 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59936
CRITICAL
get-jwks < 11.0.2 - JWKS Cache Poisoning via Issuer Validation Bypass
Sep 27, 2025
CVSS 9.4
EPSS 0.00
CVE-2025-59834
CRITICAL
srmorete adb_mcp_server < 0.1.0 - OS Command Injection in MCP Server Tool Implementation
Sep 25, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-59831
HIGH
git-commiters < 0.1.2 - OS Command Injection via Unsanitized Options
Sep 25, 2025
CVSS 8.8
EPSS 0.02
CVE-2025-57317
HIGH
apidoc-core < 0.15.0 - Prototype Pollution via PreProcess Function
Sep 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-26278
HIGH
dref 0.1.2 - Denial of Service via Prototype Pollution in lib.set
Sep 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-10894
CRITICAL
Nx Build System and Plugins - Malicious Code Injection via npm
Sep 24, 2025
CVSS 9.6
EPSS 0.01
CVE-2025-57324
MEDIUM
parse < 5.3.0 - Prototype Pollution via SingleInstanceStateController.initializeState
Sep 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57320
MEDIUM
json-schema-editor-visual < 1.1.1 - Prototype Pollution via setData and deleteData Functions
Sep 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57319
HIGH
fast-redact 3.5.0 - Prototype Pollution via nestedRestore Function
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57318
HIGH
csvjson < 5.1.0 - Prototype Pollution via toCsv Function
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57329
HIGH
web3-core-method < 1.10.4 - Prototype Pollution via attachToObject Function
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57328
HIGH
toggle-array < 1.0.1 - Prototype Pollution via Enable/Disable Function
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57327
HIGH
spmrc < 1.2.0 - Prototype Pollution via set and config Functions
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57326
HIGH
sassdoc-extras < 2.5.1 - Prototype Pollution via byGroupAndType Function
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57325
HIGH
rollbar < 2.26.4 - Prototype Pollution via utility.set Function
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57323
HIGH
mpregular < 0.2.0 - Prototype Pollution via mp.addEventHandler
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57321
CRITICAL
magix-combine-ex < 1.2.10 - Prototype Pollution via util-deps.addFileDepend
Sep 24, 2025
CVSS 9.8
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 20
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
dompurify 12
Quick Filters