npm
4,198 tracked vulnerabilities.
CVE-2025-57327
HIGH
spmrc < 1.2.0 - Prototype Pollution via set and config Functions
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57326
HIGH
sassdoc-extras < 2.5.1 - Prototype Pollution via byGroupAndType Function
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57325
HIGH
rollbar < 2.26.4 - Prototype Pollution via utility.set Function
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57323
HIGH
mpregular < 0.2.0 - Prototype Pollution via mp.addEventHandler
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57321
CRITICAL
magix-combine-ex < 1.2.10 - Prototype Pollution via util-deps.addFileDepend
Sep 24, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-57351
MEDIUM
ts-fns < 13.0.7 - Prototype Pollution via Insufficient Key Validation in assign Function
Sep 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57349
HIGH
messageformat < 2.3.0 - Prototype Pollution via Nested Message Key Paths
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-57348
MEDIUM
node-cube < 5.0.0 - Prototype Pollution via Improper Input Validation
Sep 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57330
HIGH
web3-core-subscriptions < 1.10.4 - Prototype Pollution via attachToObject Function
Sep 24, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-59343
HIGH
tar-fs < 3.1.1, < 2.1.3, < 1.16.5 - Path Traversal via Symlink Validation Bypass
Sep 24, 2025
EPSS 0.01
CVE-2025-57354
MEDIUM
counterpart < 0.18.6 - Prototype Pollution via Translation Key Processing
Sep 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-57352
MEDIUM
min-document < 2.19.1 - Prototype Pollution via removeAttributeNS Method
Sep 24, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-57350
HIGH
csvtojson < 2.0.10 - Prototype Pollution via Nested Header Parsing
Sep 24, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-59528
CRITICAL
NUCLEI
Flowise 3.0.5 - Remote Code Execution via CustomMCP Node Configuration Parsing
Sep 22, 2025
CVSS 10.0
EPSS 0.90
CVE-2025-59527
HIGH
Flowise 3.0.5 - Server-Side Request Forgery via Fetch-Links Endpoint
Sep 22, 2025
CVSS 7.5
EPSS 0.05
CVE-2025-59526
LOW
mailgen < 2.0.30 - Cross-Site Scripting via Plaintext Email Generation
Sep 22, 2025
EPSS 0.00
CVE-2025-59414
LOW
Nuxt 3.6.0-3.18.9 - Client-Side Path Traversal via Island Payload Revival
Sep 17, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-9862
MEDIUM
Ghost 5.99.0-5.130.3 and 6.0.0-6.0.8 - Server-Side Request Forgery
Sep 17, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-59160
LOW
matrix-js-sdk < 38.2.0 - Insufficient Verification of Room Predecessor Links
Sep 16, 2025
EPSS 0.00
CVE-2025-59145
HIGH
color-name 2.0.1 - Embedded Malicious Code via Compromised npm Package
Sep 15, 2025
EPSS 0.00
CVE-2025-59331
HIGH
is-arrayish <0.3.3 - Code Injection
Sep 15, 2025
EPSS 0.00
CVE-2025-59330
HIGH
error-ex 1.3.3 - Embedded Malicious Code via Compromised npm Package
Sep 15, 2025
EPSS 0.00
CVE-2025-59162
HIGH
color-convert 3.1.1 - Command Injection
Sep 15, 2025
EPSS 0.00
CVE-2025-59144
HIGH
debug 4.4.2 - Embedded Malicious Code via Compromised npm Package
Sep 15, 2025
EPSS 0.00
CVE-2025-59143
HIGH
color 5.0.1 - Embedded Malicious Code via Compromised npm Package
Sep 15, 2025
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters