npm
4,198 tracked vulnerabilities.
CVE-2025-59142
HIGH
color-string 2.1.1 - Embedded Malicious Code via Compromised npm Package
Sep 15, 2025
EPSS 0.00
CVE-2025-59141
HIGH
simple-swizzle 0.2.3 - Code Injection
Sep 15, 2025
EPSS 0.00
CVE-2025-59140
HIGH
backslash 0.2.1 - Embedded Malicious Code via Compromised npm Package
Sep 15, 2025
EPSS 0.00
CVE-2025-59155
MEDIUM
hackmd-mcp 1.4.0-1.4.9 - Server-Side Request Forgery via Hackmd-Api-Url Header
Sep 15, 2025
EPSS 0.00
CVE-2025-58177
MEDIUM
n8n 1.24.0-1.106.9 - Authenticated Stored Cross-Site Scripting via LangChain Chat Trigger Initial Messages
Sep 15, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-59364
MEDIUM
express-xss-sanitizer < 2.0.1 - Denial of Service via Unbounded Recursion in JSON Request Body Sanitization
Sep 14, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-58434
CRITICAL
NUCLEI
Flowise <3.0.5 - Privilege Escalation
Sep 12, 2025
CVSS 9.8
EPSS 0.50
CVE-2025-59139
MEDIUM
Hono < 4.9.7 - Denial of Service via Body Size Limit Bypass
Sep 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-58754
HIGH
Axios <0.30.2, <1.12.0 - Buffer Overflow
Sep 12, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-9910
MEDIUM
jsondiffpatch < 0.7.2 - Cross-Site Scripting via HtmlFormatter::nodeBegin
Sep 11, 2025
CVSS 4.7
EPSS 0.00
CVE-2025-57520
MEDIUM
Decap CMS < 3.8.3 - Stored Cross-Site Scripting in Content Preview Pane
Sep 10, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-59046
CRITICAL
interactive-git-checkout <= 1.1.4 - Command Injection via Branch Name
Sep 09, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-59039
CRITICAL
prebid-universal-creative 1.17.3 - Embedded Malicious Code
Sep 09, 2025
EPSS 0.00
CVE-2025-59038
HIGH
prebid.js 10.9.2 - Embedded Malicious Code
Sep 09, 2025
EPSS 0.00
CVE-2025-59037
HIGH
DuckDB Node.js Packages 1.3.3 and 1.29.2 - Embedded Malicious Code
Sep 09, 2025
EPSS 0.00
CVE-2025-58765
HIGH
wabac.js < 2.23.11 - Reflected Cross-Site Scripting via 404 Error Handler
Sep 09, 2025
CVSS 7.1
EPSS 0.00
CVE-2025-57665
MEDIUM
element-plus < 2.10.6 - Open Redirect and XSS via Link Component href Attribute
Sep 09, 2025
CVSS 6.4
EPSS 0.00
CVE-2025-58752
MEDIUM
Vite <7.1.5, 7.0.7, 6.3.6, 5.4.20 - Info Disclosure
Sep 08, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-58751
MEDIUM
NUCLEI
Vite <7.1.5, <7.0.7, <6.3.6, <5.4.20 - Auth Bypass
Sep 08, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-58451
HIGH
cattown < 1.0.2 - Denial of Service via Inefficient Regular Expression Complexity
Sep 08, 2025
EPSS 0.00
CVE-2025-57285
CRITICAL
codeceptjs 3.5.0-3.7.5 - OS Command Injection via emptyFolder Function
Sep 08, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-10097
MEDIUM
SimStudioAI sim < 1.0.0 - Remote Code Injection via Execute API Code Argument
Sep 08, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-58362
HIGH
Hono 4.8.0-4.9.5 - Path Confusion via Malformed Absolute-Form Request-URI
Sep 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-55305
MEDIUM
Electron <38.0.0-beta.6 - ASAR Integrity Bypass
Sep 04, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-58358
HIGH
Markdownify <0.0.2 - Command Injection
Sep 04, 2025
CVSS 7.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters