Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,969 tracked vulnerabilities.

CVE-2024-51091 MEDIUM

seajs 2.2.3 - Cross-Site Scripting via seajs Package

CVE-2024-53388 HIGH

mavo v0.3.2 - DOM Clobbering

CVE-2024-53386 MEDIUM

stage.js < 0.8.10 - DOM Clobbering and Cross-Site Scripting via document.currentScript Shadowing

CVE-2024-53382 MEDIUM

PrismJS < 1.29.0 - DOM Clobbering and Cross-Site Scripting via document.currentScript Shadowing

CVE-2024-11831 MEDIUM

serialize-javascript >=6.0.0 <6.0.2 - Cross-Site Scripting via Unsanitized JavaScript Object Input

CVE-2024-57086 HIGH

node-opcua-alarm-condition <2.134.0 - DoS

CVE-2024-57080 HIGH

vxe-table 4.8.10 - Denial of Service via Prototype Pollution in lib.install

CVE-2024-57077 CRITICAL

utils-extend 1.0.8 - Prototype Pollution

CVE-2024-57075 HIGH

eazy-logger < 4.1.0 - Denial of Service via Prototype Pollution

CVE-2024-57072 HIGH

module-from-string 3.3.1 - Denial of Service via Prototype Pollution

CVE-2024-53615 MEDIUM

files.photo.gallery 0.3.0-0.11.0 - Remote Code Execution via Video Thumbnail Rendering

CVE-2024-57041 MEDIUM

NodeBB < 3.11.1 - Stored Cross-Site Scripting in Profile About Me Section

CVE-2024-57556 MEDIUM

nbubna/store < 2.14.2 - Cross-Site Scripting via store.deep.js Component

CVE-2024-48460 MEDIUM

tabby-ssh < 1.0.214 - Improper Certificate Validation

CVE-2024-36751 MEDIUM

parse-uri - Regular Expression Denial of Service via Crafted URL

CVE-2024-56332 MEDIUM

Next.js 13.0.0-13.5.7 - Denial of Service via Server Actions

CVE-2024-56198 CRITICAL

path-sanitizer < 3.1.0 - Path Traversal via .=%5c Bypass

CVE-2024-56734 MEDIUM

better-auth < 1.1.6 - Open Redirect via Email Verification Callback URL Parameter

CVE-2024-56334 HIGH

systeminformation < 5.23.7 - OS Command Injection via SSID Parameter in getWindowsIEEE8021x

CVE-2024-56331 MEDIUM NUCLEI

Uptime Kuma 1.23.0-1.23.15 and 2.0.0-beta.0 - Authenticated Path Traversal via Real-Browser URL Input

CVE-2024-56159 MEDIUM NUCLEI

Astro < 4.16.18 and 5.0.0-alpha.0-5.0.7 - Unauthenticated Sensitive Source Code Exposure via Sourcemap Files

CVE-2024-56140 MEDIUM

Astro < 4.16.17 - Cross-Site Request Forgery Bypass via Semicolon-Delimited Content-Type

CVE-2024-51479 HIGH

Next.js 9.5.5-14.2.14 - Improper Authorization via Pathname-Based Middleware Bypass

CVE-2024-55500 HIGH

Avenwu Whistle <= 2.9.90 - Cross-Site Request Forgery

CVE-2024-53866 CRITICAL

pnpm < 9.15.0 - Untrusted Search Path via Global Cache Override Leak

Previous Page 59 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy