npm
4,198 tracked vulnerabilities.
CVE-2025-58064
LOW
CKEditor 5 44.2.0-45.2.1 46.0.0-46.0.2 - Cross-Site Scripting via Malicious Content Insertion
Sep 04, 2025
EPSS 0.00
CVE-2025-57822
MEDIUM
NUCLEI
Next.js < 14.2.32 - Server-Side Request Forgery via next() Function
Aug 29, 2025
CVSS 6.5
EPSS 0.02
CVE-2025-57752
MEDIUM
Next.js <14.2.31, 15.0.0-15.4.4 - Info Disclosure
Aug 29, 2025
CVSS 6.2
EPSS 0.00
CVE-2025-55173
MEDIUM
Next.js <14.2.31, 15.0.0-15.4.4 - Code Injection
Aug 29, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-4644
MEDIUM
Payload CMS < 3.44.0 - Session Fixation via SQLite Adapter Identifier Reuse
Aug 29, 2025
EPSS 0.00
CVE-2025-4643
MEDIUM
Payload CMS < 3.44.0 - Insufficient Session Expiration via JWT Reuse
Aug 29, 2025
EPSS 0.00
CVE-2025-50979
HIGH
NodeBB v4.3.0 - Unauthenticated SQL Injection via Search-Categories API Endpoint
Aug 27, 2025
CVSS 8.6
EPSS 0.08
CVE-2025-57820
HIGH
devalue < 5.3.2 - Prototype Pollution via __proto__ Property Parsing
Aug 26, 2025
EPSS 0.00
CVE-2025-57810
HIGH
jspdf < 3.0.2 - Denial of Service via addImage Method
Aug 26, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-57814
MEDIUM
request-filtering-agent < 2.0.0 - Server-Side Request Forgery via HTTPS 127.0.0.1 Bypass
Aug 25, 2025
EPSS 0.00
CVE-2025-43761
MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via CKEditor
Aug 22, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-57753
MEDIUM
vite-plugin-static-copy 0.4.3-2.3.1 and 3.0.0-3.1.1 - Path Traversal
Aug 21, 2025
EPSS 0.00
CVE-2025-9288
CRITICAL
sha.js < 2.4.11 - Input Data Manipulation via Improper Input Validation
Aug 20, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-9287
CRITICAL
cipher-base <1.0.4 - Info Disclosure
Aug 20, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-57749
MEDIUM
n8n < 1.106.0 - Symlink Traversal in Read/Write File Node
Aug 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-55746
CRITICAL
Directus 10.8.0-11.9.2 - Unauthenticated Arbitrary File Upload via File Update Mechanism
Aug 20, 2025
CVSS 9.3
EPSS 0.00
CVE-2025-55303
MEDIUM
NUCLEI
Astro < 4.16.18 and 5.0.0-alpha.0-5.13.2 - Unauthorized Image Serving via Protocol-Relative URL Bypass
Aug 19, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-55294
CRITICAL
screenshot-desktop <1.15.2 - Command Injection
Aug 19, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-54881
MEDIUM
mermaid 10.9.0-rc.1-11.9.0 - Cross-Site Scripting via Sequence Diagram Label Input
Aug 19, 2025
EPSS 0.01
CVE-2025-54880
MEDIUM
mermaid 11.1.0-11.9.0 - Cross-Site Scripting via Architecture Diagram Icon Input
Aug 19, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-52478
HIGH
n8n 1.77.0-1.98.2 - Authenticated Stored Cross-Site Scripting via Form Trigger Node HTML Injection
Aug 19, 2025
CVSS 8.7
EPSS 0.00
CVE-2025-9096
LOW
ExpressGateway express-gateway <= 1.16.10 - Cross-Site Scripting in REST Endpoint
Aug 18, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-9095
LOW
ExpressGateway express-gateway <= 1.16.10 - Cross-Site Scripting in REST Endpoint
Aug 17, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-8943
CRITICAL
NUCLEI
Flowise < 3.0.1 - Unauthenticated Remote Code Execution via Custom MCPs Feature
Aug 14, 2025
CVSS 9.8
EPSS 0.72
CVE-2025-55346
CRITICAL
flowise - Remote Code Execution via Dynamic Function Constructor
Aug 14, 2025
CVSS 9.8
EPSS 0.18
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters