npm
3,969 tracked vulnerabilities.
CVE-2024-54152
CRITICAL
Angular Expressions < 1.4.3 - Remote Code Execution via Sandbox Escape
Dec 10, 2024
EPSS 0.25
CVE-2024-54151
HIGH
Directus <11.3.0 - Privilege Escalation
Dec 09, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-53441
CRITICAL
cookie-encrypter 1.0.1 - Bit Flipping Attack via DecryptCookie Function
Dec 09, 2024
CVSS 9.1
EPSS 0.00
CVE-2024-53847
MEDIUM
Trix 1.0.0-1.3.2 and 2.0.0-2.1.8 - Cross-Site Scripting via Malicious Paste
Dec 09, 2024
EPSS 0.00
CVE-2024-55565
MEDIUM
nanoid 4.0.0-5.0.8 - Denial of Service via Non-Integer Value Mishandling
Dec 09, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-52798
HIGH
path-to-regexp <0.1.12 - Info Disclosure
Dec 05, 2024
EPSS 0.00
CVE-2024-54128
MEDIUM
Directus 10.10.0-10.13.3 and 11.0.0-13.3.0 - HTML Injection via Comment Feature Client-Side Filter Bypass
Dec 05, 2024
CVSS 5.7
EPSS 0.00
CVE-2024-51210
MEDIUM
Firepad <= 1.5.11 - Unauthenticated Document Content Disclosure
Dec 04, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-53900
CRITICAL
NUCLEI
mongoosejs/mongoose < 6.13.5 and >=8.0.0-rc0 <8.8.3 - Search Injection via $where in Match
Dec 02, 2024
CVSS 9.1
EPSS 0.52
CVE-2024-52810
MEDIUM
intlify/shared 9.7.0-9.14.1 and 10.0.0-10.0.4 - Prototype Pollution via deepCopy Function
Nov 29, 2024
EPSS 0.00
CVE-2024-52809
MEDIUM
intlify/core-base 9.3.0-9.14.2 - Cross-Site Scripting in Locale Message AST Generation
Nov 29, 2024
EPSS 0.00
CVE-2024-11023
MEDIUM
Firebase JavaScript SDK < 10.9.0 - Session Data Exposure via FIREBASE_DEFAULTS Cookie Manipulation
Nov 18, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-49362
HIGH
Joplin < 3.1 - Remote Code Execution via Unsanitized Mermaid Link Attributes
Nov 14, 2024
CVSS 7.7
EPSS 0.02
CVE-2024-21541
HIGH
dom-iterator < 1.0.1 - Remote Code Execution via Function Constructor
Nov 13, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-50336
MEDIUM
matrix-js-sdk < 34.11.1 - Path Traversal via Crafted MXC URIs
Nov 12, 2024
EPSS 0.01
CVE-2024-21538
HIGH
cross-spawn < 6.0.6 and 7.0.0-7.0.5 - Regular Expression Denial of Service
Nov 08, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-51434
MEDIUM
Froala WYSIWYG Editor <= 4.3.0 - Cross-Site Scripting via Plaintext Tag Parsing
Nov 07, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-51757
CRITICAL
happy-dom < 15.10.2 - Cross-Site Scripting via Script Tag Execution
Nov 06, 2024
EPSS 0.01
CVE-2024-42515
CRITICAL
glossarizer <= 1.5.2 - Stored Cross-Site Scripting via Glossary Entry Injection
Oct 31, 2024
CVSS 9.9
EPSS 0.00
CVE-2024-48910
CRITICAL
DOMPurify < 2.4.2 - Prototype Pollution
Oct 31, 2024
CVSS 9.1
EPSS 0.03
CVE-2024-21537
HIGH
lilconfig 3.1.0 - Remote Code Execution via Insecure eval Usage in dynamicImport
Oct 31, 2024
CVSS 8.8
EPSS 0.00
CVE-2024-10491
MEDIUM
Express 3.0.0-3.21.4 and <4.0.0-rc1 - Arbitrary Resource Injection via Link Header
Oct 29, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-7774
CRITICAL
langchain.js < 0.2.19 - Path Traversal via getFullPath Method
Oct 29, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-48964
HIGH
Snyk CLI < 1.1294.0 - Code Injection via Gradle Project Directory Handling
Oct 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-48963
HIGH
Snyk CLI < 1.1294.0 - Code Injection via Current Working Directory Name
Oct 23, 2024
CVSS 7.5
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters