npm
4,198 tracked vulnerabilities.
CVE-2025-55164
HIGH
content-security-policy-parser <0.6.0 - Prototype Pollution
Aug 12, 2025
EPSS 0.00
CVE-2025-54793
MEDIUM
NUCLEI
Astro 5.2.0-5.12.7 - Open Redirect via Trailing Slash Logic
Aug 08, 2025
CVSS 6.1
EPSS 0.01
CVE-2025-54885
MEDIUM
Thinbus Javascript Secure Remote Password <2.0.0 - Info Disclosure
Aug 07, 2025
EPSS 0.00
CVE-2025-54798
LOW
raszi/tmp < 0.2.4 - Arbitrary File Write via Symbolic Link
Aug 07, 2025
CVSS 2.5
EPSS 0.00
CVE-2025-54803
HIGH
js-toml < 1.0.2 - Prototype Pollution via Malicious TOML Input
Aug 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-54387
CRITICAL
unjs/ipx <1.3.2, 2.0.0-2.1.0, 3.0.0-3.1.0 - Path Traversal via Path Prefix Bypass
Aug 05, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-54590
MEDIUM
webfinger.js < 2.8.1 - Server-Side Request Forgery via User Address Lookup
Aug 01, 2025
EPSS 0.01
CVE-2025-54419
CRITICAL
node-saml < 5.1.0 - Authentication Bypass via SAML Assertion Manipulation
Jul 28, 2025
CVSS 10.0
EPSS 0.00
CVE-2025-8267
HIGH
ssrfcheck < 1.2.0 - Server-Side Request Forgery via Multicast IP Bypass
Jul 28, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-8101
HIGH
linkifyjs 4.3.1 - Prototype Pollution leading to Cross-Site Scripting
Jul 25, 2025
EPSS 0.01
CVE-2025-43712
LOW
JHipster < 8.9.0 - Privilege Escalation via Authorities Parameter Manipulation
Jul 25, 2025
CVSS 2.9
EPSS 0.00
CVE-2025-8129
LOW
KoaJS Koa 2.0.0-2.16.2 - Open Redirect via Referrer Header
Jul 25, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-54369
CRITICAL
node-saml < 5.1.0 - Improper Verification of Cryptographic Signature
Jul 24, 2025
EPSS 0.00
CVE-2025-8021
HIGH
files-bucket-server - Path Traversal
Jul 23, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-8020
HIGH
private-ip - Server-Side Request Forgery via Multicast IP Address
Jul 23, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-54313
HIGH
KEV
eslint-config-prettier <10.1.7 - Code Injection
Jul 19, 2025
CVSS 7.5
EPSS 0.04
CVE-2025-7783
CRITICAL
form-data <2.5.4, 3.0.0-3.0.3, 4.0.0-4.0.3 - HPP
Jul 18, 2025
EPSS 0.02
CVE-2025-54073
HIGH
mcp-package-docs < 0.1.28 - Remote Code Execution via Unsanitized Input in child_process.exec
Jul 18, 2025
CVSS 7.5
EPSS 0.08
CVE-2025-7339
LOW
on-headers <1.1.0 - Buffer Overflow
Jul 17, 2025
CVSS 3.4
EPSS 0.00
CVE-2025-7338
HIGH
multer >=1.4.4-lts.1 <2.0.2 - Denial of Service via Malformed Multi-Part Upload Request
Jul 17, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-53892
MEDIUM
Vue I18n <9.14.5, 10.0.8, 11.1.0 - XSS
Jul 16, 2025
EPSS 0.01
CVE-2025-53889
MEDIUM
Directus <11.9.0 - Privilege Escalation
Jul 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-53887
MEDIUM
Directus 9.0.0-11.8.0 - Unauthenticated Exposure of Sensitive Version Information via OpenAPI Spec Endpoint
Jul 15, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-53886
MEDIUM
Directus 9.0.0-11.8.0 - Sensitive Information Exposure in WebHook Flow Logs
Jul 15, 2025
CVSS 4.5
EPSS 0.00
CVE-2025-53885
MEDIUM
Directus 9.0.0-11.8.0 - Sensitive Information Exposure via Log to Console Operation
Jul 15, 2025
CVSS 4.2
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters