Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,969 tracked vulnerabilities.

CVE-2024-48930 HIGH

secp256k1-node <5.0.1-3.8.1 - Info Disclosure

CVE-2024-21536 HIGH

http-proxy-middleware < 2.0.7 and 3.0.0-3.0.3 - Denial of Service via UnhandledPromiseRejection

CVE-2024-9506 LOW

Vue 2.0.0-2.7.15 - Regular Expression Denial of Service in parseHTML Function

CVE-2024-48913 MEDIUM

Hono < 4.6.5 - CSRF Protection Bypass via Missing Content-Type Header

CVE-2024-47824 HIGH

matrix-react-sdk <3.102.0 - Info Disclosure

CVE-2024-47080 HIGH

matrix-js-sdk <34.7.0 - Info Disclosure

CVE-2024-48948 MEDIUM

elliptic < 6.6.0 - Improper Verification of Cryptographic Signature via ECDSA Hash Truncation

CVE-2024-21535 MEDIUM

markdown-to-jsx < 7.4.0 - Cross-Site Scripting via src Property

CVE-2024-47885 MEDIUM

Astro 3.0.0-4.16.0 - Cross-Site Scripting via DOM Clobbering in Client-Side Router

CVE-2024-47831 MEDIUM

Next.js 10.0.0-14.2.6 - Denial of Service via Image Optimization Feature

CVE-2024-42640 CRITICAL NUCLEI

angular-base64-upload <v0.1.21 - RCE

CVE-2024-47875 CRITICAL

DOMPurify < 2.5.0 - Cross-Site Scripting via Nesting-Based mXSS

CVE-2024-21534 CRITICAL

jsonpath-plus < 10.2.0 - Remote Code Execution via Unsafe vm Usage

CVE-2024-48949 CRITICAL

elliptic < 6.5.6 - Improper Verification of Cryptographic Signature in ECDSA Verify Function

CVE-2024-21533 MEDIUM

ggit - Arbitrary Argument Injection via clone() API

CVE-2024-21532 HIGH

ggit - OS Command Injection via fetchTags API

CVE-2024-47764 MEDIUM

cookie < 0.7.0 - Cookie Field Injection via Name, Path, or Domain

CVE-2024-47183 HIGH

Parse Server <6.5.9, <7.3.0 - Privilege Escalation

CVE-2024-9266 MEDIUM

Express 3.4.5-4.0.0 - Open Redirect via Response Object

CVE-2024-9440 MEDIUM

slim-select 2.0-2.9.0 - Cross-Site Scripting via Unsanitized Options Object

CVE-2024-21531 MEDIUM

git-shallow-clone - OS Command Injection via Process Variable

CVE-2024-21489 HIGH

uplot < 1.6.31 - Prototype Pollution via uplot.assign Function

CVE-2024-47178 MEDIUM

basic-auth-connect <1.1.0 - Info Disclosure

CVE-2024-9283 LOW

RelaxedJS ReLaXed <= 0.2.2 - Cross-Site Scripting in Pug to PDF Converter

CVE-2024-47171 MEDIUM

agnai < 1.0.330 - Path Traversal and Arbitrary File Write via Image Upload

Previous Page 61 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy