npm

3,969 tracked vulnerabilities.

CVE-2024-47170 MEDIUM
agnai < 1.0.330 - Path Traversal via JSON Storage
Sep 26, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-47169 HIGH
agnai < 1.0.330 - Unauthenticated Arbitrary File Write via Path Traversal
Sep 26, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-47075 MEDIUM
layui < 2.9.17 - Cross-Site Scripting via DOM Clobbering
Sep 26, 2024
CVSS 6.4
EPSS 0.02
CVE-2024-46488 MEDIUM
sqlite-vec 0.1.1 - Heap-based Buffer Overflow via npy_token_next
Sep 25, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-45613 MEDIUM
CKEditor 5 40.0.0-43.1.1 - Cross-Site Scripting via Clipboard Package with Block Toolbar
Sep 25, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-9148 CRITICAL
Flowise < 2.1.1 - Stored Cross-Site Scripting in Chat Embed
Sep 25, 2024
CVSS 9.6
EPSS 0.02
CVE-2024-47068 MEDIUM
Rollup <2.79.2, <3.29.5, <4.22.4 - XSS
Sep 23, 2024
CVSS 6.1
EPSS 0.03
CVE-2024-46990 MEDIUM
Directus < 10.13.3 - Improper Access Control via Loopback Device Bypass
Sep 18, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-45813 MEDIUM
find-my-way 5.5.0-8.2.1 and 9.0.0 - Denial of Service via Inefficient Regular Expression
Sep 18, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-46982 HIGH
Next.js 13.5.1-13.5.6 and 14.2.1-14.2.9 - Cache Poisoning via Crafted HTTP Request
Sep 17, 2024
CVSS 7.5
EPSS 0.49
CVE-2024-45812 MEDIUM
Vite 3.2.11-4.5.5, 5.0.0-5.2.14, 5.3.0-5.3.6, 5.4.0-5.4.6 - XSS via DOM Clobbering in cjs/iife/umd
Sep 17, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-45811 MEDIUM
Vite 5.4.0-5.4.5, 5.3.0-5.3.5, 5.0.0-5.2.13, 4.0.0-4.5.4, < 3.2.11 - Unauthenticated Arbitrary File Read via @fs Bypass
Sep 17, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-45801 HIGH
DOMPurify < 2.5.4 - Cross-Site Scripting Bypass via Depth Check Evasion
Sep 16, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-45835 LOW
Mattermost Desktop App <=5.8.0 - Info Disclosure
Sep 16, 2024
CVSS 2.5
EPSS 0.00
CVE-2024-39772 LOW
Mattermost Desktop App <=5.8.0 - Unauthenticated Screen Capture via JavaScript APIs
Sep 16, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-39613 MEDIUM
Mattermost Desktop App <=5.8.0 - Uncontrolled Search Path Element via cmd.exe
Sep 16, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-6867 MEDIUM
lunary-ai/lunary <a761d833 - Info Disclosure
Sep 13, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-6862 HIGH
lunary < 1.4.10 - Cross-Site Request Forgery via Overly Permissive CORS Settings
Sep 13, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-6582 MEDIUM
lunary < 1.4.9 - Unauthenticated Identity Provider Settings Update
Sep 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-6087 MEDIUM
lunary < 1.4.9 - Unauthenticated Account Takeover via Invite Token Reuse
Sep 13, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45607 MEDIUM
whatsapp-api-js 4.0.0-4.0.2 - Improper Verification of Cryptographic Signature in verifyRequestSignature
Sep 12, 2024
CVSS 5.8
EPSS 0.01
CVE-2024-21529 HIGH
dset < 3.1.4 - Prototype Pollution via __proto__ Property Injection
Sep 11, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-45596 HIGH
Directus < 10.13.3 - Unauthenticated Credential Exposure via OpenID/OAuth2 Redirect Cache
Sep 10, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-45590 HIGH
body-parser < 1.20.3 - Denial of Service via URL Encoding
Sep 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-43800 MEDIUM
serve-static < 1.16.0 - Cross-Site Scripting via Unsanitized User Input in redirect()
Sep 10, 2024
CVSS 5.0
EPSS 0.01
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV