npm
4,198 tracked vulnerabilities.
CVE-2025-49223
CRITICAL
billboard.js < 3.15.1 - Prototype Pollution via Generate Function
Jun 04, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-48997
HIGH
multer >=1.4.4-lts.1 <2.0.1 - Denial of Service via Empty String Field Name
Jun 03, 2025
EPSS 0.00
CVE-2025-30360
MEDIUM
webpack-dev-server < 5.2.1 - Origin Validation Error via IP Address Origin Header
Jun 03, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-30359
MEDIUM
webpack-dev-server <5.2.1 - Info Disclosure
Jun 03, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-48387
HIGH
tar-fs <3.0.9, <2.1.3, <1.16.5 - Path Traversal
Jun 02, 2025
EPSS 0.00
CVE-2025-48068
MEDIUM
Next.js <14.2.30, <15.2.2 - Info Disclosure
May 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-5276
HIGH
mcp-markdownify-server - Server-Side Request Forgery via Markdownify.get() Function
May 29, 2025
CVSS 7.4
EPSS 0.00
CVE-2025-5273
MEDIUM
mcp-markdownify-server - Info Disclosure
May 29, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-48054
MEDIUM
Radashi < 12.5.1 - Prototype Pollution via set Function Path Argument
May 27, 2025
EPSS 0.01
CVE-2025-47949
HIGH
samlify < 2.10.0 - Signature Wrapping Attack via SAML Response Forgery
May 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-47944
HIGH
multer 1.4.4-lts.1-2.0.0 - Denial of Service via Malformed Multi-Part Upload Request
May 19, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47935
HIGH
Multer < 2.0.0 - Denial of Service via Unclosed Stream Handling
May 19, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-47934
HIGH
OpenPGP.js 5.0.1-5.11.2 & 6.0.0-alpha.0-6.1.0 Signature Verification Spoofing
May 19, 2025
EPSS 0.01
CVE-2025-47948
HIGH
cocotais-bot 1.5.0-test2-hotfix-1.6.2 - Unauthenticated Privilege Escalation via Command Echo Injection
May 17, 2025
CVSS 7.2
EPSS 0.00
CVE-2025-4759
HIGH
Package Lockfile-Lint-API <5.9.2 - Info Disclosure
May 16, 2025
CVSS 8.3
EPSS 0.00
CVE-2025-4727
LOW
Meteor < 3.2.2 - Inefficient Regular Expression Complexity in Object.assign
May 15, 2025
CVSS 3.7
EPSS 0.01
CVE-2025-47279
LOW
Undici < 5.29.0, 6.0.0-6.21.1, 7.0.0-7.4.9 - Memory Leak via Repeated Webhook Calls
May 15, 2025
CVSS 3.1
EPSS 0.00
CVE-2025-1647
MEDIUM
Bootstrap 3.4.1-4.0.0 - Cross-Site Scripting
May 15, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-32421
LOW
Next.js < 14.2.24 - Race Condition in Pages Router via x-now-route-matches Header
May 14, 2025
CVSS 3.7
EPSS 0.01
CVE-2025-47204
MEDIUM
NUCLEI
bootstrap-multiselect 1.1.2 - Reflective Cross-Site Scripting via POST Data Echo
May 13, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-47269
HIGH
code-server < 4.99.4 - Unintended Proxy via Malicious URL
May 09, 2025
CVSS 8.3
EPSS 0.36
CVE-2025-46812
LOW
Trix < 2.1.15 - Stored Cross-Site Scripting via Pasting Malicious Code
May 08, 2025
EPSS 0.01
CVE-2025-46573
HIGH
passport-wsfed-saml2 <4.6.3 - Auth Bypass
May 06, 2025
EPSS 0.00
CVE-2025-46572
CRITICAL
passport-wsfed-saml2 <4.6.3 - Auth Bypass
May 06, 2025
EPSS 0.00
CVE-2025-46332
MEDIUM
flags < 4.0.0 and @vercel/flags < 4.0.0 - Unauthenticated Exposure of Sensitive Information via Discovery Endpoint
May 02, 2025
CVSS 6.5
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters