npm

3,969 tracked vulnerabilities.

CVE-2024-43799 MEDIUM
send < 0.19.0 - Cross-Site Scripting via SendStream.redirect()
Sep 10, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-43796 MEDIUM
Express < 4.20.0 - Cross-Site Scripting via response.redirect()
Sep 10, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-21528 MEDIUM
node-gettext - Prototype Pollution via addTranslations() Function
Sep 10, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-45296 HIGH
path-to-regexp < 1.9.0 and >= 0.2.0 - Denial of Service via Inefficient Regular Expression
Sep 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-8373 MEDIUM
AngularJS - Content Spoofing via Improper Sanitization of srcset Attribute
Sep 09, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-8372 MEDIUM
AngularJS >=1.3.0-rc.4 - Content Spoofing
Sep 09, 2024
CVSS 4.8
EPSS 0.00
CVE-2024-45389 MEDIUM
Pagefind < 1.1.1 - Cross-Site Scripting via document.currentScript.src Clobbering
Sep 03, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-45047 MEDIUM
svelte < 4.2.19 - Cross-Site Scripting via noscript Attribute Injection
Aug 30, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-45037 MEDIUM
AWS Cloud Development Kit 2.142.0-2.148.0 - Incorrect Authorization via RestApi Construct with CognitoUserPoolAuthorizer
Aug 27, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-43788 MEDIUM
webpack < 5.94.0 - Cross-Site Scripting via DOM Clobbering in AutoPublicPathRuntimeModule
Aug 27, 2024
CVSS 6.4
EPSS 0.02
CVE-2024-8182 HIGH
Flowise 1.8.2 - Unauthenticated Denial of Service via API Upload File Endpoint
Aug 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-8181 CRITICAL NUCLEI
Flowise 1.8.2 - Unauthenticated Authentication Bypass
Aug 27, 2024
CVSS 9.8
EPSS 0.61
CVE-2024-43787 MEDIUM
Hono < 4.5.8 - Cross-Site Request Forgery Bypass via Crafted Content-Type Header
Aug 22, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-40453 CRITICAL
squirrellyjs <9.0.0 - Code Injection
Aug 21, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-43411 LOW
CKEditor4 4.22.0-4.25.0 - Cross-Site Scripting via Version Notification Feature
Aug 21, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-43407 MEDIUM
CKEditor4 < 4.25.0 - Reflected Cross-Site Scripting via GeSHi Code Snippet Plugin
Aug 21, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-43409 MEDIUM
Ghost 4.46.0-5.89.4 - Improper Access Control
Aug 20, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-42369 MEDIUM
matrix-js-sdk < 34.3.1 - Denial of Service via Cyclic Room Structure
Aug 20, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-43370 HIGH
gettext.js < 2.0.3 - Cross-Site Scripting via Corrupted .po Dictionary Files
Aug 16, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-43373 HIGH
webcrack < 2.14.1 - Arbitrary File Write via Unpack Bundles Feature
Aug 15, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-6534 MEDIUM
Directus v10.13.0 - Privilege Escalation
Aug 15, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-43368 MEDIUM
Trix < 2.1.4 - Cross-Site Scripting via Malicious Paste Bypass
Aug 14, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-39338 HIGH
axios 1.3.2-1.7.3 - Server-Side Request Forgery via Path Relative URL Processing
Aug 12, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-42347 HIGH
matrix-react-sdk <3.105.0 - Info Disclosure
Aug 06, 2024
CVSS 7.7
EPSS 0.01
CVE-2024-34344 HIGH
Nuxt 3.4.0-3.12.4 - Remote Code Execution via Test Component Path Parameter
Aug 05, 2024
CVSS 8.8
EPSS 0.01
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV