npm
4,198 tracked vulnerabilities.
CVE-2025-31119
HIGH
generator-jhipster-entity-audit < 5.9.1 - Unsafe Reflection via Javers Entity Audit Framework
Apr 03, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-31486
MEDIUM
NUCLEI
Vite server.fs.deny Bypass - Local File Inclusion
Apr 03, 2025
CVSS 5.3
EPSS 0.39
CVE-2025-30218
MEDIUM
Next.js <12.3.6, <13.5.10, <14 - SSRF
Apr 02, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-29049
MEDIUM
mathlive < 0.104.0 - Cross-Site Scripting via MathLive Function
Apr 01, 2025
CVSS 6.3
EPSS 0.01
CVE-2025-31128
MEDIUM
gifplayer < 0.3.7 - Cross-Site Scripting
Mar 31, 2025
EPSS 0.00
CVE-2025-31125
MEDIUM
KEVNUCLEI
Vite Development Server - Path Traversal
Mar 31, 2025
CVSS 5.3
EPSS 0.59
CVE-2025-27793
MEDIUM
Vega <5.32.0/5.17.0 - Code Injection
Mar 27, 2025
EPSS 0.00
CVE-2025-26619
MEDIUM
vega and vega-functions - Cross-Site Scripting via Unsupported JavaScript Function Calls
Mar 27, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-30353
HIGH
Directus 9.12.0-11.4.9 - Exposure of Sensitive Information via Webhook Flow ValidationError
Mar 26, 2025
CVSS 8.6
EPSS 0.01
CVE-2025-30352
MEDIUM
Directus 9.0.0-alpha.4-11.4.9 - Unauthorized Sensitive Information Exposure via Search Query Parameter
Mar 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-30351
LOW
Directus <11.5.0 - Privilege Escalation
Mar 26, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-30350
MEDIUM
Directus 9.22.0-11.5.0 - Denial of Service via HEAD Request Burst
Mar 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-30225
MEDIUM
Directus 9.22.0-11.5.0 - Denial of Service via Malformed Transformation Requests
Mar 26, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-30222
LOW
shescape 1.7.2-2.1.1 - Environment Variable Exposure on Windows via CMD Shell
Mar 25, 2025
EPSS 0.00
CVE-2025-30208
MEDIUM
NUCLEI
Vite - Arbitrary File Read
Mar 24, 2025
CVSS 5.3
EPSS 0.75
CVE-2025-2699
LOW
GetmeUK ContentTools < 1.6.16 - Cross-Site Scripting via Image Handler onload Argument
Mar 24, 2025
CVSS 3.5
EPSS 0.00
CVE-2025-2691
HIGH
nossrf < 1.0.4 - Server-Side Request Forgery via Hostname Bypass
Mar 23, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-30168
MEDIUM
Parse Server <7.5.2-8.0.2 - Auth Bypass
Mar 21, 2025
CVSS 6.9
EPSS 0.00
CVE-2025-2598
MEDIUM
AWS Cloud Development Kit 2.172.0-2.178.2 - Exposure of Sensitive System Information via Credential Plugin
Mar 21, 2025
CVSS 5.5
EPSS 0.00
CVE-2025-29927
CRITICAL
NUCLEI
Next.js Middleware Bypass
Mar 21, 2025
CVSS 9.1
EPSS 0.99
CVE-2025-27415
HIGH
Nuxt 3.0.0-3.15.9 - Cache Poisoning via Crafted HTTP Request
Mar 19, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-30144
MEDIUM
fast-jwt < 5.0.6 - Authentication Bypass via Issuer Claim Spoofing
Mar 19, 2025
CVSS 6.5
EPSS 0.01
CVE-2025-29907
HIGH
jsPDF < 3.0.1 - Denial of Service via addImage Method
Mar 18, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-26042
MEDIUM
Uptime Kuma >= 1.23.0 - Regular Expression Denial of Service via Notification String
Mar 17, 2025
CVSS 6.0
EPSS 0.00
CVE-2025-1398
LOW
Mattermost Desktop App <=5.10.0 - Untrusted Search Path via macOS Entitlements
Mar 17, 2025
CVSS 3.3
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters