npm

3,969 tracked vulnerabilities.

CVE-2024-36423 MEDIUM
Flowise < 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via Public Chatflows Endpoint
Jul 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-36422 MEDIUM
Flowise 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via Chatflow ID Parameter
Jul 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-36421 HIGH
Flowise 1.4.3 - Unauthenticated Origin Validation Error via CORS Misconfiguration
Jul 01, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-36420 HIGH NUCLEI
Flowise 1.4.3 - Arbitrary File Read via OpenAI Assistants File Endpoint
Jul 01, 2024
CVSS 7.5
EPSS 0.57
CVE-2024-39008 CRITICAL
fast-loops < 1.1.4 - Prototype Pollution via objectMergeDeep Function
Jul 01, 2024
CVSS 10.0
EPSS 0.00
CVE-2024-39001 MEDIUM
ag-grid < 31.3.4 - Prototype Pollution via _ModuleSupport.jsonApply
Jul 01, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-38999 CRITICAL
requirejs < 2.3.7 - Prototype Pollution via s.contexts._.configure Function
Jul 01, 2024
CVSS 10.0
EPSS 0.00
CVE-2024-38996 CRITICAL
ag-grid < 31.3.4 - Prototype Pollution via _.mergeDeep Function
Jul 01, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-38993 CRITICAL
jsonic - Prototype Pollution via empty Function
Jul 01, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-38357 MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38356 MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38355 HIGH
Socket.IO < 2.5.1 and 3.0.0-4.6.2 - Denial of Service via Crafted Packet
Jun 19, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-37890 HIGH
NPM WS < 5.2.4 - NULL Pointer Dereference
Jun 17, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-37182 MEDIUM
Mattermost Desktop App <=5.7.0 - RCE
Jun 14, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-36287 LOW
Mattermost Desktop App <=5.7.0 - Auth Bypass
Jun 14, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-37629 MEDIUM
summernote v0.9.1 - Cross-Site Scripting via Code View Function
Jun 12, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37166 HIGH
ghtml < 2.0.0 - Cross-Site Scripting via Tagged Template Injection
Jun 10, 2024
CVSS 8.9
EPSS 0.00
CVE-2024-5389 HIGH
lunary < 1.4.9 - Insufficient Granularity of Access Control for Dataset Prompts
Jun 09, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-4146 CRITICAL
lunary < 1.2.26 - Incorrect Authorization in checkProjectAccess Method
Jun 08, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-37162 MEDIUM
zsa < 0.3.3 - Sensitive Information Exposure via Production Parse Error Stack
Jun 07, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-5478 MEDIUM
lunary 1.2.7 - Stored Cross-Site Scripting via SAML Metadata Endpoint orgId Parameter
Jun 06, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-36128 HIGH
Directus < 10.11.2 - Denial of Service via Random String Generation Utility
Jun 03, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-36120 HIGH
javascript-deobfuscator <1.1.0 - RCE
May 31, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-21512 HIGH
mysql2 < 3.9.8 - Prototype Pollution via nestTables Input
May 29, 2024
CVSS 8.2
EPSS 0.68
CVE-2024-29415 HIGH NUCLEI
Node ip package <=2.0.1 - Server-Side Request Forgery via IP Misclassification
May 27, 2024
CVSS 8.1
EPSS 0.84
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV