npm

3,969 tracked vulnerabilities.

CVE-2024-36361 MEDIUM
Pug <=3.0.2 - Code Execution via Untrusted Template Name Option
May 24, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-34273 MEDIUM
njwt < 2.0.1 - Prototype Pollution via Parser.prototype.parse Method
May 16, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-4367 HIGH
Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check
May 14, 2024
CVSS 8.8
EPSS 0.38
CVE-2024-34712 MEDIUM
Oceanic.js < 1.10.4 - Path Traversal via Unencoded API Endpoint Input
May 14, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-34243 MEDIUM
Konga 0.14.9 - Cross-Site Scripting via Username Parameter
May 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4068 HIGH
braces < 3.0.3 - Denial of Service via Imbalanced Braces Input
May 14, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-4067 MEDIUM
micromatch < 4.0.8 - Regular Expression Denial of Service via Greedy Pattern Matching
May 14, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-34709 MEDIUM
Directus < 10.11.0 - Insufficient Session Expiration via JWT Token
May 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-34708 MEDIUM
Directus < 10.11.0 - Exposure of Sensitive Information via Alias Parameter
May 14, 2024
CVSS 4.9
EPSS 0.00
CVE-2024-34351 HIGH NUCLEI
Next.js 13.4.0-14.1.1 - Server-Side Request Forgery via Server Actions Redirect
May 14, 2024
CVSS 7.5
EPSS 0.93
CVE-2024-34350 HIGH
Next.js 13.4.0-13.5.0 - HTTP Request Smuggling via Rewrites Feature
May 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34341 MEDIUM
Trix < 2.1.1 - Stored Cross-Site Scripting via Pasting Malicious Markup
May 07, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-34342 HIGH
react-pdf <7.7.3 and 8.0.0-8.0.2 - PDF.js JavaScript Execution
May 07, 2024
CVSS 7.1
EPSS 0.05
CVE-2024-34075 MEDIUM
kurwov 3.1.0-3.2.5 - Denial of Service via MarkovData#getNext Sanitization Bypass
May 03, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-34449 MEDIUM
Vditor 3.10.3 - Cross-Site Scripting via A Element Attribute
May 03, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-34394 HIGH
libxmljs2 - Remote Code Execution via namespaces Type Confusion
May 02, 2024
CVSS 8.1
EPSS 0.04
CVE-2024-34393 HIGH
libxmljs2 - Type Confusion via attrs() Function on Parsed Node
May 02, 2024
CVSS 8.1
EPSS 0.03
CVE-2024-34392 HIGH
libxmljs - Remote Code Execution via namespaces Type Confusion
May 02, 2024
CVSS 8.1
EPSS 0.04
CVE-2024-34391 HIGH
libxmljs - Code Execution via attrs Type Confusion
May 02, 2024
CVSS 8.1
EPSS 0.04
CVE-2024-4128 LOW
Firebase Command Line Interface < 13.6.0 - Cross-Site Request Forgery via Export Endpoint
May 02, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-32962 CRITICAL
xml-crypto 4.0.0-5.9.9 - Improper Verification of Cryptographic Signature via KeyInfo Element
May 02, 2024
CVSS 10.0
EPSS 0.13
CVE-2024-25355 HIGH
s3-url-parser 1.0.3 - Denial of Service via Regexes Component
May 01, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-31621 HIGH NUCLEI
Flowise < 1.6.5 - Remote Code Execution via API v1 Component
Apr 29, 2024
CVSS 7.6
EPSS 0.80
CVE-2024-33883 MEDIUM
ejs < 3.1.10 - Protection Mechanism Failure
Apr 28, 2024
CVSS 4.0
EPSS 0.02
CVE-2024-33669 MEDIUM
Passbolt Browser Extension < 4.6.2 - Password Information Leak via HaveIBeenPwned API Requests
Apr 26, 2024
CVSS 6.1
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV