npm
4,198 tracked vulnerabilities.
CVE-2025-29775
CRITICAL
xml-crypto < 6.0.1, 3.0.0-3.2.1, < 2.1.6 - Cryptographic Signature Verification Bypass
Mar 14, 2025
EPSS 0.09
CVE-2025-29774
CRITICAL
xml-crypto < 6.0.1, 3.0.0-3.2.0, < 2.1.6 - Cryptographic Signature Verification Bypass
Mar 14, 2025
EPSS 0.09
CVE-2025-29776
HIGH
Azle 0.27.0-0.29.0 - Infinite Loop via setTimer
Mar 14, 2025
EPSS 0.00
CVE-2025-25975
HIGH
parse-git-config 3.0.0 - Exposure of Sensitive Information via expandKeys Function
Mar 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-25977
CRITICAL
canvg 4.0.2 - Remote Code Execution via StyleElement Constructor
Mar 10, 2025
CVSS 9.8
EPSS 0.01
CVE-2025-27597
HIGH
Intlify Message-resolver < 9.1.11 - Prototype Pollution
Mar 07, 2025
EPSS 0.01
CVE-2025-27152
MEDIUM
axios < 1.8.2 - Server-Side Request Forgery via Absolute URL Handling
Mar 07, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-27506
MEDIUM
NUCLEI
NocoDB < 0.258.0 - Reflected Cross-Site Scripting via Password Reset Endpoint
Mar 06, 2025
CVSS 5.4
EPSS 0.01
CVE-2025-26319
CRITICAL
NUCLEI
FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload
Mar 04, 2025
CVSS 9.8
EPSS 0.51
CVE-2025-27408
MEDIUM
Manifest < 4.9.2 - Weak Password Hashing via SHA3 Without Salt
Feb 28, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-1756
HIGH
mongosh <2.3.0 - Privilege Escalation
Feb 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-1693
LOW
mongodb mongosh < 2.3.9 - Control Character Injection via Cluster Output
Feb 27, 2025
CVSS 3.9
EPSS 0.00
CVE-2025-1692
MEDIUM
MongoDB Shell <2.3.9 - Code Injection
Feb 27, 2025
CVSS 6.3
EPSS 0.00
CVE-2025-1691
HIGH
mongodb/mongosh < 2.3.9 - Control Character Injection via Autocomplete Feature
Feb 27, 2025
CVSS 7.6
EPSS 0.00
CVE-2025-27146
LOW
matrix-appservice-irc <3.0.3 - Command Injection
Feb 25, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-27143
MEDIUM
Better Auth <1.1.21 - Open Redirect
Feb 24, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-1467
MEDIUM
tarteaucitronjs < 1.17.0 - Cross-Site Scripting via getElemWidth() and getElemHeight()
Feb 23, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-27109
HIGH
solid-js < 1.9.4 - Cross-Site Scripting via Inlined JSX Fragment
Feb 21, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-27108
HIGH
dom-expressions < 0.39.5 - Cross-Site Scripting via Special Replacement Patterns in .replace()
Feb 21, 2025
CVSS 7.3
EPSS 0.00
CVE-2025-25299
LOW
CKEditor 5 Real-Time Collaboration 41.3.0-44.2.0 - Cross-Site Scripting in User Markers
Feb 20, 2025
EPSS 0.01
CVE-2025-0868
CRITICAL
NUCLEI
DocsGPT 0.8.1-0.12.0 - Remote Code Execution via /api/remote Endpoint
Feb 20, 2025
EPSS 0.15
CVE-2025-27089
MEDIUM
Directus 11.0.0-11.1.1 - Incorrect Authorization via Overlapping Update Policies
Feb 19, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-25300
LOW
smartbanner.js <1.14.1 - Open Redirect
Feb 18, 2025
EPSS 0.00
CVE-2025-1302
CRITICAL
NUCLEI
jsonpath-plus < 10.3.0 - Remote Code Execution via Unsafe Eval Mode
Feb 15, 2025
CVSS 9.8
EPSS 0.10
CVE-2025-25304
MEDIUM
Vega < 5.26.0 and vega-selections < 5.4.2 - Cross-Site Scripting via vlSelectionTuples Function
Feb 14, 2025
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters