npm
3,969 tracked vulnerabilities.
CVE-2024-32869
MEDIUM
Hono < 4.2.7 - Path Traversal via serveStatic in Deno
Apr 23, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-21511
CRITICAL
mysql2 < 3.9.7 - Arbitrary Code Injection via Timezone Parameter
Apr 23, 2024
CVSS 9.8
EPSS 0.00
CVE-2024-32000
MEDIUM
matrix-appservice-irc <2.0.0 - Info Disclosure
Apr 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-21508
CRITICAL
mysql2 < 3.9.4 - Remote Code Execution via readCodeFor Function
Apr 11, 2024
CVSS 9.8
EPSS 0.46
CVE-2024-29504
HIGH
Summernote < 0.8.18 - Cross-Site Scripting via Codeview Parameter
Apr 10, 2024
CVSS 7.6
EPSS 0.01
CVE-2024-21509
MEDIUM
sidorares/mysql2 < 3.9.4 - Prototype Pollution via Insecure Results Object Creation
Apr 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-21507
MEDIUM
mysql2 < 3.9.3 - Cache Poisoning via KeyFromFields Colon Injection
Apr 10, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-31454
MEDIUM
PsiTransfer < 2.2.0 - Unauthenticated File Upload and Integrity Violation via File Distribution Endpoint
Apr 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-31453
MEDIUM
PsiTransfer < 2.2.0 - Unrestricted File Upload via File Distribution Endpoint
Apr 09, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-27448
CRITICAL
maildev 2.0.0-beta1-2.1.0 - Remote Code Execution via Crafted Content-ID Header
Apr 05, 2024
CVSS 9.1
EPSS 0.13
CVE-2024-22363
HIGH
SheetJS Community Edition <0.20.2 - DoS
Apr 05, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-31206
HIGH
dectalk-tts <1.0.1 - Info Disclosure
Apr 04, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-31207
MEDIUM
NPM Vite < 2.9.18 - Information Disclosure
Apr 04, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-30260
LOW
undici < 5.28.4 - Improper Authorization via Uncleared Headers in undici.request()
Apr 04, 2024
CVSS 3.9
EPSS 0.00
CVE-2024-30261
LOW
Undici < 5.28.4 - Improper Access Control via Integrity Option Tampering
Apr 04, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-29316
MEDIUM
NodeBB 3.6.7 - Privilege Escalation
Mar 28, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-25354
HIGH
domain-suffix 1.0.8 - Denial of Service via parse Function
Mar 27, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-29881
MEDIUM
TinyMCE < 6.8.1 and 7.0.0 - Cross-Site Scripting via SVG in Object or Embed Elements
Mar 26, 2024
CVSS 4.3
EPSS 0.05
CVE-2024-29203
MEDIUM
TinyMCE < 6.8.1 - Cross-Site Scripting via Iframe Element Insertion
Mar 26, 2024
CVSS 4.3
EPSS 0.02
CVE-2024-29041
MEDIUM
Express.js < 4.19.2 - Open Redirect via Malformed URL Bypass
Mar 25, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-28246
MEDIUM
KaTeX 0.11.0-0.16.9 - Cross-Site Scripting via Uppercase Protocol Bypass
Mar 25, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-28245
MEDIUM
KaTeX 0.11.0-0.16.9 - Cross-Site Scripting via \\includegraphics
Mar 25, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-28244
MEDIUM
KaTeX 0.15.4-0.16.9 - Denial of Service via Unicode Subscript/Superscript Bypass
Mar 25, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-28243
MEDIUM
KaTeX 0.1.0-0.16.9 - Denial of Service via \edef Recursion Bypass
Mar 25, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-21505
HIGH
web3-utils < 4.2.1 - Prototype Pollution via Format and MergeDeep Utility Functions
Mar 25, 2024
CVSS 7.5
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters