npm
3,969 tracked vulnerabilities.
CVE-2024-29042
MEDIUM
francisco/translate < 3.0.0 - Cache Poisoning via opt.id Parameter
Mar 22, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-29272
MEDIUM
NUCLEI
VvvebJs < 1.7.5 - Arbitrary File Upload
Mar 22, 2024
CVSS 6.5
EPSS 0.89
CVE-2024-29271
MEDIUM
vvvebjs < 1.7.7 - Reflected Cross-Site Scripting via save.php Action Parameter
Mar 22, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-28863
MEDIUM
node-tar < 6.2.1 - Denial of Service via Excessive Sub-Folder Creation
Mar 21, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-29180
HIGH
Webpack-dev-middleware <7.1.0, 6.1.2, 5.3.4 - Info Disclosure
Mar 21, 2024
CVSS 7.4
EPSS 0.03
CVE-2024-28635
MEDIUM
SurveyJS Survey Creator < 1.9.132 - Cross-Site Scripting via Form Title Parameter
Mar 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-27927
MEDIUM
RSSHub <1.0.0-master.a429472 - Server-Side Request Forgery via Arbitrary HTTP Fetch
Mar 21, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-27926
MEDIUM
RSSHub 1.0.0-master.cbbd829-1.0.0-master.d8ca915 - Cross-Site Scripting via Media Proxy
Mar 21, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-29027
CRITICAL
Parse Server < 6.5.5 - Remote Code Execution via Cloud Function or Job Name Injection
Mar 19, 2024
CVSS 9.0
EPSS 0.02
CVE-2024-28849
MEDIUM
follow-redirects < 1.15.6 - Exposure of Sensitive Information via Proxy-Authentication Header
Mar 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-28239
MEDIUM
Directus < 10.10.0 - Open Redirect via Auth API Redirect Parameter
Mar 12, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-28238
LOW
Directus < 10.10.0 - Session Token Exposure via /files URL Parameter
Mar 12, 2024
CVSS 2.3
EPSS 0.00
CVE-2024-28121
HIGH
Stimulus Reflex < 3.4.2/3.5.0.rc4 - Unsafe Reflex Method Invocation
Mar 12, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-28176
MEDIUM
jose < 2.0.7 and 3.0.0-4.15.4 - Uncontrolled Resource Consumption in JWE Decryption
Mar 09, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-27307
CRITICAL
JSONata <1.8.7, >1.4.0 & <2.0.4 - RCE
Mar 06, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-27303
HIGH
electron-builder <24.13.2 - Command Injection
Mar 06, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-25865
MEDIUM
hexo-theme-anzhiyu 1.6.12 - Cross-Site Scripting via Algolia Search Function
Mar 02, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-27298
CRITICAL
Parse Server <6.5.0, <7.0.0-alpha.20 - SQL Injection
Mar 01, 2024
CVSS 10.0
EPSS 0.00
CVE-2024-27296
MEDIUM
Directus < 10.8.3 - Unauthenticated Sensitive Information Exposure via Compiled JS Bundles
Mar 01, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-27295
HIGH
Directus < 10.8.3 - Password Reset Token Hijacking via Accent-Insensitive Email Comparison
Mar 01, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-22891
CRITICAL
nteract 0.28.0 - Remote Code Execution via Markdown Link
Mar 01, 2024
CVSS 9.8
EPSS 0.39
CVE-2024-1899
MEDIUM
showdownjs < 2.1.0 - Denial of Service via Anchors Subparser
Feb 26, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-27088
NONE
es5-ext 0.10.0-0.10.62 - Inefficient Regular Expression Complexity in function#copy and function#toStringTokens
Feb 26, 2024
EPSS 0.02
CVE-2024-21501
MEDIUM
sanitize-html < 2.12.1 - Information Exposure via Style Attribute
Feb 24, 2024
CVSS 5.3
EPSS 0.02
CVE-2024-26135
HIGH
MeshCentral < 1.1.21 - Cross-Site WebSocket Hijacking via control.ashx Endpoint
Feb 20, 2024
CVSS 8.3
EPSS 0.02
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters