npm
4,198 tracked vulnerabilities.
CVE-2024-12905
HIGH
tar-fs < 1.16.4, 2.0.0-2.1.2, 3.0.0-3.0.8 - Path Traversal and Arbitrary File Write via Malicious Tar Extraction
Mar 27, 2025
CVSS 7.5
EPSS 0.02
CVE-2024-12537
HIGH
open-webui 0.3.32 - Unauthenticated Denial of Service via Code Format Endpoint
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-12534
HIGH
open-webui v0.3.32 - Unauthenticated Denial of Service via Large Payload Submission
Mar 20, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-53384
MEDIUM
tsup 8.3.4 - Remote Code Execution via DOM Clobbering in cjs_shims.js
Mar 03, 2025
CVSS 5.1
EPSS 0.00
CVE-2024-51091
MEDIUM
seajs 2.2.3 - Cross-Site Scripting via seajs Package
Mar 03, 2025
CVSS 5.4
EPSS 0.00
CVE-2024-53388
HIGH
mavo v0.3.2 - DOM Clobbering
Mar 03, 2025
CVSS 8.8
EPSS 0.01
CVE-2024-53386
MEDIUM
stage.js < 0.8.10 - DOM Clobbering and Cross-Site Scripting via document.currentScript Shadowing
Mar 03, 2025
CVSS 4.9
EPSS 0.00
CVE-2024-53382
MEDIUM
PrismJS < 1.29.0 - DOM Clobbering and Cross-Site Scripting via document.currentScript Shadowing
Mar 03, 2025
CVSS 4.9
EPSS 0.00
CVE-2024-11831
MEDIUM
serialize-javascript >=6.0.0 <6.0.2 - Cross-Site Scripting via Unsanitized JavaScript Object Input
Feb 10, 2025
CVSS 5.4
EPSS 0.01
CVE-2024-57086
HIGH
node-opcua-alarm-condition <2.134.0 - DoS
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-57080
HIGH
vxe-table 4.8.10 - Denial of Service via Prototype Pollution in lib.install
Feb 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-57077
CRITICAL
utils-extend 1.0.8 - Prototype Pollution
Feb 05, 2025
CVSS 9.1
EPSS 0.00
CVE-2024-57075
HIGH
eazy-logger < 4.1.0 - Denial of Service via Prototype Pollution
Feb 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-57072
HIGH
module-from-string 3.3.1 - Denial of Service via Prototype Pollution
Feb 05, 2025
CVSS 7.5
EPSS 0.01
CVE-2024-53615
MEDIUM
files.photo.gallery 0.3.0-0.11.0 - Remote Code Execution via Video Thumbnail Rendering
Jan 30, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-57041
MEDIUM
NodeBB < 3.11.1 - Stored Cross-Site Scripting in Profile About Me Section
Jan 24, 2025
CVSS 4.6
EPSS 0.30
CVE-2024-57556
MEDIUM
nbubna/store < 2.14.2 - Cross-Site Scripting via store.deep.js Component
Jan 23, 2025
CVSS 6.1
EPSS 0.00
CVE-2024-48460
MEDIUM
tabby-ssh < 1.0.214 - Improper Certificate Validation
Jan 16, 2025
CVSS 4.3
EPSS 0.00
CVE-2024-36751
MEDIUM
parse-uri - Regular Expression Denial of Service via Crafted URL
Jan 15, 2025
CVSS 6.5
EPSS 0.01
CVE-2024-56332
MEDIUM
Next.js 13.0.0-13.5.7 - Denial of Service via Server Actions
Jan 03, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-56198
CRITICAL
path-sanitizer < 3.1.0 - Path Traversal via .=%5c Bypass
Dec 31, 2024
EPSS 0.01
CVE-2024-56734
MEDIUM
better-auth < 1.1.6 - Open Redirect via Email Verification Callback URL Parameter
Dec 30, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-56334
HIGH
systeminformation < 5.23.7 - OS Command Injection via SSID Parameter in getWindowsIEEE8021x
Dec 20, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-56331
MEDIUM
NUCLEI
Uptime Kuma 1.23.0-1.23.15 and 2.0.0-beta.0 - Authenticated Path Traversal via Real-Browser URL Input
Dec 20, 2024
CVSS 6.8
EPSS 0.02
CVE-2024-56159
MEDIUM
NUCLEI
Astro < 4.16.18 and 5.0.0-alpha.0-5.0.7 - Unauthenticated Sensitive Source Code Exposure via Sourcemap Files
Dec 19, 2024
CVSS 5.3
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters