npm

3,969 tracked vulnerabilities.

CVE-2024-1648 HIGH
electron-pdf 20.0.0 - Arbitrary Local File Read via Unvalidated HTML Content
Feb 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-24758 LOW
Undici < 5.28.3 - Exposure of Sensitive Information via Proxy-Authentication Header
Feb 16, 2024
CVSS 3.9
EPSS 0.00
CVE-2024-24750 MEDIUM
Undici 6.0.0-6.6.0 - Use-After-Free via Unconsumed Fetch Body
Feb 16, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-25466 HIGH
React Native Document Picker <9.1.1 - Code Injection
Feb 16, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-1163 HIGH
mapshaper < 0.6.44 - Path Traversal
Feb 13, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-23724 CRITICAL
Ghost < 5.76.0 - Stored Cross-Site Scripting via SVG Profile Picture
Feb 11, 2024
CVSS 9.0
EPSS 0.38
CVE-2024-21490 HIGH
angular.js >=1.3.0 - Denial of Service via ng-srcset Directive Regex Backtracking
Feb 10, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-24828 MEDIUM
vercel/pkg < 5.8.1 - Unauthenticated Arbitrary Code Execution via Predictable /tmp/pkg/ Directory
Feb 09, 2024
CVSS 6.6
EPSS 0.00
CVE-2024-24816 MEDIUM
CKEditor4 < 4.24.0-lts - Cross-Site Scripting via Preview Feature
Feb 07, 2024
CVSS 6.1
EPSS 0.40
CVE-2024-24815 MEDIUM
CKEditor4 < 4.24.0-lts - Cross-Site Scripting via CDATA Content Detection Bypass
Feb 07, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-24398 CRITICAL
Stimulsoft Dashboard.JS < 2024.1.2 - Path Traversal via Save Function FileName Parameter
Feb 06, 2024
CVSS 9.8
EPSS 0.31
CVE-2024-24396 MEDIUM
Stimulsoft Dashboard.JS < 2024.1.2 - Remote Code Execution via Search Bar Component
Feb 05, 2024
CVSS 6.1
EPSS 0.02
CVE-2024-24397 MEDIUM
stimulsoft dashboards.js < 2024.1.2 - Cross-Site Scripting via ReportName Field
Feb 05, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-21485 MEDIUM NUCLEI
dash < 2.15.0 - Stored Cross-Site Scripting via Controlled href Attribute
Feb 02, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-21488 HIGH
forkhq/network < 0.7.0 - OS Command Injection via mac_address_for Function
Jan 30, 2024
CVSS 7.3
EPSS 0.02
CVE-2024-23339 MEDIUM
hoolock 2.0.0-2.2.1 - Prototype Pollution via Object Path Utility Functions
Jan 22, 2024
CVSS 6.3
EPSS 0.12
CVE-2024-21484 HIGH
jsrsasign < 11.0.0 - Observable Discrepancy via RSA PKCS1.5 or RSAOAEP Decryption
Jan 22, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-23725 MEDIUM
Ghost < 5.76.0 - Cross-Site Scripting via Post Excerpt
Jan 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-23331 HIGH
vite 2.7.0-2.9.17 - Improper Access Control via Case-Insensitive Filesystem Bypass
Jan 19, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-21668 MEDIUM
react-native-mmkv < 2.11.0 - Sensitive Information Exposure via Android Log
Jan 09, 2024
CVSS 4.4
EPSS 0.00
CVE-2024-21911 MEDIUM
TinyMCE < 5.6.0 - Unauthenticated Stored Cross-Site Scripting
Jan 03, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-21910 MEDIUM
TinyMCE < 5.10.0 - Unauthenticated Stored Cross-Site Scripting via Crafted Image or Link URLs
Jan 03, 2024
CVSS 6.1
EPSS 0.04
CVE-2024-21908 MEDIUM
TinyMCE < 5.9.0 - Unauthenticated Stored Cross-Site Scripting
Jan 03, 2024
CVSS 6.1
EPSS 0.01
CVE-2023-2142 MEDIUM
Nunjucks < 3.2.4 - Cross-Site Scripting via Autoescape Bypass
Nov 26, 2024
CVSS 6.1
EPSS 0.00
CVE-2023-0163 HIGH
Mozilla Convict - Prototype Pollution
Nov 26, 2024
CVSS 8.4
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV