npm
4,198 tracked vulnerabilities.
CVE-2024-10491
MEDIUM
Express 3.0.0-3.21.4 and <4.0.0-rc1 - Arbitrary Resource Injection via Link Header
Oct 29, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-7774
CRITICAL
langchain.js < 0.2.19 - Path Traversal via getFullPath Method
Oct 29, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-48964
HIGH
Snyk CLI < 1.1294.0 - Code Injection via Gradle Project Directory Handling
Oct 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-48963
HIGH
Snyk CLI < 1.1294.0 - Code Injection via Current Working Directory Name
Oct 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-48930
HIGH
secp256k1-node <5.0.1-3.8.1 - Info Disclosure
Oct 21, 2024
EPSS 0.00
CVE-2024-21536
HIGH
http-proxy-middleware < 2.0.7 and 3.0.0-3.0.3 - Denial of Service via UnhandledPromiseRejection
Oct 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-9506
LOW
Vue 2.0.0-2.7.15 - Regular Expression Denial of Service in parseHTML Function
Oct 15, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-48913
MEDIUM
Hono < 4.6.5 - CSRF Protection Bypass via Missing Content-Type Header
Oct 15, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-47824
HIGH
matrix-react-sdk <3.102.0 - Info Disclosure
Oct 15, 2024
EPSS 0.01
CVE-2024-47080
HIGH
matrix-js-sdk <34.7.0 - Info Disclosure
Oct 15, 2024
EPSS 0.01
CVE-2024-48948
MEDIUM
elliptic < 6.6.0 - Improper Verification of Cryptographic Signature via ECDSA Hash Truncation
Oct 15, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-21535
MEDIUM
markdown-to-jsx < 7.4.0 - Cross-Site Scripting via src Property
Oct 15, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-47885
MEDIUM
Astro 3.0.0-4.16.0 - Cross-Site Scripting via DOM Clobbering in Client-Side Router
Oct 14, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-47831
MEDIUM
Next.js 10.0.0-14.2.6 - Denial of Service via Image Optimization Feature
Oct 14, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-42640
CRITICAL
NUCLEI
angular-base64-upload <v0.1.21 - RCE
Oct 11, 2024
CVSS 9.8
EPSS 0.44
CVE-2024-47875
CRITICAL
DOMPurify < 2.5.0 - Cross-Site Scripting via Nesting-Based mXSS
Oct 11, 2024
CVSS 10.0
EPSS 0.01
CVE-2024-21534
CRITICAL
jsonpath-plus < 10.2.0 - Remote Code Execution via Unsafe vm Usage
Oct 11, 2024
CVSS 9.8
EPSS 0.09
CVE-2024-48949
CRITICAL
elliptic < 6.5.6 - Improper Verification of Cryptographic Signature in ECDSA Verify Function
Oct 10, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-21533
MEDIUM
ggit - Arbitrary Argument Injection via clone() API
Oct 08, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-21532
HIGH
ggit - OS Command Injection via fetchTags API
Oct 08, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-47764
MEDIUM
cookie < 0.7.0 - Cookie Field Injection via Name, Path, or Domain
Oct 04, 2024
EPSS 0.01
CVE-2024-47183
HIGH
Parse Server <6.5.9, <7.3.0 - Privilege Escalation
Oct 04, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-9266
MEDIUM
Express 3.4.5-4.0.0 - Open Redirect via Response Object
Oct 03, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-9440
MEDIUM
slim-select 2.0-2.9.0 - Cross-Site Scripting via Unsanitized Options Object
Oct 02, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-21531
MEDIUM
git-shallow-clone - OS Command Injection via Process Variable
Oct 01, 2024
CVSS 5.3
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters