npm

3,969 tracked vulnerabilities.

CVE-2023-1001 LOW
vxe-table < 3.7.10 - Cross-Site Scripting via inputValue Argument in vxe-textarea
May 24, 2024
CVSS 3.5
EPSS 0.00
CVE-2023-50718 MEDIUM
NocoDB < 0.202.10 - Authenticated SQL Injection via Unescaped table_name
May 14, 2024
CVSS 6.5
EPSS 0.00
CVE-2023-50717 MEDIUM
NocoDB 0.202.6-0.202.10 - Stored Cross-Site Scripting via HTML File Upload
May 14, 2024
CVSS 5.7
EPSS 0.01
CVE-2023-49781 HIGH
NocoDB < 0.202.9 - Stored Cross-Site Scripting in Formula Virtual Cell Comments
May 14, 2024
CVSS 7.3
EPSS 0.01
CVE-2023-49785 CRITICAL NUCLEI
NextChat < 2.11.2 - Server-Side Request Forgery and Cross-Site Scripting
Mar 12, 2024
CVSS 9.1
EPSS 0.90
CVE-2023-52555 MEDIUM
mongo-express 1.0.2 - Cross-Site Request Forgery via Admin Endpoint
Mar 01, 2024
CVSS 6.1
EPSS 0.01
CVE-2023-42282 CRITICAL
fedorindutny/ip < 1.1.9 and >=2.0.0 <2.0.1 - Server-Side Request Forgery via isPublic IP Validation
Feb 08, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-51838 HIGH
Ylianst MeshCentral 1.1.16 - Info Disclosure
Feb 02, 2024
CVSS 7.5
EPSS 0.00
CVE-2023-51837 CRITICAL
Ylianst MeshCentral 1.1.16 - Info Disclosure
Jan 30, 2024
CVSS 9.8
EPSS 0.00
CVE-2023-51842 HIGH
Ylianst MeshCentral <1.1.16 - Info Disclosure
Jan 29, 2024
CVSS 7.5
EPSS 0.00
CVE-2023-50974 MEDIUM
Appwrite CLI < 3.0.0 - Unprotected Credential Exposure via Prefs.json File
Jan 09, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-46308 CRITICAL
plotly.js < 2.25.2 - Prototype Pollution via expandObjectPaths or nestedProperty
Jan 03, 2024
CVSS 9.8
EPSS 0.00
CVE-2023-26159 HIGH
follow-redirects < 1.15.4 - URL Redirection to Untrusted Site via Improper Hostname Parsing
Jan 02, 2024
CVSS 7.3
EPSS 0.00
CVE-2023-50550 MEDIUM
layui < 2.7.5 - Cross-Site Scripting via data-content Parameter
Dec 30, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-7080 HIGH
Cloudflare Wrangler 2.0.0-2.20.1 and 3.0.0-3.18.9 - Unauthenticated Remote Code Execution via V8 Inspector
Dec 29, 2023
CVSS 8.5
EPSS 0.00
CVE-2023-7079 MEDIUM
Cloudflare Wrangler 3.9.0-3.18.9 - Unauthenticated Arbitrary File Read via Dev Server
Dec 29, 2023
CVSS 6.4
EPSS 0.00
CVE-2023-7078 HIGH
Miniflare 3.20230821.0-3.20231030.1 - Server-Side Request Forgery via Crafted HTTP Requests
Dec 29, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-52079 MEDIUM
msgpackr < 1.10.1 - Denial of Service via Crafted MessagePack Message
Dec 28, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-50481 HIGH
blinksocks 3.3.8 - Sensitive Information Exposure via Weak Encryption in SSR Auth Chain
Dec 21, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-50475 CRITICAL
bcoin 2.2.0 - Sensitive Information Exposure via Weak Hashing in faye-websocket.js
Dec 21, 2023
CVSS 9.1
EPSS 0.00
CVE-2023-50728 MEDIUM
octokit/webhooks 9.26.0-9.26.2 - Denial of Service via Uncaught Exception
Dec 15, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-50710 MEDIUM
Hono < 3.11.7 - Path Parameter Override via TrieRouter
Dec 14, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-26920 MEDIUM
fast-xml-parser <4.1.2 - Info Disclosure
Dec 12, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-49804 MEDIUM
Uptime Kuma <1.23.9 - Info Disclosure
Dec 11, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-49800 HIGH
nuxt-api-party < 0.22.1 - Denial of Service via Recursive Retry Logic
Dec 09, 2023
CVSS 7.5
EPSS 0.01
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV