npm

4,198 tracked vulnerabilities.

CVE-2024-10491 MEDIUM
Express 3.0.0-3.21.4 and <4.0.0-rc1 - Arbitrary Resource Injection via Link Header
Oct 29, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-7774 CRITICAL
langchain.js < 0.2.19 - Path Traversal via getFullPath Method
Oct 29, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-48964 HIGH
Snyk CLI < 1.1294.0 - Code Injection via Gradle Project Directory Handling
Oct 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-48963 HIGH
Snyk CLI < 1.1294.0 - Code Injection via Current Working Directory Name
Oct 23, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-48930 HIGH
secp256k1-node <5.0.1-3.8.1 - Info Disclosure
Oct 21, 2024
EPSS 0.00
CVE-2024-21536 HIGH
http-proxy-middleware < 2.0.7 and 3.0.0-3.0.3 - Denial of Service via UnhandledPromiseRejection
Oct 19, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-9506 LOW
Vue 2.0.0-2.7.15 - Regular Expression Denial of Service in parseHTML Function
Oct 15, 2024
CVSS 3.7
EPSS 0.01
CVE-2024-48913 MEDIUM
Hono < 4.6.5 - CSRF Protection Bypass via Missing Content-Type Header
Oct 15, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-47824 HIGH
matrix-react-sdk <3.102.0 - Info Disclosure
Oct 15, 2024
EPSS 0.01
CVE-2024-47080 HIGH
matrix-js-sdk <34.7.0 - Info Disclosure
Oct 15, 2024
EPSS 0.01
CVE-2024-48948 MEDIUM
elliptic < 6.6.0 - Improper Verification of Cryptographic Signature via ECDSA Hash Truncation
Oct 15, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-21535 MEDIUM
markdown-to-jsx < 7.4.0 - Cross-Site Scripting via src Property
Oct 15, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-47885 MEDIUM
Astro 3.0.0-4.16.0 - Cross-Site Scripting via DOM Clobbering in Client-Side Router
Oct 14, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-47831 MEDIUM
Next.js 10.0.0-14.2.6 - Denial of Service via Image Optimization Feature
Oct 14, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-42640 CRITICAL NUCLEI
angular-base64-upload <v0.1.21 - RCE
Oct 11, 2024
CVSS 9.8
EPSS 0.44
CVE-2024-47875 CRITICAL
DOMPurify < 2.5.0 - Cross-Site Scripting via Nesting-Based mXSS
Oct 11, 2024
CVSS 10.0
EPSS 0.01
CVE-2024-21534 CRITICAL
jsonpath-plus < 10.2.0 - Remote Code Execution via Unsafe vm Usage
Oct 11, 2024
CVSS 9.8
EPSS 0.09
CVE-2024-48949 CRITICAL
elliptic < 6.5.6 - Improper Verification of Cryptographic Signature in ECDSA Verify Function
Oct 10, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-21533 MEDIUM
ggit - Arbitrary Argument Injection via clone() API
Oct 08, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-21532 HIGH
ggit - OS Command Injection via fetchTags API
Oct 08, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-47764 MEDIUM
cookie < 0.7.0 - Cookie Field Injection via Name, Path, or Domain
Oct 04, 2024
EPSS 0.01
CVE-2024-47183 HIGH
Parse Server <6.5.9, <7.3.0 - Privilege Escalation
Oct 04, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-9266 MEDIUM
Express 3.4.5-4.0.0 - Open Redirect via Response Object
Oct 03, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-9440 MEDIUM
slim-select 2.0-2.9.0 - Cross-Site Scripting via Unsanitized Options Object
Oct 02, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-21531 MEDIUM
git-shallow-clone - OS Command Injection via Process Variable
Oct 01, 2024
CVSS 5.3
EPSS 0.01