npm

3,969 tracked vulnerabilities.

CVE-2023-49799 HIGH
nuxt-api-party < 0.22.0 - Server-Side Request Forgery via Leading Whitespace Bypass
Dec 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26158 HIGH
mock.js < 1.1.0 - Prototype Pollution via Util.extend Function
Dec 08, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-47440 MEDIUM
Gladys Assistant < 4.30.0 - Authenticated Path Traversal
Dec 07, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-26154 MEDIUM
PubNub <7.4.0, <6.19.0, <7.3.0, <6.1.0, <5.3.0, <0.4.0 - Path Trave...
Dec 06, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-49293 MEDIUM NUCLEI
vite 4.4.0-4.4.11 - Cross-Site Scripting via Malicious URL Query String in HTML Transformation
Dec 04, 2023
CVSS 6.1
EPSS 0.08
CVE-2023-49276 MEDIUM
uptime.kuma 1.20.0-1.23.6 - Stored Cross-Site Scripting via Google Analytics ID Attribute Injection
Dec 01, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-44402 MEDIUM
Electron < 22.3.24 - Insufficient Verification of Data Authenticity via Asar Integrity Validation Bypass
Dec 01, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-6293 HIGH
robinbuschmann/sequelize-typescript <2.1.6 - Info Disclosure
Nov 24, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-48711 LOW
google-translate-api-browser <4.1.3 - Server-Side Request Forgery via tld Option
Nov 24, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-49210 CRITICAL
node-openssl < 2.0.0 - Command Injection via Verb Field
Nov 23, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-48309 MEDIUM
next-auth < 4.24.5 - Improper Authorization via Middleware JWT Manipulation
Nov 20, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-48223 MEDIUM
fast-jwt < 3.3.2 - JWT Algorithm Confusion via Public Key PEM Format Bypass
Nov 20, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-48218 MEDIUM
Strapi Protected Populate Plugin < 1.3.4 - Incorrect Authorization Bypass
Nov 20, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-48238 HIGH
joaquimserafim/json-web-token < 3.1.1 - JWT Algorithm Confusion via Unverified Algorithm Header
Nov 17, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-4771 MEDIUM
CKEditor < 4.15.1 - Cross-Site Scripting via /ckeditor/samples/old/ajax.html
Nov 16, 2023
CVSS 6.1
EPSS 0.22
CVE-2023-48219 MEDIUM
TinyMCE < 5.10.9 - Mutation Cross-Site Scripting via Undo/Redo Functionality
Nov 15, 2023
CVSS 6.1
EPSS 0.02
CVE-2023-48094 MEDIUM
CesiumJS - Cross-Site Scripting via Crafted Payload to index.html
Nov 14, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-45885 MEDIUM
NASA Open MCT <= 3.1.0 - Cross-Site Scripting via Flexible Layout New Component Feature
Nov 09, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-45884 MEDIUM
NASA Open MCT <= 3.1.0 - Cross-Site Request Forgery via flexibleLayout Plugin
Nov 09, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-26156 MEDIUM
Chromedriver <119.0.1 - Command Injection
Nov 09, 2023
CVSS 5.6
EPSS 0.01
CVE-2023-45857 MEDIUM
Axios 1.5.1 - Sensitive Information Exposure via X-XSRF-TOKEN Header
Nov 08, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-46998 MEDIUM
BootBox Bootbox.js 3.2-6.0 - Cross-Site Scripting via alert(), confirm(), prompt() Functions
Nov 07, 2023
CVSS 6.1
EPSS 0.39
CVE-2023-46234 MEDIUM
browserify-sign - Signature Forgery
Oct 26, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46233 CRITICAL
crypto-js < 4.2.0 - Use of a Broken or Risky Cryptographic Algorithm
Oct 25, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-46133 CRITICAL
CryptoES < 2.1.0 - Use of a Broken or Risky Cryptographic Algorithm
Oct 25, 2023
CVSS 9.1
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV