npm
4,198 tracked vulnerabilities.
CVE-2024-21489
HIGH
uplot < 1.6.31 - Prototype Pollution via uplot.assign Function
Oct 01, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-47178
MEDIUM
basic-auth-connect <1.1.0 - Info Disclosure
Sep 30, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-9283
LOW
RelaxedJS ReLaXed <= 0.2.2 - Cross-Site Scripting in Pug to PDF Converter
Sep 27, 2024
CVSS 3.3
EPSS 0.00
CVE-2024-47171
MEDIUM
agnai < 1.0.330 - Path Traversal and Arbitrary File Write via Image Upload
Sep 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-47170
MEDIUM
agnai < 1.0.330 - Path Traversal via JSON Storage
Sep 26, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-47169
HIGH
agnai < 1.0.330 - Unauthenticated Arbitrary File Write via Path Traversal
Sep 26, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-47075
MEDIUM
layui < 2.9.17 - Cross-Site Scripting via DOM Clobbering
Sep 26, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-46488
MEDIUM
sqlite-vec 0.1.1 - Heap-based Buffer Overflow via npy_token_next
Sep 25, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-45613
MEDIUM
CKEditor 5 40.0.0-43.1.1 - Cross-Site Scripting via Clipboard Package with Block Toolbar
Sep 25, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-9148
CRITICAL
Flowise < 2.1.1 - Stored Cross-Site Scripting in Chat Embed
Sep 25, 2024
CVSS 9.6
EPSS 0.01
CVE-2024-47068
MEDIUM
Rollup <2.79.2, <3.29.5, <4.22.4 - XSS
Sep 23, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-46990
MEDIUM
Directus < 10.13.3 - Improper Access Control via Loopback Device Bypass
Sep 18, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-45813
MEDIUM
find-my-way 5.5.0-8.2.1 and 9.0.0 - Denial of Service via Inefficient Regular Expression
Sep 18, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-46982
HIGH
Next.js 13.5.1-13.5.6 and 14.2.1-14.2.9 - Cache Poisoning via Crafted HTTP Request
Sep 17, 2024
CVSS 7.5
EPSS 0.59
CVE-2024-45812
MEDIUM
Vite 3.2.11-4.5.5, 5.0.0-5.2.14, 5.3.0-5.3.6, 5.4.0-5.4.6 - XSS via DOM Clobbering in cjs/iife/umd
Sep 17, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-45811
MEDIUM
Vite 5.4.0-5.4.5, 5.3.0-5.3.5, 5.0.0-5.2.13, 4.0.0-4.5.4, < 3.2.11 - Unauthenticated Arbitrary File Read via @fs Bypass
Sep 17, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-45801
HIGH
DOMPurify < 2.5.4 - Cross-Site Scripting Bypass via Depth Check Evasion
Sep 16, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-45835
LOW
Mattermost Desktop App <=5.8.0 - Info Disclosure
Sep 16, 2024
CVSS 2.5
EPSS 0.00
CVE-2024-39772
LOW
Mattermost Desktop App <=5.8.0 - Unauthenticated Screen Capture via JavaScript APIs
Sep 16, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-39613
MEDIUM
Mattermost Desktop App <=5.8.0 - Uncontrolled Search Path Element via cmd.exe
Sep 16, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-6867
MEDIUM
lunary-ai/lunary <a761d833 - Info Disclosure
Sep 13, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-6862
HIGH
lunary < 1.4.10 - Cross-Site Request Forgery via Overly Permissive CORS Settings
Sep 13, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-6582
MEDIUM
lunary < 1.4.9 - Unauthenticated Identity Provider Settings Update
Sep 13, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-6087
MEDIUM
lunary < 1.4.9 - Unauthenticated Account Takeover via Invite Token Reuse
Sep 13, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-45607
MEDIUM
whatsapp-api-js 4.0.0-4.0.2 - Improper Verification of Cryptographic Signature in verifyRequestSignature
Sep 12, 2024
CVSS 5.8
EPSS 0.14
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters