npm
4,198 tracked vulnerabilities.
CVE-2024-21529
HIGH
dset < 3.1.4 - Prototype Pollution via __proto__ Property Injection
Sep 11, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-45596
HIGH
Directus < 10.13.3 - Unauthenticated Credential Exposure via OpenID/OAuth2 Redirect Cache
Sep 10, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-45590
HIGH
body-parser < 1.20.3 - Denial of Service via URL Encoding
Sep 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-43800
MEDIUM
serve-static < 1.16.0 - Cross-Site Scripting via Unsanitized User Input in redirect()
Sep 10, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-43799
MEDIUM
send < 0.19.0 - Cross-Site Scripting via SendStream.redirect()
Sep 10, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-43796
MEDIUM
Express < 4.20.0 - Cross-Site Scripting via response.redirect()
Sep 10, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-21528
MEDIUM
node-gettext - Prototype Pollution via addTranslations() Function
Sep 10, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-45296
HIGH
path-to-regexp < 1.9.0 and >= 0.2.0 - Denial of Service via Inefficient Regular Expression
Sep 09, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-8373
MEDIUM
AngularJS - Content Spoofing via Improper Sanitization of srcset Attribute
Sep 09, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-8372
MEDIUM
AngularJS >=1.3.0-rc.4 - Content Spoofing
Sep 09, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-45389
MEDIUM
Pagefind < 1.1.1 - Cross-Site Scripting via document.currentScript.src Clobbering
Sep 03, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-45047
MEDIUM
svelte < 4.2.19 - Cross-Site Scripting via noscript Attribute Injection
Aug 30, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-45037
MEDIUM
AWS Cloud Development Kit 2.142.0-2.148.0 - Incorrect Authorization via RestApi Construct with CognitoUserPoolAuthorizer
Aug 27, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-43788
MEDIUM
webpack < 5.94.0 - Cross-Site Scripting via DOM Clobbering in AutoPublicPathRuntimeModule
Aug 27, 2024
CVSS 6.4
EPSS 0.01
CVE-2024-8182
HIGH
Flowise 1.8.2 - Unauthenticated Denial of Service via API Upload File Endpoint
Aug 27, 2024
CVSS 7.5
EPSS 0.14
CVE-2024-8181
CRITICAL
NUCLEI
Flowise 1.8.2 - Unauthenticated Authentication Bypass
Aug 27, 2024
CVSS 9.8
EPSS 0.43
CVE-2024-43787
MEDIUM
Hono < 4.5.8 - Cross-Site Request Forgery Bypass via Crafted Content-Type Header
Aug 22, 2024
CVSS 5.0
EPSS 0.00
CVE-2024-40453
CRITICAL
squirrellyjs <9.0.0 - Code Injection
Aug 21, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-43411
LOW
CKEditor4 4.22.0-4.25.0 - Cross-Site Scripting via Version Notification Feature
Aug 21, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-43407
MEDIUM
CKEditor4 < 4.25.0 - Reflected Cross-Site Scripting via GeSHi Code Snippet Plugin
Aug 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-43409
MEDIUM
Ghost 4.46.0-5.89.4 - Improper Access Control
Aug 20, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-42369
MEDIUM
matrix-js-sdk < 34.3.1 - Denial of Service via Cyclic Room Structure
Aug 20, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-43370
HIGH
gettext.js < 2.0.3 - Cross-Site Scripting via Corrupted .po Dictionary Files
Aug 16, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-43373
HIGH
webcrack < 2.14.1 - Arbitrary File Write via Unpack Bundles Feature
Aug 15, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-6534
MEDIUM
Directus v10.13.0 - Privilege Escalation
Aug 15, 2024
CVSS 4.3
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters