npm
3,969 tracked vulnerabilities.
CVE-2023-46119
HIGH
Parse Server <5.5.6,6.3.1 - Info Disclosure
Oct 25, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-39619
HIGH
node_email_check 1.0.4 - Denial of Service via ReDos in scpSyntax Component
Oct 25, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-46298
HIGH
Next.js < 13.4.20-canary.13 - Denial of Service via CDN Cached Prefetch Responses
Oct 22, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-45819
MEDIUM
TinyMCE < 5.10.8 and 6.0.0-6.7.1 - Cross-Site Scripting via Notification Manager API
Oct 19, 2023
CVSS 6.1
EPSS 0.02
CVE-2023-45818
MEDIUM
TinyMCE < 5.10.8 and 6.0.0-6.7.1 - Stored Cross-Site Scripting via Undo/Redo HTML Mutation
Oct 19, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-45820
MEDIUM
Directus 10.4.0-10.6.1 - Denial of Service via Invalid WebSocket Frame
Oct 19, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-5654
MEDIUM
React Developer Tools <= 4.28.4 - Browser-Mediated Arbitrary URL Fetch
Oct 19, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-45811
HIGH
Synchrony < 2.4.4 - Prototype Pollution via LiteralMap Transformer
Oct 17, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-43794
MEDIUM
Nocodb < 0.111.0 - Authenticated SQL Injection via Crafted Payload
Oct 17, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-26155
HIGH
node-qpdf - OS Command Injection via encrypt() Method
Oct 14, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-45143
LOW
Undici < 5.26.2 - Cookie Header Leakage on Cross-Origin Redirects
Oct 12, 2023
CVSS 3.9
EPSS 0.00
CVE-2023-45133
CRITICAL
Babel traverse <7.23.2 and 8.0.0-alpha.4 - Code Execution via path.evaluate
Oct 12, 2023
CVSS 9.3
EPSS 0.00
CVE-2023-44400
MEDIUM
Uptime Kuma <1.23.3 - Privilege Escalation
Oct 09, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-45311
CRITICAL
fsevents < 1.2.11 - Remote Code Execution via Untrusted Binary Download URL
Oct 06, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-45282
HIGH
NASA Open MCT < 3.1.0 - Prototype Pollution via Import Action
Oct 06, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-26152
HIGH
static-server < 3.0.0 - Path Traversal via validPath Function
Oct 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-44270
MEDIUM
PostCSS < 8.4.31 - CSS Injection via Comment Parsing Bypass
Sep 29, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-4316
HIGH
zod 3.21.0-3.22.3 - Denial of Service via Email Validation
Sep 28, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-5217
HIGH
KEV
libvpx < 1.13.1 - Heap Buffer Overflow in VP8 Encoding
Sep 28, 2023
CVSS 8.8
EPSS 0.05
CVE-2023-26149
MEDIUM
quill-mention < 4.0.0 - Cross-Site Scripting via renderList Function
Sep 28, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-43646
HIGH
get-func-name < 2.0.1 - Denial of Service via Inefficient Regular Expression Complexity
Sep 27, 2023
CVSS 8.6
EPSS 0.01
CVE-2023-31719
CRITICAL
FUXA <= 1.1.12 - SQL Injection via /api/signin
Sep 22, 2023
CVSS 9.8
EPSS 0.65
CVE-2023-31718
HIGH
FUXA <= 1.1.12 - Local File Inclusion via /api/download
Sep 22, 2023
CVSS 7.5
EPSS 0.38
CVE-2023-31717
HIGH
FUXA <= 1.1.12 - SQL Injection
Sep 22, 2023
CVSS 7.5
EPSS 0.31
CVE-2023-42810
CRITICAL
systeminformation 5.0.0-5.21.6 - Command Injection via SSID Parameter
Sep 21, 2023
CVSS 9.8
EPSS 0.02
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters