npm
4,198 tracked vulnerabilities.
CVE-2024-43368
MEDIUM
Trix < 2.1.4 - Cross-Site Scripting via Malicious Paste Bypass
Aug 14, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-39338
HIGH
axios 1.3.2-1.7.3 - Server-Side Request Forgery via Path Relative URL Processing
Aug 12, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-42347
HIGH
matrix-react-sdk <3.105.0 - Info Disclosure
Aug 06, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-34344
HIGH
Nuxt 3.4.0-3.12.4 - Remote Code Execution via Test Component Path Parameter
Aug 05, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-34343
MEDIUM
nuxt < 3.12.4 - Cross-Site Scripting via navigateTo URL Parsing Bypass
Aug 05, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-39713
HIGH
NUCLEI
Rocket.Chat < 6.10.1 - Server-Side Request Forgery via Twilio Webhook Endpoint
Aug 05, 2024
CVSS 8.6
EPSS 0.03
CVE-2024-42461
CRITICAL
elliptic 6.5.6 - Improper Verification of Cryptographic Signature via BER-Encoded ECDSA Signatures
Aug 02, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-42460
MEDIUM
elliptic 2.0.0-6.5.6 - ECDSA Signature Malleability via Missing Leading Zero Check
Aug 02, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-42459
MEDIUM
elliptic 6.5.6 - Improper Verification of Cryptographic Signature via Missing EDDSA Length Check
Aug 02, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-41962
MEDIUM
Bostr < 3.0.10 - Improper Authorization via noscraper Bypass
Aug 01, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-41818
HIGH
fast-xml-parser >=4.3.5 <4.4.1 - Uncontrolled Resource Consumption via ReDOS in Currency Parser
Jul 29, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-6783
MEDIUM
Vue 2.0.0-2.7.15 - Cross-Site Scripting via Prototype Pollution
Jul 23, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-41655
HIGH
tf2-item-format 4.2.6-5.9.13 - Regular Expression Denial of Service via Crafted User Input
Jul 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-6485
MEDIUM
Bootstrap 1.4.0-3.4.0 - Cross-Site Scripting via Button Plugin data-loading-text Attribute
Jul 11, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-39693
HIGH
Next.js 13.3.1-13.4.19 - Denial of Service via Resource Consumption
Jul 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-21526
HIGH
speaker - Denial of Service via Channels Property Assertion Failure
Jul 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21525
HIGH
node-twain - Buffer Overflow via Long Product Name or Manufacturer String
Jul 10, 2024
CVSS 8.3
EPSS 0.01
CVE-2024-21524
HIGH
node-stringbuilder < 2.2.7 - Out-of-bounds Read via ToBuffer, ToString, or CharAt
Jul 10, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-21523
HIGH
npm/images - Denial of Service via Unexpected Input Types
Jul 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21522
HIGH
audify - Denial of Service via Negative frameSize in OpusDecoder
Jul 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-39698
HIGH
electron-builder < 6.3.0 - Signature Validation Bypass via Environment Variable Expansion
Jul 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-38372
LOW
undici >=6.14.0 <6.19.2 - Information Exposure via response.arrayBuffer()
Jul 08, 2024
CVSS 2.0
EPSS 0.00
CVE-2024-39896
HIGH
Directus < 10.13.0 - User Enumeration via SSO Error Messages
Jul 08, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-39701
MEDIUM
Directus 9.23.0-10.5.3 - Improper Access Control via Empty Array Evaluation in _in and _nin Operators
Jul 08, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-39691
MEDIUM
matrix-appservice-irc < 2.0.1 - Information Disclosure via Homeserver Timestamp Manipulation
Jul 05, 2024
CVSS 4.3
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters