npm

3,969 tracked vulnerabilities.

CVE-2023-5104 MEDIUM
nocodb/nocodb <0.96.0 - Info Disclosure
Sep 21, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-26144 MEDIUM
graphql 16.3.0-16.8.1 - Denial of Service via Large Query Parsing
Sep 20, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-26143 MEDIUM
blamer < 1.0.4 - Arbitrary Argument Injection via blameByFile API
Sep 19, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-42399 MEDIUM
Xdsoft Joditeditor - XSS
Sep 19, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-41592 MEDIUM
Froala Editor 4.0.1-4.1.1 - Cross-Site Scripting
Sep 14, 2023
CVSS 5.4
EPSS 0.02
CVE-2023-4863 HIGH KEV
Google Chrome <116.0.5845.187 - Buffer Overflow
Sep 12, 2023
CVSS 8.8
EPSS 0.93
CVE-2023-39584 HIGH
hexo < 7.2.0 - Arbitrary File Read via include_code Tag
Sep 08, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-41646 MEDIUM
Buttercup v2.20.3 - Info Disclosure
Sep 07, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-39956 MEDIUM
Electron < 22.3.9 - Code Injection via Attacker-Controlled Working Directory
Sep 06, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-29198 MEDIUM
Electron - Context Isolation Bypass
Sep 06, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-23623 HIGH
Electron 22.0.0-beta.1-22.0.0 - Always-Incorrect Control Flow Implementation via Disabled Sandbox
Sep 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41058 HIGH
Parse Server < 5.5.5 - Always-Incorrect Control Flow Implementation in beforeFind Trigger
Sep 04, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-40582 CRITICAL
find-exec <1.0.3 - Command Injection
Aug 30, 2023
CVSS 9.8
EPSS 0.07
CVE-2023-39663 HIGH
MathJax < 2.7.9 - Regular Expression Denial of Service via Pattern Matching
Aug 29, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-41037 MEDIUM
OpenPGP.js <5.9.0 - Info Disclosure
Aug 29, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40185 MEDIUM
Shescape <1.7.4 - Privilege Escalation
Aug 23, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-39141 HIGH NUCLEI
ziahamza/webui-aria2 - Path Traversal via Node Server File Handling
Aug 22, 2023
CVSS 7.5
EPSS 0.86
CVE-2023-3481 MEDIUM
Critters 0.0.17-0.0.19 - Cross-Site Scripting in HTML Parser
Aug 21, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-38894 CRITICAL
tree-kit < 0.7.4 - Prototype Pollution via extend Function
Aug 16, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-40028 MEDIUM
Ghost < 5.59.1 - Authenticated Arbitrary File Read via Symlink Upload
Aug 15, 2023
CVSS 4.9
EPSS 0.78
CVE-2023-40013 HIGH
svg_loader < 1.6.9 - Cross-Site Scripting via Incomplete Event Attribute Sanitization
Aug 14, 2023
CVSS 7.1
EPSS 0.00
CVE-2023-38687 MEDIUM
svelecte < 3.16.3 - Stored Cross-Site Scripting via Item Name Rendering
Aug 14, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-39532 CRITICAL
SES 0.13.0-0.18.7 Arbitrary Code Execution via Dynamic Import Spread Operator
Aug 08, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-38704 HIGH
import-in-the-middle < 1.4.2 - Remote Code Execution via User-Supplied Input to import()
Aug 07, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-38700 LOW
Matrix App Service IRC <1.0.1 - Info Disclosure
Aug 04, 2023
CVSS 3.5
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV