npm

4,198 tracked vulnerabilities.

CVE-2024-43368 MEDIUM
Trix < 2.1.4 - Cross-Site Scripting via Malicious Paste Bypass
Aug 14, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-39338 HIGH
axios 1.3.2-1.7.3 - Server-Side Request Forgery via Path Relative URL Processing
Aug 12, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-42347 HIGH
matrix-react-sdk <3.105.0 - Info Disclosure
Aug 06, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-34344 HIGH
Nuxt 3.4.0-3.12.4 - Remote Code Execution via Test Component Path Parameter
Aug 05, 2024
CVSS 8.8
EPSS 0.01
CVE-2024-34343 MEDIUM
nuxt < 3.12.4 - Cross-Site Scripting via navigateTo URL Parsing Bypass
Aug 05, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-39713 HIGH NUCLEI
Rocket.Chat < 6.10.1 - Server-Side Request Forgery via Twilio Webhook Endpoint
Aug 05, 2024
CVSS 8.6
EPSS 0.03
CVE-2024-42461 CRITICAL
elliptic 6.5.6 - Improper Verification of Cryptographic Signature via BER-Encoded ECDSA Signatures
Aug 02, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-42460 MEDIUM
elliptic 2.0.0-6.5.6 - ECDSA Signature Malleability via Missing Leading Zero Check
Aug 02, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-42459 MEDIUM
elliptic 6.5.6 - Improper Verification of Cryptographic Signature via Missing EDDSA Length Check
Aug 02, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-41962 MEDIUM
Bostr < 3.0.10 - Improper Authorization via noscraper Bypass
Aug 01, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-41818 HIGH
fast-xml-parser >=4.3.5 <4.4.1 - Uncontrolled Resource Consumption via ReDOS in Currency Parser
Jul 29, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-6783 MEDIUM
Vue 2.0.0-2.7.15 - Cross-Site Scripting via Prototype Pollution
Jul 23, 2024
CVSS 4.8
EPSS 0.01
CVE-2024-41655 HIGH
tf2-item-format 4.2.6-5.9.13 - Regular Expression Denial of Service via Crafted User Input
Jul 23, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-6485 MEDIUM
Bootstrap 1.4.0-3.4.0 - Cross-Site Scripting via Button Plugin data-loading-text Attribute
Jul 11, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-39693 HIGH
Next.js 13.3.1-13.4.19 - Denial of Service via Resource Consumption
Jul 10, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-21526 HIGH
speaker - Denial of Service via Channels Property Assertion Failure
Jul 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21525 HIGH
node-twain - Buffer Overflow via Long Product Name or Manufacturer String
Jul 10, 2024
CVSS 8.3
EPSS 0.01
CVE-2024-21524 HIGH
node-stringbuilder < 2.2.7 - Out-of-bounds Read via ToBuffer, ToString, or CharAt
Jul 10, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-21523 HIGH
npm/images - Denial of Service via Unexpected Input Types
Jul 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21522 HIGH
audify - Denial of Service via Negative frameSize in OpusDecoder
Jul 10, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-39698 HIGH
electron-builder < 6.3.0 - Signature Validation Bypass via Environment Variable Expansion
Jul 09, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-38372 LOW
undici >=6.14.0 <6.19.2 - Information Exposure via response.arrayBuffer()
Jul 08, 2024
CVSS 2.0
EPSS 0.00
CVE-2024-39896 HIGH
Directus < 10.13.0 - User Enumeration via SSO Error Messages
Jul 08, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-39701 MEDIUM
Directus 9.23.0-10.5.3 - Improper Access Control via Empty Array Evaluation in _in and _nin Operators
Jul 08, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-39691 MEDIUM
matrix-appservice-irc < 2.0.1 - Information Disclosure via Homeserver Timestamp Manipulation
Jul 05, 2024
CVSS 4.3
EPSS 0.00