npm
3,969 tracked vulnerabilities.
CVE-2023-38691
MEDIUM
matrix-appservice-bridge <8.1.2,9.0.1 - Open Redirect
Aug 04, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-38690
MEDIUM
matrix-appservice-irc <1.0.1 - Command Injection
Aug 04, 2023
CVSS 5.8
EPSS 0.00
CVE-2023-3348
MEDIUM
Wrangler <=3.1.0/2.20.1 - Path Traversal
Aug 03, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-37478
HIGH
pnpm < 7.33.4 - Improper Access Control via Tarball Parsing
Aug 01, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-26139
HIGH
underscore-keypath <0.0.11 - Prototype Pollution
Aug 01, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-38504
HIGH
Sails < 1.5.7 - Denial of Service via Virtual Request
Jul 27, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-38503
MEDIUM
Directus 10.3.0-10.5.0 - Unauthorized Data Exposure via GraphQL Subscription Permission Bypass
Jul 25, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-2850
MEDIUM
NodeBB < 2.8.13 and 3.0.0-3.1.3 - Cross-Site WebSocket Hijacking via Missing Origin Validation
Jul 25, 2023
CVSS 4.7
EPSS 0.00
CVE-2023-26045
CRITICAL
NodeBB 2.5.0-2.8.6 - Remote Code Execution via User Export Path Traversal
Jul 24, 2023
CVSS 10.0
EPSS 0.01
CVE-2023-37905
MEDIUM
ckeditor-wordcount-plugin < 1.17.12 - Cross-Site Scripting via Source Code Mode Switch
Jul 21, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-37903
CRITICAL
Vm2 < 3.9.19 - OS Command Injection
Jul 21, 2023
CVSS 9.8
EPSS 0.37
CVE-2023-37259
MEDIUM
matrix-react-sdk 3.32.0-3.75.0 - Stored Cross-Site Scripting via Export Chat Feature
Jul 18, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-3696
CRITICAL
mongoose < 5.13.20 and 7.0.0-7.3.3 - Prototype Pollution
Jul 17, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-3691
LOW
layui < 2.8.0 - Cross-Site Scripting via Title Attribute
Jul 16, 2023
CVSS 3.5
EPSS 0.00
CVE-2023-2507
CRITICAL
CleverTap Cordova Plugin < 2.7.0 - Remote Code Execution via Deeplink
Jul 15, 2023
CVSS 9.3
EPSS 0.00
CVE-2023-3672
MEDIUM
plaidweb webmention.js < 0.5.5 - DOM-based Cross-Site Scripting
Jul 14, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-37466
CRITICAL
Vm2 < 3.9.19 - Code Injection
Jul 14, 2023
CVSS 9.8
EPSS 0.05
CVE-2023-3620
MEDIUM
GitHub amauric/tarteaucitron.js <1.13.1 - XSS
Jul 11, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-36822
MEDIUM
Uptime Kuma <1.22.1 - Path Traversal
Jul 05, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-36821
HIGH
Uptime Kuma <1.22.1 - Authenticated RCE
Jul 05, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-36665
CRITICAL
protobuf.js <7.2.5 - Prototype Pollution
Jul 05, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-26136
MEDIUM
Tough-Cookie <4.1.3 - Prototype Pollution
Jul 01, 2023
CVSS 6.5
EPSS 0.06
CVE-2023-30589
HIGH
Node.js 16.0.0-16.20.1 - HTTP Request Smuggling via CR Delimiter in llhttp Parser
Jul 01, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-34840
MEDIUM
angular-ui-notification < 0.3.6 - Stored Cross-Site Scripting
Jun 30, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-37299
MEDIUM
Joplin < 2.11.5 - Cross-Site Scripting via Image Map AREA Element
Jun 30, 2023
CVSS 6.1
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters