npm
4,198 tracked vulnerabilities.
CVE-2024-39943
CRITICAL
rejetto HFS < 0.52.10 - Authenticated OS Command Injection via df Command Execution
Jul 04, 2024
CVSS 9.9
EPSS 0.48
CVE-2024-39309
CRITICAL
Parse Server < 6.5.7 and 7.0.0-7.1.0 - SQL Injection via PostgreSQL Configuration
Jul 01, 2024
CVSS 9.8
EPSS 0.20
CVE-2024-37146
MEDIUM
Flowise < 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via /api/v1/credentials/id Endpoint
Jul 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37145
MEDIUM
Flowise < 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via Chatflow ID Parameter
Jul 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-36423
MEDIUM
Flowise < 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via Public Chatflows Endpoint
Jul 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-36422
MEDIUM
Flowise 1.4.3 - Unauthenticated Reflected Cross-Site Scripting via Chatflow ID Parameter
Jul 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-36421
HIGH
Flowise 1.4.3 - Unauthenticated Origin Validation Error via CORS Misconfiguration
Jul 01, 2024
CVSS 7.5
EPSS 0.06
CVE-2024-36420
HIGH
NUCLEI
Flowise 1.4.3 - Arbitrary File Read via OpenAI Assistants File Endpoint
Jul 01, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-39008
CRITICAL
fast-loops < 1.1.4 - Prototype Pollution via objectMergeDeep Function
Jul 01, 2024
CVSS 10.0
EPSS 0.01
CVE-2024-39001
MEDIUM
ag-grid < 31.3.4 - Prototype Pollution via _ModuleSupport.jsonApply
Jul 01, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-38999
CRITICAL
requirejs < 2.3.7 - Prototype Pollution via s.contexts._.configure Function
Jul 01, 2024
CVSS 10.0
EPSS 0.01
CVE-2024-38996
CRITICAL
ag-grid < 31.3.4 - Prototype Pollution via _.mergeDeep Function
Jul 01, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-38993
CRITICAL
jsonic - Prototype Pollution via empty Function
Jul 01, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-38357
MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38356
MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38355
HIGH
Socket.IO < 2.5.1 and 3.0.0-4.6.2 - Denial of Service via Crafted Packet
Jun 19, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-37890
HIGH
NPM WS < 5.2.4 - NULL Pointer Dereference
Jun 17, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-37182
MEDIUM
Mattermost Desktop App <=5.7.0 - RCE
Jun 14, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-36287
LOW
Mattermost Desktop App <=5.7.0 - Auth Bypass
Jun 14, 2024
CVSS 3.8
EPSS 0.00
CVE-2024-37629
MEDIUM
summernote v0.9.1 - Cross-Site Scripting via Code View Function
Jun 12, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-37166
HIGH
ghtml < 2.0.0 - Cross-Site Scripting via Tagged Template Injection
Jun 10, 2024
CVSS 8.9
EPSS 0.00
CVE-2024-5389
HIGH
lunary < 1.4.9 - Insufficient Granularity of Access Control for Dataset Prompts
Jun 09, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-4146
CRITICAL
lunary < 1.2.26 - Incorrect Authorization in checkProjectAccess Method
Jun 08, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-37162
MEDIUM
zsa < 0.3.3 - Sensitive Information Exposure via Production Parse Error Stack
Jun 07, 2024
CVSS 4.0
EPSS 0.00
CVE-2024-5478
MEDIUM
lunary 1.2.7 - Stored Cross-Site Scripting via SAML Metadata Endpoint orgId Parameter
Jun 06, 2024
CVSS 6.1
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters