npm

3,969 tracked vulnerabilities.

CVE-2023-37298 MEDIUM
Joplin < 2.11.5 - Cross-Site Scripting via SVG USE Element
Jun 30, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-26135 HIGH
flatnest - Prototype Pollution via nest() Function
Jun 30, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-36475 CRITICAL
Parse Server < 5.5.2 - Remote Code Execution via Prototype Pollution
Jun 28, 2023
CVSS 9.8
EPSS 0.10
CVE-2023-26134 CRITICAL
git-commit-info <2.0.2 - Command Injection
Jun 28, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-35165 MEDIUM
AWS Cloud Development Kit 1.57.0-1.202.0 and 2.0.0-2.80.0 - Incorrect Authorization via Overly Permissive Trust Policy
Jun 23, 2023
CVSS 6.6
EPSS 0.00
CVE-2023-35931 LOW
shescape < 1.7.1 - Cleartext Storage of Sensitive Information in Environment Variable
Jun 23, 2023
CVSS 3.1
EPSS 0.00
CVE-2023-35167 MEDIUM
remult < 0.20.6 - Improper Access Control via apiPrefilter Function
Jun 23, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-26115 MEDIUM
word-wrap < 1.2.4 - Regular Expression Denial of Service via Insecure Regular Expression
Jun 22, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-3224 CRITICAL
nuxt 3.4.0-3.4.3 - Code Injection
Jun 13, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-26133 HIGH
progressbar.js < 1.1.1 - Prototype Pollution via extend() Function
Jun 12, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-26132 HIGH
Package dottie <2.0.4 - Info Disclosure
Jun 10, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-34232 HIGH
snowflake-connector-nodejs < 1.6.21 - Command Injection via SSO Browser URL Authentication
Jun 08, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-34238 MEDIUM
Gatsby < 4.25.7 - Local File Inclusion via __file-code-frame and __original-stack-frame Paths
Jun 08, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-34104 HIGH
fast-xml-parser < 4.2.4 - Denial of Service via Crafted Entity Name Regex
Jun 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-34092 HIGH NUCLEI
Vite <2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, 4.3.9 - Auth Bypass
Jun 01, 2023
CVSS 7.5
EPSS 0.51
CVE-2023-32689 MEDIUM
Parse Server < 5.4.4 - Unrestricted HTML File Upload via Public API
May 30, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-2968 HIGH
proxy_project proxy - Denial of Service via socket.remoteAddress TypeError
May 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32695 HIGH
socket.io-parser 3.4.0-3.4.2 and 4.0.4-4.2.2 - Denial of Service via Crafted Socket.IO Packet
May 27, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-26129 HIGH
bwm-ng - OS Command Injection in check Function
May 27, 2023
CVSS 8.4
EPSS 0.00
CVE-2023-26128 HIGH
keep-module-latest - Command Injection
May 27, 2023
CVSS 8.4
EPSS 0.00
CVE-2023-26127 HIGH
n158 - OS Command Injection via Improper Input Sanitization in module.exports
May 27, 2023
CVSS 7.8
EPSS 0.00
CVE-2023-32688 MEDIUM
parse-server-push-adapter < 4.1.3 - Denial of Service via Invalid Push Notification Payload
May 27, 2023
CVSS 4.9
EPSS 0.00
CVE-2023-32325 MEDIUM
posthog-js < 1.57.2 - Cross-Site Scripting
May 27, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-33187 MEDIUM
highlight < 6.0.0 - Cleartext Transmission of Sensitive Information via Password Input Type Switch
May 26, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33252 HIGH
snarkjs < 0.6.11 - Missing Authorization via Public Signals Length Validation
May 21, 2023
CVSS 7.5
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV