npm
4,198 tracked vulnerabilities.
CVE-2024-36128
HIGH
Directus < 10.11.2 - Denial of Service via Random String Generation Utility
Jun 03, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-36120
HIGH
javascript-deobfuscator <1.1.0 - RCE
May 31, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-21512
HIGH
mysql2 < 3.9.8 - Prototype Pollution via nestTables Input
May 29, 2024
CVSS 8.2
EPSS 0.03
CVE-2024-29415
HIGH
NUCLEI
Node ip package <=2.0.1 - Server-Side Request Forgery via IP Misclassification
May 27, 2024
CVSS 8.1
EPSS 0.08
CVE-2024-36361
MEDIUM
Pug <=3.0.2 - Code Execution via Untrusted Template Name Option
May 24, 2024
CVSS 6.8
EPSS 0.00
CVE-2024-34273
MEDIUM
njwt < 2.0.1 - Prototype Pollution via Parser.prototype.parse Method
May 16, 2024
CVSS 5.9
EPSS 0.00
CVE-2024-4367
HIGH
Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check
May 14, 2024
CVSS 8.8
EPSS 0.73
CVE-2024-34712
MEDIUM
Oceanic.js < 1.10.4 - Path Traversal via Unencoded API Endpoint Input
May 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-34243
MEDIUM
Konga 0.14.9 - Cross-Site Scripting via Username Parameter
May 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4068
HIGH
braces < 3.0.3 - Denial of Service via Imbalanced Braces Input
May 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-4067
MEDIUM
micromatch < 4.0.8 - Regular Expression Denial of Service via Greedy Pattern Matching
May 14, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-34709
MEDIUM
Directus < 10.11.0 - Insufficient Session Expiration via JWT Token
May 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-34708
MEDIUM
Directus < 10.11.0 - Exposure of Sensitive Information via Alias Parameter
May 14, 2024
CVSS 4.9
EPSS 0.01
CVE-2024-34351
HIGH
NUCLEI
Next.js 13.4.0-14.1.1 - Server-Side Request Forgery via Server Actions Redirect
May 14, 2024
CVSS 7.5
EPSS 0.05
CVE-2024-34350
HIGH
Next.js 13.4.0-13.5.0 - HTTP Request Smuggling via Rewrites Feature
May 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-34341
MEDIUM
Trix < 2.1.1 - Stored Cross-Site Scripting via Pasting Malicious Markup
May 07, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-34342
HIGH
react-pdf <7.7.3 and 8.0.0-8.0.2 - PDF.js JavaScript Execution
May 07, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-34075
MEDIUM
kurwov 3.1.0-3.2.5 - Denial of Service via MarkovData#getNext Sanitization Bypass
May 03, 2024
CVSS 6.2
EPSS 0.00
CVE-2024-34449
MEDIUM
Vditor 3.10.3 - Cross-Site Scripting via A Element Attribute
May 03, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-34394
HIGH
libxmljs2 - Remote Code Execution via namespaces Type Confusion
May 02, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-34393
HIGH
libxmljs2 - Type Confusion via attrs() Function on Parsed Node
May 02, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-34392
HIGH
libxmljs - Remote Code Execution via namespaces Type Confusion
May 02, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-34391
HIGH
libxmljs - Code Execution via attrs Type Confusion
May 02, 2024
CVSS 8.1
EPSS 0.01
CVE-2024-4128
LOW
Firebase Command Line Interface < 13.6.0 - Cross-Site Request Forgery via Export Endpoint
May 02, 2024
CVSS 2.6
EPSS 0.00
CVE-2024-32962
CRITICAL
xml-crypto 4.0.0-5.9.9 - Improper Verification of Cryptographic Signature via KeyInfo Element
May 02, 2024
CVSS 10.0
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters