npm
4,198 tracked vulnerabilities.
CVE-2024-25355
HIGH
s3-url-parser 1.0.3 - Denial of Service via Regexes Component
May 01, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-31621
HIGH
NUCLEI
Flowise < 1.6.5 - Remote Code Execution via API v1 Component
Apr 29, 2024
CVSS 7.6
EPSS 0.60
CVE-2024-33883
MEDIUM
ejs < 3.1.10 - Protection Mechanism Failure
Apr 28, 2024
CVSS 4.0
EPSS 0.01
CVE-2024-33669
MEDIUM
Passbolt Browser Extension < 4.6.2 - Password Information Leak via HaveIBeenPwned API Requests
Apr 26, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-32869
MEDIUM
Hono < 4.2.7 - Path Traversal via serveStatic in Deno
Apr 23, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-21511
CRITICAL
mysql2 < 3.9.7 - Arbitrary Code Injection via Timezone Parameter
Apr 23, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-32000
MEDIUM
matrix-appservice-irc <2.0.0 - Info Disclosure
Apr 12, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-21508
CRITICAL
mysql2 < 3.9.4 - Remote Code Execution via readCodeFor Function
Apr 11, 2024
CVSS 9.8
EPSS 0.03
CVE-2024-29504
HIGH
Summernote < 0.8.18 - Cross-Site Scripting via Codeview Parameter
Apr 10, 2024
CVSS 7.6
EPSS 0.01
CVE-2024-21509
MEDIUM
sidorares/mysql2 < 3.9.4 - Prototype Pollution via Insecure Results Object Creation
Apr 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-21507
MEDIUM
mysql2 < 3.9.3 - Cache Poisoning via KeyFromFields Colon Injection
Apr 10, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-31454
MEDIUM
PsiTransfer < 2.2.0 - Unauthenticated File Upload and Integrity Violation via File Distribution Endpoint
Apr 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-31453
MEDIUM
PsiTransfer < 2.2.0 - Unrestricted File Upload via File Distribution Endpoint
Apr 09, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-27448
CRITICAL
maildev 2.0.0-beta1-2.1.0 - Remote Code Execution via Crafted Content-ID Header
Apr 05, 2024
CVSS 9.1
EPSS 0.01
CVE-2024-22363
HIGH
SheetJS Community Edition <0.20.2 - DoS
Apr 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-31206
HIGH
dectalk-tts <1.0.1 - Info Disclosure
Apr 04, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-31207
MEDIUM
NPM Vite < 2.9.18 - Information Disclosure
Apr 04, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-30260
LOW
undici < 5.28.4 - Improper Authorization via Uncleared Headers in undici.request()
Apr 04, 2024
CVSS 3.9
EPSS 0.01
CVE-2024-30261
LOW
Undici < 5.28.4 - Improper Access Control via Integrity Option Tampering
Apr 04, 2024
CVSS 2.6
EPSS 0.01
CVE-2024-29316
MEDIUM
NodeBB 3.6.7 - Privilege Escalation
Mar 28, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-25354
HIGH
domain-suffix 1.0.8 - Denial of Service via parse Function
Mar 27, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-29881
MEDIUM
TinyMCE < 6.8.1 and 7.0.0 - Cross-Site Scripting via SVG in Object or Embed Elements
Mar 26, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-29203
MEDIUM
TinyMCE < 6.8.1 - Cross-Site Scripting via Iframe Element Insertion
Mar 26, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-29041
MEDIUM
Express.js < 4.19.2 - Open Redirect via Malformed URL Bypass
Mar 25, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-28246
MEDIUM
KaTeX 0.11.0-0.16.9 - Cross-Site Scripting via Uppercase Protocol Bypass
Mar 25, 2024
CVSS 5.5
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters