npm

3,969 tracked vulnerabilities.

CVE-2023-32314 CRITICAL
Vm2 < 3.9.18 - Injection
May 15, 2023
CVSS 9.8
EPSS 0.64
CVE-2023-32313 MEDIUM
Vm2 < 3.9.18 - Injection
May 15, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-2512 MEDIUM
cloudflare/workerd < 1.20230419.0 - Integer Overflow in FormData forEach Method
May 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-27564 HIGH
n8n < 0.216.1 - Information Disclosure
May 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-27563 HIGH
n8n <0.218.0 - Privilege Escalation
May 10, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-27562 MEDIUM
n8n < 0.216.1 - Path Traversal
May 10, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-26126 HIGH
m.static < 2.2.0 - Path Traversal via requestFile Function
May 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-31133 HIGH
Ghost < 5.46.1 - Exposure of Sensitive Information via Public API Filter Brute Force
May 08, 2023
CVSS 7.5
EPSS 0.07
CVE-2023-31125 MEDIUM
Engine.IO 5.1.0-6.4.1 - Denial of Service via Crafted HTTP Request
May 08, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-2583 CRITICAL
jsreport < 3.11.3 - Code Injection
May 08, 2023
CVSS 10.0
EPSS 0.00
CVE-2023-32235 HIGH NUCLEI
Ghost < 5.42.1 - Path Traversal via /assets/built%2F..%2F..%2F/
May 05, 2023
CVSS 7.5
EPSS 0.94
CVE-2023-30094 MEDIUM
TotalJS Flow v10 - Stored Cross-Site Scripting via Platform Name Field
May 04, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-2479 CRITICAL NUCLEI
appium-desktop < 1.22.3-4 - OS Command Injection
May 02, 2023
CVSS 9.8
EPSS 0.93
CVE-2023-29641 MEDIUM
editor.md < 1.5.0 - Cross-Site Scripting via Crafted Markdown Text
May 01, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-30846 CRITICAL
typed-rest-client < 1.8.0 - Credential Leak via Redirect Authorization Header
Apr 26, 2023
CVSS 9.1
EPSS 0.09
CVE-2023-30843 HIGH
Payload < 1.7.0 - Exposure of Sensitive Information via Hidden Field Brute Force
Apr 26, 2023
CVSS 7.4
EPSS 0.00
CVE-2023-30363 CRITICAL
vConsole < 3.15.1 - Prototype Pollution via setOptions in core.ts
Apr 26, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-30609 MEDIUM
matrix-react-sdk < 3.71.0 - HTML Injection in Search Results
Apr 25, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-29566 CRITICAL
dawnsparks-node-tesseract 0.4.0-0.4.1 - Remote Code Execution via child_process Function
Apr 24, 2023
CVSS 9.8
EPSS 0.04
CVE-2023-27848 CRITICAL
broccoli-compass 0.2.4 - Remote Code Execution via child_process Function
Apr 24, 2023
CVSS 9.8
EPSS 0.06
CVE-2023-2251 HIGH
eemeli/yaml <2.0.0-5 - Info Disclosure
Apr 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-30533 HIGH
SheetJS Community Edition < 0.19.3 - Prototype Pollution via Crafted File
Apr 24, 2023
CVSS 7.8
EPSS 0.09
CVE-2023-28131 CRITICAL
Expo SDK 45.0.0-47.9.9 - Unauthenticated Account Takeover via AuthSession Redirect Proxy
Apr 24, 2023
CVSS 9.6
EPSS 0.01
CVE-2023-30547 CRITICAL
Vm2 < 3.9.16 - Injection
Apr 17, 2023
CVSS 9.8
EPSS 0.85
CVE-2023-30548 MEDIUM
gatsby-plugin-sharp < 5.8.1 and < 4.25.1 - Path Traversal via Gatsby Develop Server
Apr 17, 2023
CVSS 4.3
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV