npm
4,198 tracked vulnerabilities.
CVE-2024-28245
MEDIUM
KaTeX 0.11.0-0.16.9 - Cross-Site Scripting via \\includegraphics
Mar 25, 2024
CVSS 6.3
EPSS 0.00
CVE-2024-28244
MEDIUM
KaTeX 0.15.4-0.16.9 - Denial of Service via Unicode Subscript/Superscript Bypass
Mar 25, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-28243
MEDIUM
KaTeX 0.1.0-0.16.9 - Denial of Service via \edef Recursion Bypass
Mar 25, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-21505
HIGH
web3-utils < 4.2.1 - Prototype Pollution via Format and MergeDeep Utility Functions
Mar 25, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-29042
MEDIUM
francisco/translate < 3.0.0 - Cache Poisoning via opt.id Parameter
Mar 22, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-29272
MEDIUM
NUCLEI
VvvebJs < 1.7.5 - Arbitrary File Upload
Mar 22, 2024
CVSS 6.5
EPSS 0.09
CVE-2024-29271
MEDIUM
vvvebjs < 1.7.7 - Reflected Cross-Site Scripting via save.php Action Parameter
Mar 22, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-28863
MEDIUM
node-tar < 6.2.1 - Denial of Service via Excessive Sub-Folder Creation
Mar 21, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-29180
HIGH
Webpack-dev-middleware <7.1.0, 6.1.2, 5.3.4 - Info Disclosure
Mar 21, 2024
CVSS 7.4
EPSS 0.01
CVE-2024-28635
MEDIUM
SurveyJS Survey Creator < 1.9.132 - Cross-Site Scripting via Form Title Parameter
Mar 21, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-27927
MEDIUM
RSSHub <1.0.0-master.a429472 - Server-Side Request Forgery via Arbitrary HTTP Fetch
Mar 21, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-27926
MEDIUM
RSSHub 1.0.0-master.cbbd829-1.0.0-master.d8ca915 - Cross-Site Scripting via Media Proxy
Mar 21, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-29027
CRITICAL
Parse Server < 6.5.5 - Remote Code Execution via Cloud Function or Job Name Injection
Mar 19, 2024
CVSS 9.0
EPSS 0.01
CVE-2024-28849
MEDIUM
follow-redirects < 1.15.6 - Exposure of Sensitive Information via Proxy-Authentication Header
Mar 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-28239
MEDIUM
Directus < 10.10.0 - Open Redirect via Auth API Redirect Parameter
Mar 12, 2024
CVSS 5.4
EPSS 0.01
CVE-2024-28238
LOW
Directus < 10.10.0 - Session Token Exposure via /files URL Parameter
Mar 12, 2024
CVSS 2.3
EPSS 0.00
CVE-2024-28121
HIGH
Stimulus Reflex < 3.4.2/3.5.0.rc4 - Unsafe Reflex Method Invocation
Mar 12, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-28176
MEDIUM
jose < 2.0.7 and 3.0.0-4.15.4 - Uncontrolled Resource Consumption in JWE Decryption
Mar 09, 2024
CVSS 4.9
EPSS 0.02
CVE-2024-27307
CRITICAL
JSONata <1.8.7, >1.4.0 & <2.0.4 - RCE
Mar 06, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-27303
HIGH
electron-builder <24.13.2 - Command Injection
Mar 06, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-25865
MEDIUM
hexo-theme-anzhiyu 1.6.12 - Cross-Site Scripting via Algolia Search Function
Mar 02, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-27298
CRITICAL
Parse Server <6.5.0, <7.0.0-alpha.20 - SQL Injection
Mar 01, 2024
CVSS 10.0
EPSS 0.01
CVE-2024-27296
MEDIUM
Directus < 10.8.3 - Unauthenticated Sensitive Information Exposure via Compiled JS Bundles
Mar 01, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-27295
HIGH
Directus < 10.8.3 - Password Reset Token Hijacking via Accent-Insensitive Email Comparison
Mar 01, 2024
CVSS 8.2
EPSS 0.01
CVE-2024-22891
CRITICAL
nteract 0.28.0 - Remote Code Execution via Markdown Link
Mar 01, 2024
CVSS 9.8
EPSS 0.02
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters