npm

3,969 tracked vulnerabilities.

CVE-2023-29529 MEDIUM
matrix-js-sdk < 24.1.0 - Unauthenticated Eavesdropping via MSC3401 Group Call Implementation
Apr 14, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-29199 CRITICAL
vm2 <3.9.15 - Remote Code Execution
Apr 14, 2023
CVSS 9.8
EPSS 0.31
CVE-2023-26122 HIGH
safe-eval < 0.4.1 - Sandbox Bypass via Prototype Pollution
Apr 11, 2023
CVSS 8.8
EPSS 0.08
CVE-2023-26121 HIGH
safe-eval < 0.4.1 - Prototype Pollution via safeEval Function
Apr 11, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-29017 CRITICAL
vm2 <3.9.15 - Remote Code Execution
Apr 06, 2023
CVSS 10.0
EPSS 0.73
CVE-2023-0842 MEDIUM
xml2js 0.4.23 - Prototype Pollution via __proto__ Property
Apr 05, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-0835 HIGH
markdown-pdf 11.0.0 - Arbitrary Local File Read via Unvalidated Markdown Content
Apr 04, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-26118 MEDIUM
angularjs 1.4.9-1.8.3 - Regular Expression Denial of Service via URL Input Validation
Mar 30, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-26117 MEDIUM
angularjs 1.0.0-1.8.2 - Regular Expression Denial of Service via $resource Service
Mar 30, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-26116 MEDIUM
angularjs 1.2.21-1.8.2 - Regular Expression Denial of Service via angular.copy()
Mar 30, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-28427 HIGH
matrix-js-sdk <24.0.0 - Info Disclosure
Mar 28, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-28103 HIGH
matrix-react-sdk < 3.69.0 - Prototype Pollution via Remote Server Data
Mar 28, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-28444 CRITICAL
angular-server-side-configuration - Info Disclosure
Mar 24, 2023
CVSS 9.9
EPSS 0.00
CVE-2023-28443 MEDIUM
Directus < 9.23.3 - Unauthenticated Token Exposure via Log Output
Mar 24, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-26114 HIGH
code-server <4.10.1 - Info Disclosure
Mar 23, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-26113 HIGH
collection.js <6.8.1 - Info Disclosure
Mar 18, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-28155 MEDIUM
Request < 2.88.1 - Server-Side Request Forgery via Cross-Protocol Redirect
Mar 16, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-25345 HIGH
swig-templates < 2.0.4 and swig < 1.4.2 - Path Traversal via Include or Extends Tags
Mar 15, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-28154 CRITICAL
webpack 5.0.0-5.75.0 - Prototype Pollution via ImportParserPlugin Magic Comment Handling
Mar 13, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-27490 HIGH
next-auth < 4.20.1 - Authentication Bypass via OAuth CSRF Protection Failure
Mar 09, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-26110 HIGH
node-bluetooth < 1.2.6 - Buffer Overflow via findSerialPortChannel
Mar 09, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-26109 HIGH
node-bluetooth-serial-port - Buffer Overflow
Mar 09, 2023
CVSS 7.3
EPSS 0.00
CVE-2023-27481 MEDIUM
Directus < 9.16.0 - Exposure of Sensitive Information via Password Hash Enumeration
Mar 07, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-27474 HIGH
Directus < 9.23.0 - HTML Injection via Password Reset URL Query Parameters
Mar 06, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-26111 HIGH
@nubosoftware/node-static - Path Traversal
Mar 06, 2023
CVSS 7.5
EPSS 0.01
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV