npm

3,969 tracked vulnerabilities.

CVE-2023-26107 MEDIUM
sketchsvg - Arbitrary Code Injection via Unsanitized shell.exec Command
Mar 06, 2023
CVSS 6.9
EPSS 0.00
CVE-2023-26106 HIGH
dot-lens < 1.2.3 - Prototype Pollution via set() Function
Mar 06, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-26487 MEDIUM
vega < 5.23.0 - Cross-Site Scripting via lassoAppend Function
Mar 04, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-26486 MEDIUM
Vega <5.23.0 - JavaScript Sandbox Escape via scale Expression Function
Mar 04, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-26491 MEDIUM
RSSHub < 2023-03-02 - Cross-Site Scripting via URL Parameter
Mar 03, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-26492 MEDIUM
Directus <9.23.0 - Server-Side Request Forgery via File Import DNS Rebinding
Mar 03, 2023
CVSS 5.0
EPSS 0.00
CVE-2023-26105 HIGH
Package Utilities - Prototype Pollution
Feb 28, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-26104 HIGH
lite-web-server - Denial of Service via Malformed URI Control Characters
Feb 25, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-26102 HIGH
rangy - Prototype Pollution via extend() Function
Feb 24, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-25813 CRITICAL
Sequelize < 6.19.1 - SQL Injection via Replacements
Feb 22, 2023
CVSS 10.0
EPSS 0.04
CVE-2023-25805 CRITICAL
versionn < 1.1.0 - OS Command Injection
Feb 20, 2023
CVSS 9.8
EPSS 0.10
CVE-2023-25653 HIGH
node-jose < 2.2.0 - Denial of Service via ECC Operations in Fallback Crypto Backend
Feb 16, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-24807 HIGH
Undici < 5.19.1 - Regular Expression Denial of Service via Header Value Normalization
Feb 16, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-23936 MEDIUM
Undici <5.19.1 - CRLF Injection
Feb 16, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-22580 MEDIUM
sequelizejs/sequelize - Exposure of Sensitive Information via Improper Input Filtering
Feb 16, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-22579 CRITICAL
sequelizejs/sequelize - SQL Injection via Improper Parameter Filtering
Feb 16, 2023
CVSS 9.9
EPSS 0.00
CVE-2023-22578 CRITICAL
sequelizejs/sequelize - SQL Injection via Improper Attribute Filtering
Feb 16, 2023
CVSS 10.0
EPSS 0.00
CVE-2023-25572 MEDIUM
Marmelab Ra-ui-materialui < 3.9.12 - XSS
Feb 13, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-23925 HIGH
switcher_client < 3.1.4 - Regular Expression Denial of Service via Strategy Match Operation
Feb 03, 2023
CVSS 8.6
EPSS 0.00
CVE-2023-22474 HIGH
parse-server < 5.4.1 - Authentication Bypass via X-Forwarded-For Header Spoofing
Feb 03, 2023
CVSS 8.7
EPSS 0.00
CVE-2023-23636 MEDIUM
Jellyfin 10.8.0-10.8.3 - Stored Cross-Site Scripting via Playlist Name
Feb 03, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-23635 MEDIUM
Jellyfin 10.8.0-10.8.3 - Stored Cross-Site Scripting in Collection Name
Feb 03, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-23630 HIGH
eta < 2.0.0 - Cross-Site Scripting via Express API
Feb 01, 2023
CVSS 8.6
EPSS 0.00
CVE-2023-22491 HIGH
gatsby-transformer-remark <5.25.1 and 6.0.0-6.3.2 - JavaScript Injection via gray-matter Frontmatter Processing
Jan 13, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-22493 HIGH
RSSHub < 2023-01-10 - Server-Side Request Forgery via Affected Routes
Jan 13, 2023
CVSS 8.8
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV