npm
4,198 tracked vulnerabilities.
CVE-2024-21910
MEDIUM
TinyMCE < 5.10.0 - Unauthenticated Stored Cross-Site Scripting via Crafted Image or Link URLs
Jan 03, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-21908
MEDIUM
TinyMCE < 5.9.0 - Unauthenticated Stored Cross-Site Scripting
Jan 03, 2024
CVSS 6.1
EPSS 0.01
CVE-2023-2142
MEDIUM
Nunjucks < 3.2.4 - Cross-Site Scripting via Autoescape Bypass
Nov 26, 2024
CVSS 6.1
EPSS 0.00
CVE-2023-0163
HIGH
Mozilla Convict - Prototype Pollution
Nov 26, 2024
CVSS 8.4
EPSS 0.00
CVE-2023-1001
LOW
vxe-table < 3.7.10 - Cross-Site Scripting via inputValue Argument in vxe-textarea
May 24, 2024
CVSS 3.5
EPSS 0.00
CVE-2023-50718
MEDIUM
NocoDB < 0.202.10 - Authenticated SQL Injection via Unescaped table_name
May 14, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-50717
MEDIUM
NocoDB 0.202.6-0.202.10 - Stored Cross-Site Scripting via HTML File Upload
May 14, 2024
CVSS 5.7
EPSS 0.01
CVE-2023-49781
HIGH
NocoDB < 0.202.9 - Stored Cross-Site Scripting in Formula Virtual Cell Comments
May 14, 2024
CVSS 7.3
EPSS 0.01
CVE-2023-49785
CRITICAL
NUCLEI
NextChat < 2.11.2 - Server-Side Request Forgery and Cross-Site Scripting
Mar 12, 2024
CVSS 9.1
EPSS 0.83
CVE-2023-52555
MEDIUM
mongo-express 1.0.2 - Cross-Site Request Forgery via Admin Endpoint
Mar 01, 2024
CVSS 6.1
EPSS 0.00
CVE-2023-42282
CRITICAL
fedorindutny/ip < 1.1.9 and >=2.0.0 <2.0.1 - Server-Side Request Forgery via isPublic IP Validation
Feb 08, 2024
CVSS 9.8
EPSS 0.02
CVE-2023-51838
HIGH
Ylianst MeshCentral 1.1.16 - Info Disclosure
Feb 02, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-51837
CRITICAL
Ylianst MeshCentral 1.1.16 - Info Disclosure
Jan 30, 2024
CVSS 9.8
EPSS 0.00
CVE-2023-51842
HIGH
Ylianst MeshCentral <1.1.16 - Info Disclosure
Jan 29, 2024
CVSS 7.5
EPSS 0.01
CVE-2023-50974
MEDIUM
Appwrite CLI < 3.0.0 - Unprotected Credential Exposure via Prefs.json File
Jan 09, 2024
CVSS 5.5
EPSS 0.00
CVE-2023-46308
CRITICAL
plotly.js < 2.25.2 - Prototype Pollution via expandObjectPaths or nestedProperty
Jan 03, 2024
CVSS 9.8
EPSS 0.01
CVE-2023-26159
HIGH
follow-redirects < 1.15.4 - URL Redirection to Untrusted Site via Improper Hostname Parsing
Jan 02, 2024
CVSS 7.3
EPSS 0.01
CVE-2023-50550
MEDIUM
layui < 2.7.5 - Cross-Site Scripting via data-content Parameter
Dec 30, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-7080
HIGH
Cloudflare Wrangler 2.0.0-2.20.1 and 3.0.0-3.18.9 - Unauthenticated Remote Code Execution via V8 Inspector
Dec 29, 2023
CVSS 8.5
EPSS 0.01
CVE-2023-7079
MEDIUM
Cloudflare Wrangler 3.9.0-3.18.9 - Unauthenticated Arbitrary File Read via Dev Server
Dec 29, 2023
CVSS 6.4
EPSS 0.01
CVE-2023-7078
HIGH
Miniflare 3.20230821.0-3.20231030.1 - Server-Side Request Forgery via Crafted HTTP Requests
Dec 29, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-52079
MEDIUM
msgpackr < 1.10.1 - Denial of Service via Crafted MessagePack Message
Dec 28, 2023
CVSS 6.8
EPSS 0.01
CVE-2023-50481
HIGH
blinksocks 3.3.8 - Sensitive Information Exposure via Weak Encryption in SSR Auth Chain
Dec 21, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-50475
CRITICAL
bcoin 2.2.0 - Sensitive Information Exposure via Weak Hashing in faye-websocket.js
Dec 21, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-50728
MEDIUM
octokit/webhooks 9.26.0-9.26.2 - Denial of Service via Uncaught Exception
Dec 15, 2023
CVSS 5.4
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters