npm

3,969 tracked vulnerabilities.

CVE-2023-22477 MEDIUM
Mercurius < 8.13.2 and 9.0.0-11.5.0 - Denial of Service via Malformed WebSocket Packet
Jan 09, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-22467 HIGH
Luxon 1.x < 1.38.1, 2.x < 2.5.2, 3.2.1 - Denial of Service via RFC2822 Date Parsing
Jan 04, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-25883 MEDIUM
npmjs/semver <5.7.2 and >=7.0.0 <7.5.2 - Regular Expression Denial of Service via Range Function
Jun 21, 2023
CVSS 5.3
EPSS 0.01
CVE-2022-4942 LOW
eslint-detailed-reporter < 0.9.0 - Cross-Site Scripting in renderIssue Function
Apr 20, 2023
CVSS 3.5
EPSS 0.00
CVE-2022-36060 HIGH
matrix-react-sdk < 3.53.0 - Denial of Service via Prototype Pollution
Mar 28, 2023
CVSS 8.2
EPSS 0.00
CVE-2022-36059 HIGH
matrix-js-sdk <19.4.0 - Info Disclosure
Mar 28, 2023
CVSS 8.2
EPSS 0.00
CVE-2022-2237 MEDIUM
Keycloak Node.js Adapter - Open Redirect via checkSso Function
Mar 27, 2023
CVSS 6.1
EPSS 0.00
CVE-2022-43441 HIGH
Ghost sqlite3 5.0.0-5.1.1 - Remote Code Execution via Statement Bindings
Mar 16, 2023
CVSS 8.1
EPSS 0.07
CVE-2022-44310 HIGH
ecdh < 0.2.0 - Exposure of Resource to Wrong Sphere via Invalid Public Key
Feb 24, 2023
CVSS 7.5
EPSS 0.00
CVE-2022-48115 MEDIUM
jspreadsheet < 4.6.0 - Cross-Site Scripting via Dropdown Menu
Feb 17, 2023
CVSS 6.1
EPSS 0.00
CVE-2022-48110 MEDIUM
CKEditor 5 < 36.0.0 - Cross-Site Scripting via Full Featured Widget
Feb 13, 2023
CVSS 6.1
EPSS 0.01
CVE-2022-25937 MEDIUM
glance < 3.0.9 - Path Traversal
Feb 13, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-25855 HIGH
create-choo-app3 - OS Command Injection via devInstall Function
Feb 06, 2023
CVSS 7.4
EPSS 0.00
CVE-2022-25853 HIGH
semver-tags - OS Command Injection via getGitTagsRemote Function
Feb 06, 2023
CVSS 7.4
EPSS 0.00
CVE-2022-25916 HIGH
mt7688-wiscan < 0.8.3 - OS Command Injection via wiscan.scan Function
Feb 01, 2023
CVSS 7.4
EPSS 0.00
CVE-2022-25906 HIGH
is-http2 - OS Command Injection via isH2 Function
Feb 01, 2023
CVSS 7.4
EPSS 0.00
CVE-2022-45598 MEDIUM
Joplin < 2.9.17 - Cross-Site Scripting via Improper Sanitization
Jan 31, 2023
CVSS 6.1
EPSS 0.01
CVE-2022-25979 MEDIUM
jsuites < 5.0.1 - Cross-Site Scripting via Editor Function
Jan 31, 2023
CVSS 5.4
EPSS 0.00
CVE-2022-25881 MEDIUM
http-cache-semantics <4.1.1 - Info Disclosure
Jan 31, 2023
CVSS 5.3
EPSS 0.00
CVE-2022-21129 HIGH
nemo-appium < 0.0.9 - OS Command Injection via Improper Input Sanitization in module.exports.setup
Jan 31, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25967 HIGH
eta < 2.0.0 - Remote Code Execution via Express Render API View Options
Jan 30, 2023
CVSS 8.1
EPSS 0.19
CVE-2022-25936 HIGH
servst < 2.0.3 - Path Traversal via Improper File Path Sanitization
Jan 30, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-48285 HIGH
JSZip < 3.8.0 - Path Traversal via Crafted ZIP Archive
Jan 29, 2023
CVSS 7.3
EPSS 0.01
CVE-2022-25962 HIGH
vagrant.js - OS Command Injection via boxAdd Function
Jan 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25927 MEDIUM
ua-parser-js 0.7.30-0.7.32 and 0.8.1-1.0.32 - Regular Expression Denial of Service via trim() Function
Jan 26, 2023
CVSS 5.3
EPSS 0.01
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV