npm

3,969 tracked vulnerabilities.

CVE-2022-25908 HIGH
create-choo-electron - OS Command Injection via devInstall Function
Jan 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25860 HIGH
simple-git < 3.16.0 - Remote Code Execution via Git Command Methods
Jan 26, 2023
CVSS 8.1
EPSS 0.42
CVE-2022-25847 MEDIUM
serve-lite - Cross-Site Scripting via Directory Listing
Jan 26, 2023
CVSS 5.4
EPSS 0.00
CVE-2022-25350 HIGH
puppet-facter - OS Command Injection via getFact Function
Jan 26, 2023
CVSS 7.4
EPSS 0.00
CVE-2022-21810 HIGH
smartctl - OS Command Injection via Info Method
Jan 26, 2023
CVSS 7.4
EPSS 0.00
CVE-2022-21192 HIGH
serve-lite - Path Traversal via req.url
Jan 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-25901 MEDIUM
cookiejar < 2.1.4 - Denial of Service via Insecure Regular Expression in Cookie.parse
Jan 18, 2023
CVSS 5.3
EPSS 0.00
CVE-2022-21191 HIGH
global-modules-path < 3.0.0 - OS Command Injection via getPath Function
Jan 13, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25890 HIGH
wifey - OS Command Injection via connect() Function
Jan 09, 2023
CVSS 7.4
EPSS 0.02
CVE-2022-25923 HIGH
exec-local-bin < 1.2.0 - OS Command Injection via theProcess() Function
Jan 06, 2023
CVSS 7.4
EPSS 0.02
CVE-2022-25926 HIGH
window-control < 1.4.5 - OS Command Injection via sendKeys Function
Jan 04, 2023
CVSS 7.4
EPSS 0.00
CVE-2022-4742 MEDIUM
json-pointer < 0.6.2 - Prototype Pollution via set Function
Dec 26, 2022
CVSS 6.3
EPSS 0.00
CVE-2022-26969 CRITICAL
Directus < 9.7.0 - Permissive Cross-domain Security Policy with Untrusted Domains
Dec 26, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-46175 HIGH
json5 <1.0.2 and >=2.0.0 <2.2.2 - Prototype Pollution via __proto__ Key Parsing
Dec 24, 2022
CVSS 7.1
EPSS 0.44
CVE-2022-23539 MEDIUM
jsonwebtoken < 8.5.1 - Use of a Broken or Risky Cryptographic Algorithm via Insecure Key Type Configuration
Dec 23, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-23540 MEDIUM
jsonwebtoken <=8.5.1 - Signature Validation Bypass via Default 'none' Algorithm
Dec 22, 2022
CVSS 6.4
EPSS 0.00
CVE-2022-23541 MEDIUM
jsonwebtoken <= 8.5.1 - Improper Authentication via Algorithm Confusion
Dec 22, 2022
CVSS 5.0
EPSS 0.00
CVE-2022-41654 MEDIUM
Ghost Foundation Ghost <5.9.4 - Auth Bypass
Dec 22, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-25948 MEDIUM
liquidjs < 10.0.0 - Information Exposure via Prototype Property Leak
Dec 22, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-25929 MEDIUM
smoothie_charts 1.31.0-1.36.1 - Cross-Site Scripting via strokeStyle and tooltipLabel Properties
Dec 21, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-25895 HIGH
lite-dev-server - Path Traversal via req.url Input
Dec 21, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25893 CRITICAL
vm2 <3.9.10 - RCE
Dec 21, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-24431 HIGH
abacus-ext-cmdline - Command Injection
Dec 21, 2022
CVSS 7.4
EPSS 0.02
CVE-2022-25940 HIGH
lite-server - Denial of Service via Malformed HTTP Request
Dec 20, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25931 HIGH
easy-static-server - Path Traversal via req.url Input
Dec 20, 2022
CVSS 7.5
EPSS 0.01
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV