npm
4,198 tracked vulnerabilities.
CVE-2023-50710
MEDIUM
Hono < 3.11.7 - Path Parameter Override via TrieRouter
Dec 14, 2023
CVSS 4.2
EPSS 0.01
CVE-2023-26920
MEDIUM
fast-xml-parser <4.1.2 - Info Disclosure
Dec 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-49804
MEDIUM
Uptime Kuma <1.23.9 - Info Disclosure
Dec 11, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-49800
HIGH
nuxt-api-party < 0.22.1 - Denial of Service via Recursive Retry Logic
Dec 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-49799
HIGH
nuxt-api-party < 0.22.0 - Server-Side Request Forgery via Leading Whitespace Bypass
Dec 09, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26158
HIGH
mock.js < 1.1.0 - Prototype Pollution via Util.extend Function
Dec 08, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-47440
MEDIUM
Gladys Assistant < 4.30.0 - Authenticated Path Traversal
Dec 07, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-26154
MEDIUM
PubNub <7.4.0, <6.19.0, <7.3.0, <6.1.0, <5.3.0, <0.4.0 - Path Trave...
Dec 06, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-49293
MEDIUM
NUCLEI
vite 4.4.0-4.4.11 - Cross-Site Scripting via Malicious URL Query String in HTML Transformation
Dec 04, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-49276
MEDIUM
uptime.kuma 1.20.0-1.23.6 - Stored Cross-Site Scripting via Google Analytics ID Attribute Injection
Dec 01, 2023
CVSS 6.3
EPSS 0.00
CVE-2023-44402
MEDIUM
Electron < 22.3.24 - Insufficient Verification of Data Authenticity via Asar Integrity Validation Bypass
Dec 01, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-6293
HIGH
robinbuschmann/sequelize-typescript <2.1.6 - Info Disclosure
Nov 24, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-48711
LOW
google-translate-api-browser <4.1.3 - Server-Side Request Forgery via tld Option
Nov 24, 2023
CVSS 3.7
EPSS 0.00
CVE-2023-49210
CRITICAL
node-openssl < 2.0.0 - Command Injection via Verb Field
Nov 23, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-48309
MEDIUM
next-auth < 4.24.5 - Improper Authorization via Middleware JWT Manipulation
Nov 20, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-48223
MEDIUM
fast-jwt < 3.3.2 - JWT Algorithm Confusion via Public Key PEM Format Bypass
Nov 20, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-48218
MEDIUM
Strapi Protected Populate Plugin < 1.3.4 - Incorrect Authorization Bypass
Nov 20, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-48238
HIGH
joaquimserafim/json-web-token < 3.1.1 - JWT Algorithm Confusion via Unverified Algorithm Header
Nov 17, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-4771
MEDIUM
CKEditor < 4.15.1 - Cross-Site Scripting via /ckeditor/samples/old/ajax.html
Nov 16, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-48219
MEDIUM
TinyMCE < 5.10.9 - Mutation Cross-Site Scripting via Undo/Redo Functionality
Nov 15, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-48094
MEDIUM
CesiumJS - Cross-Site Scripting via Crafted Payload to index.html
Nov 14, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-45885
MEDIUM
NASA Open MCT <= 3.1.0 - Cross-Site Scripting via Flexible Layout New Component Feature
Nov 09, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-45884
MEDIUM
NASA Open MCT <= 3.1.0 - Cross-Site Request Forgery via flexibleLayout Plugin
Nov 09, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-26156
MEDIUM
Chromedriver <119.0.1 - Command Injection
Nov 09, 2023
CVSS 5.6
EPSS 0.02
CVE-2023-45857
MEDIUM
Axios 1.5.1 - Sensitive Information Exposure via X-XSRF-TOKEN Header
Nov 08, 2023
CVSS 6.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters