npm
4,198 tracked vulnerabilities.
CVE-2023-46998
MEDIUM
BootBox Bootbox.js 3.2-6.0 - Cross-Site Scripting via alert(), confirm(), prompt() Functions
Nov 07, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-46234
MEDIUM
browserify-sign - Signature Forgery
Oct 26, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-46233
CRITICAL
crypto-js < 4.2.0 - Use of a Broken or Risky Cryptographic Algorithm
Oct 25, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-46133
CRITICAL
CryptoES < 2.1.0 - Use of a Broken or Risky Cryptographic Algorithm
Oct 25, 2023
CVSS 9.1
EPSS 0.00
CVE-2023-46119
HIGH
Parse Server <5.5.6,6.3.1 - Info Disclosure
Oct 25, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-39619
HIGH
node_email_check 1.0.4 - Denial of Service via ReDos in scpSyntax Component
Oct 25, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-46298
HIGH
Next.js < 13.4.20-canary.13 - Denial of Service via CDN Cached Prefetch Responses
Oct 22, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-45819
MEDIUM
TinyMCE < 5.10.8 and 6.0.0-6.7.1 - Cross-Site Scripting via Notification Manager API
Oct 19, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-45818
MEDIUM
TinyMCE < 5.10.8 and 6.0.0-6.7.1 - Stored Cross-Site Scripting via Undo/Redo HTML Mutation
Oct 19, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-45820
MEDIUM
Directus 10.4.0-10.6.1 - Denial of Service via Invalid WebSocket Frame
Oct 19, 2023
CVSS 5.9
EPSS 0.01
CVE-2023-5654
MEDIUM
React Developer Tools <= 4.28.4 - Browser-Mediated Arbitrary URL Fetch
Oct 19, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-45811
HIGH
Synchrony < 2.4.4 - Prototype Pollution via LiteralMap Transformer
Oct 17, 2023
CVSS 8.1
EPSS 0.00
CVE-2023-43794
MEDIUM
Nocodb < 0.111.0 - Authenticated SQL Injection via Crafted Payload
Oct 17, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-26155
HIGH
node-qpdf - OS Command Injection via encrypt() Method
Oct 14, 2023
CVSS 7.3
EPSS 0.02
CVE-2023-45143
LOW
Undici < 5.26.2 - Cookie Header Leakage on Cross-Origin Redirects
Oct 12, 2023
CVSS 3.9
EPSS 0.01
CVE-2023-45133
CRITICAL
Babel traverse <7.23.2 and 8.0.0-alpha.4 - Code Execution via path.evaluate
Oct 12, 2023
CVSS 9.3
EPSS 0.01
CVE-2023-44400
MEDIUM
Uptime Kuma <1.23.3 - Privilege Escalation
Oct 09, 2023
CVSS 6.7
EPSS 0.00
CVE-2023-45311
CRITICAL
fsevents < 1.2.11 - Remote Code Execution via Untrusted Binary Download URL
Oct 06, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-45282
HIGH
NASA Open MCT < 3.1.0 - Prototype Pollution via Import Action
Oct 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26152
HIGH
static-server < 3.0.0 - Path Traversal via validPath Function
Oct 03, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-44270
MEDIUM
PostCSS < 8.4.31 - CSS Injection via Comment Parsing Bypass
Sep 29, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-4316
HIGH
zod 3.21.0-3.22.3 - Denial of Service via Email Validation
Sep 28, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-5217
HIGH
KEV
libvpx < 1.13.1 - Heap Buffer Overflow in VP8 Encoding
Sep 28, 2023
CVSS 8.8
EPSS 0.49
CVE-2023-26149
MEDIUM
quill-mention < 4.0.0 - Cross-Site Scripting via renderList Function
Sep 28, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-43646
HIGH
get-func-name < 2.0.1 - Denial of Service via Inefficient Regular Expression Complexity
Sep 27, 2023
CVSS 8.6
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters