Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,969 tracked vulnerabilities.

CVE-2022-25904 HIGH

safe-eval < 0.4.1 - Prototype Pollution via safeEval Function

CVE-2022-25171 HIGH

P4 < 0.0.7 - OS Command Injection

CVE-2022-24377 HIGH

cycle-import-check <1.3.2 - Command Injection

CVE-2022-23505 MEDIUM

passport-wsfed-saml2 < 4.6.3 - Authentication Bypass via IDP Signed Assertion

CVE-2022-23494 MEDIUM

TinyMCE < 5.10.7 and 6.0.0-6.3.1 - Cross-Site Scripting via Alert and Confirm Dialogs

CVE-2022-23487 HIGH

libp2p < 0.38.0 - Resource Exhaustion via Connection and Stream Management

CVE-2022-25912 HIGH

simple-git < 3.15.0 - Remote Code Execution via Ext Transport Protocol in Clone Method

CVE-2022-46164 CRITICAL

NodeBB < 2.6.1 - Account Takeover via Prototype Pollution in Socket.IO Message Handling

CVE-2022-42496 CRITICAL

nadesiko3 < 3.3.74 - OS Command Injection in Nako3edit

CVE-2022-41777 HIGH

nadesiko3 < 3.3.74 - Denial of Service via Invalid decodeURIComponent Input

CVE-2022-41642 CRITICAL

Nadesiko3 PC <3.3.61 - Command Injection

CVE-2022-24441 MEDIUM

Snyk CLI < 1.1064.0 - Code Injection via Malicious Build File Analysis

CVE-2022-22984 MEDIUM

Snyk CLI < 1.1064.0 - Command Injection via Crafted Command Line Flags

CVE-2022-25848 HIGH

static-dev-server - Path Traversal

CVE-2022-41957 HIGH

muhammara < 2.6.2 and 3.0.0-3.3.0 - Denial of Service via Malicious PDF Parsing

CVE-2022-38900 HIGH

decode-uri-component 0.2.0 - Denial of Service via Improper Input Validation

CVE-2022-24999 HIGH

QS < 6.2.4 - Prototype Pollution

CVE-2022-4135 CRITICAL KEV

Google Chrome < 107.0.5304.121 - Heap Buffer Overflow in GPU

CVE-2022-41919 MEDIUM

fastify 3.0.0-3.29.3 and 4.0.0-4.10.1 - Cross-Site Request Forgery via Incorrect Content-Type Bypass

CVE-2022-4111 MEDIUM

tooljet < 1.27.0 - Authenticated Denial of Service via Unrestricted Profile Picture Upload

CVE-2022-41940 HIGH

engine.io < 3.6.1 - Denial of Service via Crafted HTTP Request

CVE-2022-3978 MEDIUM

NodeBB < 2.5.8 - Cross-Site Request Forgery via /register/abort Endpoint

CVE-2022-3971 MEDIUM

matrix-appservice-irc < 0.36.0 - SQL Injection in PgDataStore

CVE-2022-41878 HIGH

Parse Server <5.3.2, <4.10.19 - Auth Bypass

CVE-2022-41879 HIGH

Parse Server <5.3.3,4.10.20 - Prototype Pollution

Previous Page 81 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy