npm

3,969 tracked vulnerabilities.

CVE-2022-39396 CRITICAL
Parse Server < 4.10.18 and 5.X < 5.3.1 - Remote Code Execution via Prototype Pollution
Nov 10, 2022
CVSS 9.8
EPSS 0.11
CVE-2022-39386 HIGH
fastify/websocket 5.0.0-5.0.0 and 6.0.0-7.1.0 - Denial of Service via Malformed Packet
Nov 08, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-36077 HIGH
Electron <21.0.0-beta.1-18.3.7 - Info Disclosure
Nov 08, 2022
CVSS 7.2
EPSS 0.00
CVE-2022-42743 MEDIUM
deep-parse-json 1.0.2 - Prototype Pollution via __proto__ Key Injection
Nov 03, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-41714 MEDIUM
fastest-json-copy <1.0.1 - Code Injection
Nov 03, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-41713 MEDIUM
deep-object-diff <1.1.0 - Code Injection
Nov 03, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-41710 MEDIUM
Markdownify 1.4.1 - Info Disclosure
Nov 03, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-39353 CRITICAL
xmldom < 0.6.0 and 0.7.0-0.7.6 - Improper Validation of Consistency within Input
Nov 02, 2022
CVSS 9.4
EPSS 0.01
CVE-2022-39381 HIGH
Muhammarajs < 2.6.0 - Denial of Service
Nov 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-25892 HIGH
muhammara < 2.6.1, 3.0.0-3.1.1 and hummus - Denial of Service via Malicious PDF Parsing
Nov 01, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-25885 HIGH
muhammara < 2.6.0 - Denial of Service via PDFStreamForResponse
Nov 01, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-3783 LOW
node-red-dashboard < 3.2.0 - Cross-Site Scripting in ui_text Format Handler
Oct 31, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-37623 CRITICAL
browserify-shim < 3.8.16 - Prototype Pollution via resolveShims Function
Oct 31, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37620 HIGH
html-minifier-terser < 7.2.0 - Denial of Service via reCustomIgnore Regular Expression
Oct 31, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-37621 CRITICAL
browserify-shim < 3.8.16 - Prototype Pollution via resolveShims fullPath Variable
Oct 28, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-25918 MEDIUM
shescape >=1.5.10 <1.6.1 - Regular Expression Denial of Service via escapeArgBash Function
Oct 27, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-2422 CRITICAL
feathers-sequelize 6.0.0-6.3.3 - SQL Injection
Oct 26, 2022
CVSS 10.0
EPSS 0.00
CVE-2022-2421 CRITICAL
socket.io-parser < 3.3.3 and 4.0.0-4.0.5 - SQL Injection via Attachment Parsing
Oct 26, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-29823 CRITICAL
feathers-sequelize 6.0.0-6.3.3 - Remote Code Execution via Prototype Pollution in cleanQuery
Oct 26, 2022
CVSS 10.0
EPSS 0.04
CVE-2022-29822 CRITICAL
feathers-sequelize 6.0.0-6.3.3 - SQL Injection via Improper Parameter Filtering
Oct 26, 2022
CVSS 10.0
EPSS 0.00
CVE-2022-39313 HIGH
Parse Server < 4.10.17 and 5.x < 5.2.8 - Denial of Service via Invalid Byte Range in File Download Request
Oct 24, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-41709 HIGH
markdownify 1.4.1 - Remote Code Execution via Malicious Markdown File
Oct 19, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-3517 HIGH
minimatch < 3.0.5 - Denial of Service via braceExpand Function
Oct 17, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-37603 HIGH
webpack.js loader-utils < 1.4.2 - Regular Expression Denial of Service in interpolateName Function
Oct 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-37602 CRITICAL
grunt-karma 4.0.1 - Prototype Pollution via Key Variable
Oct 14, 2022
CVSS 9.8
EPSS 0.01
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV