npm
4,198 tracked vulnerabilities.
CVE-2023-31719
CRITICAL
FUXA <= 1.1.12 - SQL Injection via /api/signin
Sep 22, 2023
CVSS 9.8
EPSS 0.27
CVE-2023-31718
HIGH
FUXA <= 1.1.12 - Local File Inclusion via /api/download
Sep 22, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-31717
HIGH
FUXA <= 1.1.12 - SQL Injection
Sep 22, 2023
CVSS 7.5
EPSS 0.02
CVE-2023-42810
CRITICAL
systeminformation 5.0.0-5.21.6 - Command Injection via SSID Parameter
Sep 21, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-5104
MEDIUM
nocodb/nocodb <0.96.0 - Info Disclosure
Sep 21, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-26144
MEDIUM
graphql 16.3.0-16.8.1 - Denial of Service via Large Query Parsing
Sep 20, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-26143
MEDIUM
blamer < 1.0.4 - Arbitrary Argument Injection via blameByFile API
Sep 19, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-42399
MEDIUM
Xdsoft Joditeditor - XSS
Sep 19, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-41592
MEDIUM
Froala Editor 4.0.1-4.1.1 - Cross-Site Scripting
Sep 14, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-4863
HIGH
KEV
Google Chrome <116.0.5845.187 - Buffer Overflow
Sep 12, 2023
CVSS 8.8
EPSS 1.00
CVE-2023-39584
HIGH
hexo < 7.2.0 - Arbitrary File Read via include_code Tag
Sep 08, 2023
CVSS 7.5
EPSS 0.32
CVE-2023-41646
MEDIUM
Buttercup v2.20.3 - Info Disclosure
Sep 07, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-39956
MEDIUM
Electron < 22.3.9 - Code Injection via Attacker-Controlled Working Directory
Sep 06, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-29198
MEDIUM
Electron - Context Isolation Bypass
Sep 06, 2023
CVSS 6.0
EPSS 0.00
CVE-2023-23623
HIGH
Electron 22.0.0-beta.1-22.0.0 - Always-Incorrect Control Flow Implementation via Disabled Sandbox
Sep 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41058
HIGH
Parse Server < 5.5.5 - Always-Incorrect Control Flow Implementation in beforeFind Trigger
Sep 04, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-40582
CRITICAL
find-exec <1.0.3 - Command Injection
Aug 30, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-39663
HIGH
MathJax < 2.7.9 - Regular Expression Denial of Service via Pattern Matching
Aug 29, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-41037
MEDIUM
OpenPGP.js <5.9.0 - Info Disclosure
Aug 29, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-40185
MEDIUM
Shescape <1.7.4 - Privilege Escalation
Aug 23, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-39141
HIGH
NUCLEI
ziahamza/webui-aria2 - Path Traversal via Node Server File Handling
Aug 22, 2023
CVSS 7.5
EPSS 0.03
CVE-2023-3481
MEDIUM
Critters 0.0.17-0.0.19 - Cross-Site Scripting in HTML Parser
Aug 21, 2023
CVSS 5.7
EPSS 0.00
CVE-2023-38894
CRITICAL
tree-kit < 0.7.4 - Prototype Pollution via extend Function
Aug 16, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-40028
MEDIUM
Ghost < 5.59.1 - Authenticated Arbitrary File Read via Symlink Upload
Aug 15, 2023
CVSS 4.9
EPSS 0.58
CVE-2023-40013
HIGH
svg_loader < 1.6.9 - Cross-Site Scripting via Incomplete Event Attribute Sanitization
Aug 14, 2023
CVSS 7.1
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters