npm

3,969 tracked vulnerabilities.

CVE-2022-39231 LOW
parse-server < 4.10.16 and 5.0.0-5.2.6 - Improper Authentication via Facebook/Spotify App ID Validation Bypass
Sep 23, 2022
CVSS 3.7
EPSS 0.00
CVE-2022-39230 MEDIUM
fhir-works-on-aws-authz-smart 3.1.1-3.1.2 - Exposure of Sensitive Information via Search-Type Requests
Sep 23, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-39225 MEDIUM
Parse Server <4.10.15 or >5.0.0-<5.2.6 - Privilege Escalation
Sep 23, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-23458 MEDIUM
Toast UI Grid < 4.21.3 - Cross-Site Scripting via Editable Cell Paste
Sep 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-37265 CRITICAL
stealjs steal 2.2.4 - Prototype Pollution via Alias Variable in babel.js
Sep 20, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-37259 HIGH
stealjs steal 2.2.4 - Regular Expression Denial of Service via String Variable in babel.js
Sep 20, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-38545 CRITICAL
valine < 1.5.0 - Remote Code Execution via Crafted POST Request
Sep 19, 2022
CVSS 9.6
EPSS 0.02
CVE-2022-25873 MEDIUM
vuetify 2.0.0-beta.4-2.6.10 - Cross-Site Scripting in VCalendar eventName Function
Sep 18, 2022
CVSS 4.6
EPSS 0.01
CVE-2022-37258 CRITICAL
stealjs steal - Prototype Pollution via packageName Variable in npm-convert.js
Sep 16, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37260 HIGH
stealjs steal 2.2.4 - Regular Expression Denial of Service via Input Variable
Sep 15, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-37264 CRITICAL
stealjs steal 2.2.4 - Prototype Pollution via optionName Variable
Sep 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37262 HIGH
stealjs steal 2.2.4 - Regular Expression Denial of Service via source and sourceWithComments Variable
Sep 15, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-37266 CRITICAL
stealjs steal - Prototype Pollution via babel.js extend Function
Sep 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37257 CRITICAL
stealjs steal - Prototype Pollution via npm-convert.js requestedVersion Variable
Sep 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-3224 MEDIUM
GitHub ionicabizau/parse-url <8.1.0 - Info Disclosure
Sep 15, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-2900 CRITICAL
parse-url < 8.1.0 - Server-Side Request Forgery
Sep 14, 2022
CVSS 9.1
EPSS 0.00
CVE-2022-39203 HIGH
matrix-appservice-irc < 0.35.0 - Improper Privilege Management via Channel Combination
Sep 13, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-39202 MEDIUM
matrix-appservice-irc < 0.35.0 - Improper Privilege Management via IRC Mode Command Parsing
Sep 13, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-38639 MEDIUM
markdown-nice 1.8.22 - Stored Cross-Site Scripting via Community Posting Field
Sep 09, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-36084 CRITICAL
cruddl <2.7.0-3.0.2 - Code Injection
Sep 08, 2022
CVSS 9.9
EPSS 0.01
CVE-2022-36083 MEDIUM
jose < 1.28.2, < 3.20.4, < 4.9.2 - Uncontrolled Resource Consumption via PBES2 Count Parameter
Sep 07, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-36079 HIGH
Parse Server <4.10.14-5.2.5 - Info Disclosure
Sep 07, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-35513 HIGH
Blink1Control2 <= 2.2.7 - Weak Password Encryption
Sep 07, 2022
CVSS 7.5
EPSS 0.06
CVE-2022-36067 CRITICAL
vm2 <3.9.11 - Remote Code Execution
Sep 06, 2022
CVSS 10.0
EPSS 0.84
CVE-2022-36076 HIGH
NodeBB Forum Software - Info Disclosure
Sep 02, 2022
CVSS 8.8
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV