npm
4,198 tracked vulnerabilities.
CVE-2023-26136
MEDIUM
Tough-Cookie <4.1.3 - Prototype Pollution
Jul 01, 2023
CVSS 6.5
EPSS 0.03
CVE-2023-30589
HIGH
Node.js 16.0.0-16.20.1 - HTTP Request Smuggling via CR Delimiter in llhttp Parser
Jul 01, 2023
CVSS 7.5
EPSS 0.04
CVE-2023-34840
MEDIUM
angular-ui-notification < 0.3.6 - Stored Cross-Site Scripting
Jun 30, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-37299
MEDIUM
Joplin < 2.11.5 - Cross-Site Scripting via Image Map AREA Element
Jun 30, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-37298
MEDIUM
Joplin < 2.11.5 - Cross-Site Scripting via SVG USE Element
Jun 30, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-26135
HIGH
flatnest - Prototype Pollution via nest() Function
Jun 30, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-36475
CRITICAL
Parse Server < 5.5.2 - Remote Code Execution via Prototype Pollution
Jun 28, 2023
CVSS 9.8
EPSS 0.03
CVE-2023-26134
CRITICAL
git-commit-info <2.0.2 - Command Injection
Jun 28, 2023
CVSS 9.8
EPSS 0.04
CVE-2023-35165
MEDIUM
AWS Cloud Development Kit 1.57.0-1.202.0 and 2.0.0-2.80.0 - Incorrect Authorization via Overly Permissive Trust Policy
Jun 23, 2023
CVSS 6.6
EPSS 0.01
CVE-2023-35931
LOW
shescape < 1.7.1 - Cleartext Storage of Sensitive Information in Environment Variable
Jun 23, 2023
CVSS 3.1
EPSS 0.01
CVE-2023-35167
MEDIUM
remult < 0.20.6 - Improper Access Control via apiPrefilter Function
Jun 23, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-26115
MEDIUM
word-wrap < 1.2.4 - Regular Expression Denial of Service via Insecure Regular Expression
Jun 22, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-3224
CRITICAL
nuxt 3.4.0-3.4.3 - Code Injection
Jun 13, 2023
CVSS 9.8
EPSS 0.59
CVE-2023-26133
HIGH
progressbar.js < 1.1.1 - Prototype Pollution via extend() Function
Jun 12, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-26132
HIGH
Package dottie <2.0.4 - Info Disclosure
Jun 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-34232
HIGH
snowflake-connector-nodejs < 1.6.21 - Command Injection via SSO Browser URL Authentication
Jun 08, 2023
CVSS 7.3
EPSS 0.02
CVE-2023-34238
MEDIUM
Gatsby < 4.25.7 - Local File Inclusion via __file-code-frame and __original-stack-frame Paths
Jun 08, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-34104
HIGH
fast-xml-parser < 4.2.4 - Denial of Service via Crafted Entity Name Regex
Jun 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-34092
HIGH
NUCLEI
Vite <2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, 4.3.9 - Auth Bypass
Jun 01, 2023
CVSS 7.5
EPSS 0.03
CVE-2023-32689
MEDIUM
Parse Server < 5.4.4 - Unrestricted HTML File Upload via Public API
May 30, 2023
CVSS 6.3
EPSS 0.01
CVE-2023-2968
HIGH
proxy_project proxy - Denial of Service via socket.remoteAddress TypeError
May 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32695
HIGH
socket.io-parser 3.4.0-3.4.2 and 4.0.4-4.2.2 - Denial of Service via Crafted Socket.IO Packet
May 27, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-26129
HIGH
bwm-ng - OS Command Injection in check Function
May 27, 2023
CVSS 8.4
EPSS 0.01
CVE-2023-26128
HIGH
keep-module-latest - Command Injection
May 27, 2023
CVSS 8.4
EPSS 0.01
CVE-2023-26127
HIGH
n158 - OS Command Injection via Improper Input Sanitization in module.exports
May 27, 2023
CVSS 7.8
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters