npm
4,198 tracked vulnerabilities.
CVE-2023-32688
MEDIUM
parse-server-push-adapter < 4.1.3 - Denial of Service via Invalid Push Notification Payload
May 27, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-32325
MEDIUM
posthog-js < 1.57.2 - Cross-Site Scripting
May 27, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33187
MEDIUM
highlight < 6.0.0 - Cleartext Transmission of Sensitive Information via Password Input Type Switch
May 26, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33252
HIGH
snarkjs < 0.6.11 - Missing Authorization via Public Signals Length Validation
May 21, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32314
CRITICAL
Vm2 < 3.9.18 - Injection
May 15, 2023
CVSS 9.8
EPSS 0.06
CVE-2023-32313
MEDIUM
Vm2 < 3.9.18 - Injection
May 15, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-2512
MEDIUM
cloudflare/workerd < 1.20230419.0 - Integer Overflow in FormData forEach Method
May 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-27564
HIGH
n8n < 0.216.1 - Information Disclosure
May 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-27563
HIGH
n8n <0.218.0 - Privilege Escalation
May 10, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-27562
MEDIUM
n8n < 0.216.1 - Path Traversal
May 10, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-26126
HIGH
m.static < 2.2.0 - Path Traversal via requestFile Function
May 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-31133
HIGH
Ghost < 5.46.1 - Exposure of Sensitive Information via Public API Filter Brute Force
May 08, 2023
CVSS 7.5
EPSS 0.46
CVE-2023-31125
MEDIUM
Engine.IO 5.1.0-6.4.1 - Denial of Service via Crafted HTTP Request
May 08, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-2583
CRITICAL
jsreport < 3.11.3 - Code Injection
May 08, 2023
CVSS 10.0
EPSS 0.01
CVE-2023-32235
HIGH
NUCLEI
Ghost < 5.42.1 - Path Traversal via /assets/built%2F..%2F..%2F/
May 05, 2023
CVSS 7.5
EPSS 0.39
CVE-2023-30094
MEDIUM
TotalJS Flow v10 - Stored Cross-Site Scripting via Platform Name Field
May 04, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-2479
CRITICAL
NUCLEI
appium-desktop < 1.22.3-4 - OS Command Injection
May 02, 2023
CVSS 9.8
EPSS 0.22
CVE-2023-29641
MEDIUM
editor.md < 1.5.0 - Cross-Site Scripting via Crafted Markdown Text
May 01, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-30846
CRITICAL
typed-rest-client < 1.8.0 - Credential Leak via Redirect Authorization Header
Apr 26, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-30843
HIGH
Payload < 1.7.0 - Exposure of Sensitive Information via Hidden Field Brute Force
Apr 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2023-30363
CRITICAL
vConsole < 3.15.1 - Prototype Pollution via setOptions in core.ts
Apr 26, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-30609
MEDIUM
matrix-react-sdk < 3.71.0 - HTML Injection in Search Results
Apr 25, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-29566
CRITICAL
dawnsparks-node-tesseract 0.4.0-0.4.1 - Remote Code Execution via child_process Function
Apr 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-27848
CRITICAL
broccoli-compass 0.2.4 - Remote Code Execution via child_process Function
Apr 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-2251
HIGH
eemeli/yaml <2.0.0-5 - Info Disclosure
Apr 24, 2023
CVSS 7.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters