npm

4,198 tracked vulnerabilities.

CVE-2023-32688 MEDIUM
parse-server-push-adapter < 4.1.3 - Denial of Service via Invalid Push Notification Payload
May 27, 2023
CVSS 4.9
EPSS 0.01
CVE-2023-32325 MEDIUM
posthog-js < 1.57.2 - Cross-Site Scripting
May 27, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33187 MEDIUM
highlight < 6.0.0 - Cleartext Transmission of Sensitive Information via Password Input Type Switch
May 26, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33252 HIGH
snarkjs < 0.6.11 - Missing Authorization via Public Signals Length Validation
May 21, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-32314 CRITICAL
Vm2 < 3.9.18 - Injection
May 15, 2023
CVSS 9.8
EPSS 0.06
CVE-2023-32313 MEDIUM
Vm2 < 3.9.18 - Injection
May 15, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-2512 MEDIUM
cloudflare/workerd < 1.20230419.0 - Integer Overflow in FormData forEach Method
May 12, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-27564 HIGH
n8n < 0.216.1 - Information Disclosure
May 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-27563 HIGH
n8n <0.218.0 - Privilege Escalation
May 10, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-27562 MEDIUM
n8n < 0.216.1 - Path Traversal
May 10, 2023
CVSS 6.5
EPSS 0.02
CVE-2023-26126 HIGH
m.static < 2.2.0 - Path Traversal via requestFile Function
May 10, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-31133 HIGH
Ghost < 5.46.1 - Exposure of Sensitive Information via Public API Filter Brute Force
May 08, 2023
CVSS 7.5
EPSS 0.46
CVE-2023-31125 MEDIUM
Engine.IO 5.1.0-6.4.1 - Denial of Service via Crafted HTTP Request
May 08, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-2583 CRITICAL
jsreport < 3.11.3 - Code Injection
May 08, 2023
CVSS 10.0
EPSS 0.01
CVE-2023-32235 HIGH NUCLEI
Ghost < 5.42.1 - Path Traversal via /assets/built%2F..%2F..%2F/
May 05, 2023
CVSS 7.5
EPSS 0.39
CVE-2023-30094 MEDIUM
TotalJS Flow v10 - Stored Cross-Site Scripting via Platform Name Field
May 04, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-2479 CRITICAL NUCLEI
appium-desktop < 1.22.3-4 - OS Command Injection
May 02, 2023
CVSS 9.8
EPSS 0.22
CVE-2023-29641 MEDIUM
editor.md < 1.5.0 - Cross-Site Scripting via Crafted Markdown Text
May 01, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-30846 CRITICAL
typed-rest-client < 1.8.0 - Credential Leak via Redirect Authorization Header
Apr 26, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-30843 HIGH
Payload < 1.7.0 - Exposure of Sensitive Information via Hidden Field Brute Force
Apr 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2023-30363 CRITICAL
vConsole < 3.15.1 - Prototype Pollution via setOptions in core.ts
Apr 26, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-30609 MEDIUM
matrix-react-sdk < 3.71.0 - HTML Injection in Search Results
Apr 25, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-29566 CRITICAL
dawnsparks-node-tesseract 0.4.0-0.4.1 - Remote Code Execution via child_process Function
Apr 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-27848 CRITICAL
broccoli-compass 0.2.4 - Remote Code Execution via child_process Function
Apr 24, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-2251 HIGH
eemeli/yaml <2.0.0-5 - Info Disclosure
Apr 24, 2023
CVSS 7.5
EPSS 0.01