npm

3,969 tracked vulnerabilities.

CVE-2022-36046 MEDIUM
Next.js <12.2.3 - Unhandled Rejection
Aug 31, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-36045 CRITICAL
NodeBB Forum Software - Info Disclosure
Aug 31, 2022
CVSS 9.0
EPSS 0.01
CVE-2022-25887 MEDIUM
sanitize-html < 2.7.1 - Regular Expression Denial of Service via HTML Comment Removal
Aug 30, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-25646 MEDIUM
x-data-spreadsheet - Stored Cross-Site Scripting via Cell Value Injection
Aug 30, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-36036 LOW
mdx-mermaid <1.3.0, <2.0.0-rc1 - Code Injection
Aug 29, 2022
CVSS 3.6
EPSS 0.00
CVE-2022-36034 HIGH
nitrado.js < 0.2.5 - Inefficient Regular Expression Complexity via Malicious Input
Aug 29, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-25921 HIGH
morgan-json - Arbitrary Code Execution via Function Constructor Input
Aug 29, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-21165 CRITICAL
font-converter - OS Command Injection via Unsanitized Input to child_process.exec()
Aug 29, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-24375 HIGH
node-opcua < 2.74.0 - Denial of Service via Multiple CloseSession Requests
Aug 24, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25231 HIGH
node-opcua < 2.74.0 - Denial of Service via Crafted OPC UA Message
Aug 23, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-21208 HIGH
node-opcua < 2.74.0 - Denial of Service via Unlimited Chunk Reception
Aug 23, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-2932 MEDIUM
mobiledoc-kit < 0.14.2 - Reflected Cross-Site Scripting
Aug 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-36031 MEDIUM
Directus < 9.15.0 - Authenticated Denial of Service via filename_disk Field Manipulation
Aug 19, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-35204 MEDIUM
vitejs/vite < 2.9.13 - Path Traversal via Crafted URL
Aug 18, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-36010 CRITICAL
react-editable-json-tree < 2.2.2 - Remote Code Execution via JsonFunctionValue Eval Injection
Aug 15, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-35948 MEDIUM
undici < 5.8.1 - CRLF Injection via Content-Type Header
Aug 15, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-35949 MEDIUM
undici <5.8.2 - Server-Side Request Forgery via pathname URL Confusion
Aug 12, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-35942 CRITICAL
loopback-connector-postgresql < 5.5.1 - SQL Injection via 'contains' LoopBack Filter
Aug 12, 2022
CVSS 9.3
EPSS 0.00
CVE-2022-25973 HIGH
mc-kill-port - Arbitrary Command Execution via Port Argument Injection
Aug 10, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-25907 HIGH
typescript_deep_merge < 2.0.2 - Prototype Pollution via Merge Function
Aug 09, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-35144 MEDIUM
Raneto < 0.17.1 - Stored Cross-Site Scripting
Aug 04, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-35143 CRITICAL
Raneto < 0.17.1 - Weak Password Requirements
Aug 04, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-35142 HIGH
Raneto < 0.17.1 - Denial of Service via Search Parameter
Aug 04, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-35923 HIGH
v8n <1.5.1 - Denial of Service
Aug 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-35924 CRITICAL
NextAuth.js <4.10.3, 3.29.10 - Info Disclosure
Aug 02, 2022
CVSS 9.1
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV