npm
4,198 tracked vulnerabilities.
CVE-2023-30533
HIGH
SheetJS Community Edition < 0.19.3 - Prototype Pollution via Crafted File
Apr 24, 2023
CVSS 7.8
EPSS 0.01
CVE-2023-28131
CRITICAL
Expo SDK 45.0.0-47.9.9 - Unauthenticated Account Takeover via AuthSession Redirect Proxy
Apr 24, 2023
CVSS 9.6
EPSS 0.23
CVE-2023-30547
CRITICAL
Vm2 < 3.9.16 - Injection
Apr 17, 2023
CVSS 9.8
EPSS 0.72
CVE-2023-30548
MEDIUM
gatsby-plugin-sharp < 5.8.1 and < 4.25.1 - Path Traversal via Gatsby Develop Server
Apr 17, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-29529
MEDIUM
matrix-js-sdk < 24.1.0 - Unauthenticated Eavesdropping via MSC3401 Group Call Implementation
Apr 14, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-29199
CRITICAL
vm2 <3.9.15 - Remote Code Execution
Apr 14, 2023
CVSS 9.8
EPSS 0.04
CVE-2023-26122
HIGH
safe-eval < 0.4.1 - Sandbox Bypass via Prototype Pollution
Apr 11, 2023
CVSS 8.8
EPSS 0.02
CVE-2023-26121
HIGH
safe-eval < 0.4.1 - Prototype Pollution via safeEval Function
Apr 11, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-29017
CRITICAL
vm2 <3.9.15 - Remote Code Execution
Apr 06, 2023
CVSS 10.0
EPSS 0.63
CVE-2023-0842
MEDIUM
xml2js 0.4.23 - Prototype Pollution via __proto__ Property
Apr 05, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-0835
HIGH
markdown-pdf 11.0.0 - Arbitrary Local File Read via Unvalidated Markdown Content
Apr 04, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-26118
MEDIUM
angularjs 1.4.9-1.8.3 - Regular Expression Denial of Service via URL Input Validation
Mar 30, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-26117
MEDIUM
angularjs 1.0.0-1.8.2 - Regular Expression Denial of Service via $resource Service
Mar 30, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-26116
MEDIUM
angularjs 1.2.21-1.8.2 - Regular Expression Denial of Service via angular.copy()
Mar 30, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-28427
HIGH
matrix-js-sdk <24.0.0 - Info Disclosure
Mar 28, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-28103
HIGH
matrix-react-sdk < 3.69.0 - Prototype Pollution via Remote Server Data
Mar 28, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-28444
CRITICAL
angular-server-side-configuration - Info Disclosure
Mar 24, 2023
CVSS 9.9
EPSS 0.01
CVE-2023-28443
MEDIUM
Directus < 9.23.3 - Unauthenticated Token Exposure via Log Output
Mar 24, 2023
CVSS 4.2
EPSS 0.00
CVE-2023-26114
HIGH
code-server <4.10.1 - Info Disclosure
Mar 23, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-26113
HIGH
collection.js <6.8.1 - Info Disclosure
Mar 18, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-28155
MEDIUM
Request < 2.88.1 - Server-Side Request Forgery via Cross-Protocol Redirect
Mar 16, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-25345
HIGH
swig-templates < 2.0.4 and swig < 1.4.2 - Path Traversal via Include or Extends Tags
Mar 15, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-28154
CRITICAL
webpack 5.0.0-5.75.0 - Prototype Pollution via ImportParserPlugin Magic Comment Handling
Mar 13, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-27490
HIGH
next-auth < 4.20.1 - Authentication Bypass via OAuth CSRF Protection Failure
Mar 09, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-26110
HIGH
node-bluetooth < 1.2.6 - Buffer Overflow via findSerialPortChannel
Mar 09, 2023
CVSS 7.3
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters