Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,969 tracked vulnerabilities.

CVE-2022-35915 MEDIUM

OpenZeppelin Contracts <4.7.2 - Info Disclosure

CVE-2022-31186 LOW

NextAuth.js <4.10.2, <3.29.9 - Info Disclosure

CVE-2022-31180 CRITICAL

shescape 1.4.0-1.5.7 - Command Injection via Interpolation Option

CVE-2022-31179 HIGH

shescape < 1.5.8 - Command Injection via Line Feed Character

CVE-2022-2596 MEDIUM

GitHub node-fetch <3.2.10 - Info Disclosure

CVE-2022-2564 CRITICAL

automattic/mongoose <6.4.6 - Info Disclosure

CVE-2022-35131 CRITICAL

Joplin < 2.9.1 - Stored Cross-Site Scripting via Node Title Injection

CVE-2022-21802 MEDIUM

grapesjs < 0.19.5 - Cross-Site Scripting in Selector Manager

CVE-2022-25759 CRITICAL

convert-svg-core < 0.6.2 - Remote Code Injection via Malicious SVG File

CVE-2022-36313 MEDIUM

File-type <16.5.4, 17.x <17.1.3 - DoS

CVE-2022-31151 LOW

undici < 5.7.1 - Cookie Header Leakage on Cross-Origin Redirect

CVE-2022-31160 MEDIUM

jQuery UI < 1.13.2 - Cross-Site Scripting via Checkboxradio Widget Refresh

CVE-2022-31150 MEDIUM

undici < 5.8.0 - CRLF Injection in HTTP Headers

CVE-2022-36127 HIGH

Apache SkyWalking NodeJS Agent <0.5.1 - DoS

CVE-2022-25869 MEDIUM

angularjs - Cross-Site Scripting via Textarea Interpolation

CVE-2022-25858 MEDIUM

terser < 4.8.1 and 5.0.0-5.14.2 - Regular Expression Denial of Service

CVE-2022-31147 HIGH

jQuery Validation Plugin <1.19.5 - DoS

CVE-2022-31142 HIGH

@fastify/bearer-auth <7.0.2-8.0.1 - Info Disclosure

CVE-2022-32214 MEDIUM

llhttp < 2.1.5 - HTTP Request Smuggling via CRLF Sequence Mismanagement

CVE-2022-32213 MEDIUM

llhttp < 2.1.5 - HTTP Request Smuggling via Transfer-Encoding Header

CVE-2022-32210 MEDIUM

Undici 4.8.2-5.5.0 - Improper Certificate Validation in ProxyAgent

CVE-2022-25875 MEDIUM

svelte < 3.49.0 - Cross-Site Scripting via Custom toString Function in SSR

CVE-2022-31129 HIGH

moment 2.18.0-2.29.3 - Denial of Service via RFC2822 Date Parsing

CVE-2022-31127 HIGH

next-auth < 3.29.8 and < 4.9.0 - Cross-Site Scripting via Email Sign-In Endpoint

CVE-2022-33171 CRITICAL

TypeORM < 0.3.0 - SQL Injection via FindOneOptions Parameter

Previous Page 86 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy