npm

3,969 tracked vulnerabilities.

CVE-2022-25900 HIGH
git-clone - Command Injection via --upload-pack Feature
Jul 01, 2022
CVSS 8.1
EPSS 0.05
CVE-2022-25898 HIGH
jsrsasign 4.8.0-10.5.24 - Improper Verification of Cryptographic Signature
Jul 01, 2022
CVSS 7.7
EPSS 0.02
CVE-2022-25896 MEDIUM
passport < 0.6.0 - Session Fixation via Session Regeneration
Jul 01, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-25876 MEDIUM
link-preview-js < 2.1.16 - Server-Side Request Forgery via DNS Rebinding Bypass
Jul 01, 2022
CVSS 6.2
EPSS 0.00
CVE-2022-25758 MEDIUM
scss-tokenizer < 0.4.3 - Denial of Service via Insecure Regular Expression in loadAnnotation
Jul 01, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-31112 HIGH
parse-server < 4.10.13 - Information Exposure via LiveQuery Protected Fields
Jun 30, 2022
CVSS 8.2
EPSS 0.01
CVE-2022-31110 MEDIUM
RSSHub < 2022-06-21 - Denial of Service via Inefficient Regular Expression in Filter Parameters
Jun 29, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31108 MEDIUM
mermaid 8.0.0-9.1.2 - CSS Injection via Crafted CSS Selectors
Jun 28, 2022
CVSS 4.1
EPSS 0.00
CVE-2022-0624 HIGH
GitHub ionicabizau/parse-path <5.0.0 - Auth Bypass
Jun 28, 2022
CVSS 7.3
EPSS 0.00
CVE-2022-31103 HIGH
lettersanitizer < 1.0.2 - Denial of Service via CSS @keyframes Processing
Jun 27, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-31093 HIGH
next-auth < 3.29.5 - Denial of Service via Malformed Callback URL
Jun 27, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-31089 HIGH
Parse Server <4.10.12, <5.2.3 - DoS
Jun 27, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-2218 MEDIUM
parse-url < 7.0.0 - Stored Cross-Site Scripting
Jun 27, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-2216 CRITICAL
parse-url < 7.0.0 - Server-Side Request Forgery
Jun 27, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-2217 MEDIUM
parse-url < 7.0.0 - Cross-Site Scripting
Jun 27, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-0722 HIGH
ionicabizau/parse-url <7.0.0 - Info Disclosure
Jun 27, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-21231 HIGH
deep-get-set - Prototype Pollution via 'deep' Function
Jun 24, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-23080 MEDIUM
Directus 9.0.0-beta.2-9.6.0 - Server-Side Request Forgery via Media Upload Functionality
Jun 22, 2022
CVSS 5.0
EPSS 0.00
CVE-2022-33987 MEDIUM
got < 12.1.0 and 11.8.5 - Server-Side Request Forgery via UNIX Socket Redirect
Jun 18, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-25872 MEDIUM
fast-string-search - Out-of-bounds Read via Incorrect Memory Handling
Jun 17, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-25871 MEDIUM
querymen - Prototype Pollution via Unsanitized Handler Function Parameters
Jun 17, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-25852 HIGH
libpq and pg-native - Denial of Service via Incorrect Type Conversion
Jun 17, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-22138 HIGH
fast-string-search - Denial of Service via Incorrect Calculation for Non-String Inputs
Jun 17, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-21213 HIGH
mout < 1.2.4 - Prototype Pollution via deepFillIn and deepMixIn Functions
Jun 17, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31083 HIGH
Parse Server <4.10.11, <5.2.2 - Auth Bypass
Jun 17, 2022
CVSS 8.6
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV