npm
4,198 tracked vulnerabilities.
CVE-2023-26109
HIGH
node-bluetooth-serial-port - Buffer Overflow
Mar 09, 2023
CVSS 7.3
EPSS 0.01
CVE-2023-27481
MEDIUM
Directus < 9.16.0 - Exposure of Sensitive Information via Password Hash Enumeration
Mar 07, 2023
CVSS 4.3
EPSS 0.01
CVE-2023-27474
HIGH
Directus < 9.23.0 - HTML Injection via Password Reset URL Query Parameters
Mar 06, 2023
CVSS 8.0
EPSS 0.01
CVE-2023-26111
HIGH
@nubosoftware/node-static - Path Traversal
Mar 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26107
MEDIUM
sketchsvg - Arbitrary Code Injection via Unsanitized shell.exec Command
Mar 06, 2023
CVSS 6.9
EPSS 0.00
CVE-2023-26106
HIGH
dot-lens < 1.2.3 - Prototype Pollution via set() Function
Mar 06, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26487
MEDIUM
vega < 5.23.0 - Cross-Site Scripting via lassoAppend Function
Mar 04, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-26486
MEDIUM
Vega <5.23.0 - JavaScript Sandbox Escape via scale Expression Function
Mar 04, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-26491
MEDIUM
RSSHub < 2023-03-02 - Cross-Site Scripting via URL Parameter
Mar 03, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-26492
MEDIUM
Directus <9.23.0 - Server-Side Request Forgery via File Import DNS Rebinding
Mar 03, 2023
CVSS 5.0
EPSS 0.01
CVE-2023-26105
HIGH
Package Utilities - Prototype Pollution
Feb 28, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26104
HIGH
lite-web-server - Denial of Service via Malformed URI Control Characters
Feb 25, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26102
HIGH
rangy - Prototype Pollution via extend() Function
Feb 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-25813
CRITICAL
Sequelize < 6.19.1 - SQL Injection via Replacements
Feb 22, 2023
CVSS 10.0
EPSS 0.01
CVE-2023-25805
CRITICAL
versionn < 1.1.0 - OS Command Injection
Feb 20, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-25653
HIGH
node-jose < 2.2.0 - Denial of Service via ECC Operations in Fallback Crypto Backend
Feb 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-24807
HIGH
Undici < 5.19.1 - Regular Expression Denial of Service via Header Value Normalization
Feb 16, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-23936
MEDIUM
Undici <5.19.1 - CRLF Injection
Feb 16, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-22580
MEDIUM
sequelizejs/sequelize - Exposure of Sensitive Information via Improper Input Filtering
Feb 16, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-22579
CRITICAL
sequelizejs/sequelize - SQL Injection via Improper Parameter Filtering
Feb 16, 2023
CVSS 9.9
EPSS 0.01
CVE-2023-22578
CRITICAL
sequelizejs/sequelize - SQL Injection via Improper Attribute Filtering
Feb 16, 2023
CVSS 10.0
EPSS 0.01
CVE-2023-25572
MEDIUM
Marmelab Ra-ui-materialui < 3.9.12 - XSS
Feb 13, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-23925
HIGH
switcher_client < 3.1.4 - Regular Expression Denial of Service via Strategy Match Operation
Feb 03, 2023
CVSS 8.6
EPSS 0.01
CVE-2023-22474
HIGH
parse-server < 5.4.1 - Authentication Bypass via X-Forwarded-For Header Spoofing
Feb 03, 2023
CVSS 8.7
EPSS 0.01
CVE-2023-23636
MEDIUM
Jellyfin 10.8.0-10.8.3 - Stored Cross-Site Scripting via Playlist Name
Feb 03, 2023
CVSS 5.4
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters