npm
4,198 tracked vulnerabilities.
CVE-2023-23635
MEDIUM
Jellyfin 10.8.0-10.8.3 - Stored Cross-Site Scripting in Collection Name
Feb 03, 2023
CVSS 5.4
EPSS 0.01
CVE-2023-23630
HIGH
eta < 2.0.0 - Cross-Site Scripting via Express API
Feb 01, 2023
CVSS 8.6
EPSS 0.01
CVE-2023-22491
HIGH
gatsby-transformer-remark <5.25.1 and 6.0.0-6.3.2 - JavaScript Injection via gray-matter Frontmatter Processing
Jan 13, 2023
CVSS 8.1
EPSS 0.01
CVE-2023-22493
HIGH
RSSHub < 2023-01-10 - Server-Side Request Forgery via Affected Routes
Jan 13, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-22477
MEDIUM
Mercurius < 8.13.2 and 9.0.0-11.5.0 - Denial of Service via Malformed WebSocket Packet
Jan 09, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-22467
HIGH
Luxon 1.x < 1.38.1, 2.x < 2.5.2, 3.2.1 - Denial of Service via RFC2822 Date Parsing
Jan 04, 2023
CVSS 7.5
EPSS 0.02
CVE-2022-25883
MEDIUM
npmjs/semver <5.7.2 and >=7.0.0 <7.5.2 - Regular Expression Denial of Service via Range Function
Jun 21, 2023
CVSS 5.3
EPSS 0.03
CVE-2022-4942
LOW
eslint-detailed-reporter < 0.9.0 - Cross-Site Scripting in renderIssue Function
Apr 20, 2023
CVSS 3.5
EPSS 0.01
CVE-2022-36060
HIGH
matrix-react-sdk < 3.53.0 - Denial of Service via Prototype Pollution
Mar 28, 2023
CVSS 8.2
EPSS 0.01
CVE-2022-36059
HIGH
matrix-js-sdk <19.4.0 - Info Disclosure
Mar 28, 2023
CVSS 8.2
EPSS 0.01
CVE-2022-2237
MEDIUM
Keycloak Node.js Adapter - Open Redirect via checkSso Function
Mar 27, 2023
CVSS 6.1
EPSS 0.00
CVE-2022-43441
HIGH
Ghost sqlite3 5.0.0-5.1.1 - Remote Code Execution via Statement Bindings
Mar 16, 2023
CVSS 8.1
EPSS 0.02
CVE-2022-44310
HIGH
ecdh < 0.2.0 - Exposure of Resource to Wrong Sphere via Invalid Public Key
Feb 24, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-48115
MEDIUM
jspreadsheet < 4.6.0 - Cross-Site Scripting via Dropdown Menu
Feb 17, 2023
CVSS 6.1
EPSS 0.00
CVE-2022-48110
MEDIUM
CKEditor 5 < 36.0.0 - Cross-Site Scripting via Full Featured Widget
Feb 13, 2023
CVSS 6.1
EPSS 0.02
CVE-2022-25937
MEDIUM
glance < 3.0.9 - Path Traversal
Feb 13, 2023
CVSS 6.5
EPSS 0.01
CVE-2022-25855
HIGH
create-choo-app3 - OS Command Injection via devInstall Function
Feb 06, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25853
HIGH
semver-tags - OS Command Injection via getGitTagsRemote Function
Feb 06, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25916
HIGH
mt7688-wiscan < 0.8.3 - OS Command Injection via wiscan.scan Function
Feb 01, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25906
HIGH
is-http2 - OS Command Injection via isH2 Function
Feb 01, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-45598
MEDIUM
Joplin < 2.9.17 - Cross-Site Scripting via Improper Sanitization
Jan 31, 2023
CVSS 6.1
EPSS 0.00
CVE-2022-25979
MEDIUM
jsuites < 5.0.1 - Cross-Site Scripting via Editor Function
Jan 31, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-25881
MEDIUM
http-cache-semantics <4.1.1 - Info Disclosure
Jan 31, 2023
CVSS 5.3
EPSS 0.02
CVE-2022-21129
HIGH
nemo-appium < 0.0.9 - OS Command Injection via Improper Input Sanitization in module.exports.setup
Jan 31, 2023
CVSS 7.4
EPSS 0.03
CVE-2022-25967
HIGH
eta < 2.0.0 - Remote Code Execution via Express Render API View Options
Jan 30, 2023
CVSS 8.1
EPSS 0.02
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters