npm

3,969 tracked vulnerabilities.

CVE-2022-2079 MEDIUM
nocodb < 0.91.7 - Stored Cross-Site Scripting
Jun 14, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-29257 MEDIUM
Electron <18.0.0-beta.6, 17.2.0, 16.2.6, 15.5.5 - Code Injection
Jun 13, 2022
CVSS 6.6
EPSS 0.00
CVE-2022-29247 LOW
Electron <18.0.0-beta.6,17.2.0,16.2.6,15.5.5 - Privilege Escalation
Jun 13, 2022
CVSS 2.2
EPSS 0.01
CVE-2022-29244 HIGH
npm <7.9.0-7.13.0 - Info Disclosure
Jun 13, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-2064 HIGH
nocodb < 0.91.7 - Insufficient Session Expiration
Jun 13, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-2063 HIGH
nocodb < 0.91.7 - Improper Privilege Management
Jun 13, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-2062 HIGH
nocodb < 0.91.7 - Sensitive Information Exposure via Error Message
Jun 13, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-29894 MEDIUM
Strapi v3.x.x - Stored Cross-Site Scripting in File Upload Function
Jun 13, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-25863 HIGH
gatsby-plugin-mdx < 2.14.1, 3.0.0-3.15.2 - Deserialization of Untrusted Data via gray-matter Input
Jun 10, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-25851 HIGH
jpeg-js < 0.4.4 - Denial of Service via Infinite Loop
Jun 10, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-24429 HIGH
convert-svg-core <0.6.3 - Code Injection
Jun 10, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-24376 HIGH
git-promise - Command Injection via Inappropriate Fix
Jun 10, 2022
CVSS 7.2
EPSS 0.03
CVE-2022-24278 HIGH
convert-svg-core <0.6.4 - Path Traversal
Jun 10, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-21211 MEDIUM
posix - Denial of Service via toString Method Invocation
Jun 10, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-31051 MEDIUM
semantic-release 17.0.4-19.0.3 - Exposure of Sensitive Information via URI Encoding Bypass
Jun 09, 2022
CVSS 4.4
EPSS 0.01
CVE-2022-31830 CRITICAL
Kity Minder v1.3.5 - Server-Side Request Forgery via ImageCapture.class.php Init Function
Jun 09, 2022
CVSS 9.1
EPSS 0.00
CVE-2022-21122 CRITICAL
metacalc < 0.0.2 - Remote Code Execution via Math Class Exposure
Jun 08, 2022
CVSS 9.0
EPSS 0.01
CVE-2022-1929 MEDIUM
devcert < 1.2.1 - Denial of Service via Inefficient Regular Expression in certificateFor Method
Jun 02, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-25878 HIGH
protobufjs < 6.11.3 - Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption
May 27, 2022
CVSS 8.2
EPSS 0.00
CVE-2022-29256 MEDIUM
sharp < 0.30.5 - OS Command Injection via PKG_CONFIG_PATH Environment Variable
May 25, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-29214 MEDIUM
NextAuth.js <3.29.3, <4.3.3 - Open Redirect
May 21, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-24434 HIGH
dicer - Denial of Service via Malicious Form Data
May 20, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-30618 HIGH
Strapi 3.0.0-3.6.9 and 4.0.0-4.1.8 - Authenticated Sensitive Data Exposure via Admin Panel Relationships
May 19, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-30617 HIGH
Strapi 3.0.0-3.6.9 and <4.0.0-beta.15 - Authenticated Sensitive Information Exposure via Admin Panel Relationships
May 19, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-29229 MEDIUM
CaSS Library <1.5.8 - Info Disclosure
May 18, 2022
CVSS 6.3
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV