npm

4,198 tracked vulnerabilities.

CVE-2022-25936 HIGH
servst < 2.0.3 - Path Traversal via Improper File Path Sanitization
Jan 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-48285 HIGH
JSZip < 3.8.0 - Path Traversal via Crafted ZIP Archive
Jan 29, 2023
CVSS 7.3
EPSS 0.01
CVE-2022-25962 HIGH
vagrant.js - OS Command Injection via boxAdd Function
Jan 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25927 MEDIUM
ua-parser-js 0.7.30-0.7.32 and 0.8.1-1.0.32 - Regular Expression Denial of Service via trim() Function
Jan 26, 2023
CVSS 5.3
EPSS 0.02
CVE-2022-25908 HIGH
create-choo-electron - OS Command Injection via devInstall Function
Jan 26, 2023
CVSS 7.4
EPSS 0.02
CVE-2022-25860 HIGH
simple-git < 3.16.0 - Remote Code Execution via Git Command Methods
Jan 26, 2023
CVSS 8.1
EPSS 0.03
CVE-2022-25847 MEDIUM
serve-lite - Cross-Site Scripting via Directory Listing
Jan 26, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-25350 HIGH
puppet-facter - OS Command Injection via getFact Function
Jan 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-21810 HIGH
smartctl - OS Command Injection via Info Method
Jan 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-21192 HIGH
serve-lite - Path Traversal via req.url
Jan 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-25901 MEDIUM
cookiejar < 2.1.4 - Denial of Service via Insecure Regular Expression in Cookie.parse
Jan 18, 2023
CVSS 5.3
EPSS 0.02
CVE-2022-21191 HIGH
global-modules-path < 3.0.0 - OS Command Injection via getPath Function
Jan 13, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25890 HIGH
wifey - OS Command Injection via connect() Function
Jan 09, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25923 HIGH
exec-local-bin < 1.2.0 - OS Command Injection via theProcess() Function
Jan 06, 2023
CVSS 7.4
EPSS 0.03
CVE-2022-25926 HIGH
window-control < 1.4.5 - OS Command Injection via sendKeys Function
Jan 04, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-4742 MEDIUM
json-pointer < 0.6.2 - Prototype Pollution via set Function
Dec 26, 2022
CVSS 6.3
EPSS 0.01
CVE-2022-26969 CRITICAL
Directus < 9.7.0 - Permissive Cross-domain Security Policy with Untrusted Domains
Dec 26, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-46175 HIGH
json5 <1.0.2 and >=2.0.0 <2.2.2 - Prototype Pollution via __proto__ Key Parsing
Dec 24, 2022
CVSS 7.1
EPSS 0.09
CVE-2022-23539 MEDIUM
jsonwebtoken < 8.5.1 - Use of a Broken or Risky Cryptographic Algorithm via Insecure Key Type Configuration
Dec 23, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-23540 MEDIUM
jsonwebtoken <=8.5.1 - Signature Validation Bypass via Default 'none' Algorithm
Dec 22, 2022
CVSS 6.4
EPSS 0.01
CVE-2022-23541 MEDIUM
jsonwebtoken <= 8.5.1 - Improper Authentication via Algorithm Confusion
Dec 22, 2022
CVSS 5.0
EPSS 0.01
CVE-2022-41654 MEDIUM
Ghost Foundation Ghost <5.9.4 - Auth Bypass
Dec 22, 2022
CVSS 4.3
EPSS 0.19
CVE-2022-25948 MEDIUM
liquidjs < 10.0.0 - Information Exposure via Prototype Property Leak
Dec 22, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-25929 MEDIUM
smoothie_charts 1.31.0-1.36.1 - Cross-Site Scripting via strokeStyle and tooltipLabel Properties
Dec 21, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-25895 HIGH
lite-dev-server - Path Traversal via req.url Input
Dec 21, 2022
CVSS 7.5
EPSS 0.01