npm

3,969 tracked vulnerabilities.

CVE-2022-1726 MEDIUM
bootstrap-table < 1.20.2 - Cross-Site Scripting via Table Export Plugin with htmlContent Enabled
May 16, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-29623 HIGH
connect-multiparty 2.2.0 - Arbitrary File Upload via Crafted PDF File
May 16, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-29622 CRITICAL
formidable 3.1.4 - Arbitrary File Upload via Crafted Filename
May 16, 2022
CVSS 9.8
EPSS 0.24
CVE-2022-29351 CRITICAL
TiddlyWiki5 v5.2.2 - Arbitrary File Upload via Crafted SVG File
May 16, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-25865 HIGH
workspace-tools < 0.18.4 - Command Injection via Git Argument Injection
May 13, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-25862 MEDIUM
sds - Prototype Pollution via set Function
May 13, 2022
CVSS 4.0
EPSS 0.00
CVE-2022-21190 HIGH
convict < 6.2.3 - Prototype Pollution via Bypass of CVE-2022-22143 Fix
May 13, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-1650 HIGH
GitHub eventsource <2.0.2 - Info Disclosure
May 12, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-1537 HIGH
gruntjs/grunt < 1.5.3 - Arbitrary File Write via TOCTOU Race Condition in file.copy
May 10, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-25324 HIGH
bignum - Denial of Service via .powm Function Type-Check Exception
May 06, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-29172 MEDIUM
Auth0 Lock < 11.33.0 - Stored Cross-Site Scripting via Additional Signup Fields
May 05, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-29167 HIGH
Hawk < 9.0.1 - Denial of Service via Host Header Regular Expression
May 05, 2022
CVSS 7.4
EPSS 0.00
CVE-2022-29166 HIGH
matrix-appservice-irc <0.33.2 - RCE
May 05, 2022
CVSS 8.0
EPSS 0.01
CVE-2022-30241 MEDIUM
jquery.json-viewer < 1.4.0 - Cross-Site Scripting via Improper Character Escaping
May 04, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-24901 HIGH
parse-server < 4.10.10 - Improper Certificate Validation in Apple Game Center Authentication
May 04, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-28118 CRITICAL
SiteServer CMS 7.0.0-7.1.2 - Remote Code Execution via Crafted Plugin
May 03, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-25301 HIGH
jsgui-lang-essentials - Prototype Pollution via Object Attribute Manipulation
May 01, 2022
CVSS 7.7
EPSS 0.00
CVE-2022-25844 MEDIUM
angularjs >=1.7.0 - Regular Expression Denial of Service via Custom Locale Rule
May 01, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-25645 MEDIUM
dset < 3.1.2 - Prototype Pollution via Malicious Object Bypass
May 01, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-25349 MEDIUM
materialize-css - Cross-Site Scripting in Autocomplete Component
May 01, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-24437 CRITICAL
git-pull-or-clone <2.0.2 - Command Injection
May 01, 2022
CVSS 9.8
EPSS 0.10
CVE-2022-23923 HIGH
jailed - Sandbox Bypass via Exported alert() Method
May 01, 2022
CVSS 8.6
EPSS 0.00
CVE-2022-22143 HIGH
convict <6.2.2 - Prototype Pollution
May 01, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-21227 HIGH
sqlite3 < 5.0.3 - Denial of Service via Invalid Function Object
May 01, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-21189 HIGH
dexie < 3.2.2 and 4.0.0-alpha.1-4.0.0-alpha.3 - Prototype Pollution via setByKeyPath Function
May 01, 2022
CVSS 7.3
EPSS 0.01
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV