npm
4,198 tracked vulnerabilities.
CVE-2022-25936
HIGH
servst < 2.0.3 - Path Traversal via Improper File Path Sanitization
Jan 30, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-48285
HIGH
JSZip < 3.8.0 - Path Traversal via Crafted ZIP Archive
Jan 29, 2023
CVSS 7.3
EPSS 0.01
CVE-2022-25962
HIGH
vagrant.js - OS Command Injection via boxAdd Function
Jan 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25927
MEDIUM
ua-parser-js 0.7.30-0.7.32 and 0.8.1-1.0.32 - Regular Expression Denial of Service via trim() Function
Jan 26, 2023
CVSS 5.3
EPSS 0.02
CVE-2022-25908
HIGH
create-choo-electron - OS Command Injection via devInstall Function
Jan 26, 2023
CVSS 7.4
EPSS 0.02
CVE-2022-25860
HIGH
simple-git < 3.16.0 - Remote Code Execution via Git Command Methods
Jan 26, 2023
CVSS 8.1
EPSS 0.03
CVE-2022-25847
MEDIUM
serve-lite - Cross-Site Scripting via Directory Listing
Jan 26, 2023
CVSS 5.4
EPSS 0.01
CVE-2022-25350
HIGH
puppet-facter - OS Command Injection via getFact Function
Jan 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-21810
HIGH
smartctl - OS Command Injection via Info Method
Jan 26, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-21192
HIGH
serve-lite - Path Traversal via req.url
Jan 26, 2023
CVSS 7.5
EPSS 0.01
CVE-2022-25901
MEDIUM
cookiejar < 2.1.4 - Denial of Service via Insecure Regular Expression in Cookie.parse
Jan 18, 2023
CVSS 5.3
EPSS 0.02
CVE-2022-21191
HIGH
global-modules-path < 3.0.0 - OS Command Injection via getPath Function
Jan 13, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25890
HIGH
wifey - OS Command Injection via connect() Function
Jan 09, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-25923
HIGH
exec-local-bin < 1.2.0 - OS Command Injection via theProcess() Function
Jan 06, 2023
CVSS 7.4
EPSS 0.03
CVE-2022-25926
HIGH
window-control < 1.4.5 - OS Command Injection via sendKeys Function
Jan 04, 2023
CVSS 7.4
EPSS 0.01
CVE-2022-4742
MEDIUM
json-pointer < 0.6.2 - Prototype Pollution via set Function
Dec 26, 2022
CVSS 6.3
EPSS 0.01
CVE-2022-26969
CRITICAL
Directus < 9.7.0 - Permissive Cross-domain Security Policy with Untrusted Domains
Dec 26, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-46175
HIGH
json5 <1.0.2 and >=2.0.0 <2.2.2 - Prototype Pollution via __proto__ Key Parsing
Dec 24, 2022
CVSS 7.1
EPSS 0.09
CVE-2022-23539
MEDIUM
jsonwebtoken < 8.5.1 - Use of a Broken or Risky Cryptographic Algorithm via Insecure Key Type Configuration
Dec 23, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-23540
MEDIUM
jsonwebtoken <=8.5.1 - Signature Validation Bypass via Default 'none' Algorithm
Dec 22, 2022
CVSS 6.4
EPSS 0.01
CVE-2022-23541
MEDIUM
jsonwebtoken <= 8.5.1 - Improper Authentication via Algorithm Confusion
Dec 22, 2022
CVSS 5.0
EPSS 0.01
CVE-2022-41654
MEDIUM
Ghost Foundation Ghost <5.9.4 - Auth Bypass
Dec 22, 2022
CVSS 4.3
EPSS 0.19
CVE-2022-25948
MEDIUM
liquidjs < 10.0.0 - Information Exposure via Prototype Property Leak
Dec 22, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-25929
MEDIUM
smoothie_charts 1.31.0-1.36.1 - Cross-Site Scripting via strokeStyle and tooltipLabel Properties
Dec 21, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-25895
HIGH
lite-dev-server - Path Traversal via req.url Input
Dec 21, 2022
CVSS 7.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters