npm

4,198 tracked vulnerabilities.

CVE-2022-25893 CRITICAL
vm2 <3.9.10 - RCE
Dec 21, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-24431 HIGH
abacus-ext-cmdline - Command Injection
Dec 21, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-25940 HIGH
lite-server - Denial of Service via Malformed HTTP Request
Dec 20, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25931 HIGH
easy-static-server - Path Traversal via req.url Input
Dec 20, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25904 HIGH
safe-eval < 0.4.1 - Prototype Pollution via safeEval Function
Dec 20, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25171 HIGH
P4 < 0.0.7 - OS Command Injection
Dec 20, 2022
CVSS 7.4
EPSS 0.02
CVE-2022-24377 HIGH
cycle-import-check <1.3.2 - Command Injection
Dec 14, 2022
CVSS 7.4
EPSS 0.02
CVE-2022-23505 MEDIUM
passport-wsfed-saml2 < 4.6.3 - Authentication Bypass via IDP Signed Assertion
Dec 13, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-23494 MEDIUM
TinyMCE < 5.10.7 and 6.0.0-6.3.1 - Cross-Site Scripting via Alert and Confirm Dialogs
Dec 08, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-23487 HIGH
libp2p < 0.38.0 - Resource Exhaustion via Connection and Stream Management
Dec 07, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25912 HIGH
simple-git < 3.15.0 - Remote Code Execution via Ext Transport Protocol in Clone Method
Dec 06, 2022
CVSS 8.1
EPSS 0.03
CVE-2022-46164 CRITICAL
NodeBB < 2.6.1 - Account Takeover via Prototype Pollution in Socket.IO Message Handling
Dec 05, 2022
CVSS 9.4
EPSS 0.49
CVE-2022-42496 CRITICAL
nadesiko3 < 3.3.74 - OS Command Injection in Nako3edit
Dec 05, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-41777 HIGH
nadesiko3 < 3.3.74 - Denial of Service via Invalid decodeURIComponent Input
Dec 05, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-41642 CRITICAL
Nadesiko3 PC <3.3.61 - Command Injection
Dec 05, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-24441 MEDIUM
Snyk CLI < 1.1064.0 - Code Injection via Malicious Build File Analysis
Nov 30, 2022
CVSS 5.8
EPSS 0.01
CVE-2022-22984 MEDIUM
Snyk CLI < 1.1064.0 - Command Injection via Crafted Command Line Flags
Nov 30, 2022
CVSS 5.0
EPSS 0.03
CVE-2022-25848 HIGH
static-dev-server - Path Traversal
Nov 29, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-41957 HIGH
muhammara < 2.6.2 and 3.0.0-3.3.0 - Denial of Service via Malicious PDF Parsing
Nov 28, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-38900 HIGH
decode-uri-component 0.2.0 - Denial of Service via Improper Input Validation
Nov 28, 2022
CVSS 7.5
EPSS 0.25
CVE-2022-24999 HIGH
QS < 6.2.4 - Prototype Pollution
Nov 26, 2022
CVSS 7.5
EPSS 0.15
CVE-2022-4135 CRITICAL KEV
Google Chrome < 107.0.5304.121 - Heap Buffer Overflow in GPU
Nov 25, 2022
CVSS 9.6
EPSS 0.32
CVE-2022-41919 MEDIUM
fastify 3.0.0-3.29.3 and 4.0.0-4.10.1 - Cross-Site Request Forgery via Incorrect Content-Type Bypass
Nov 22, 2022
CVSS 4.2
EPSS 0.00
CVE-2022-4111 MEDIUM
tooljet < 1.27.0 - Authenticated Denial of Service via Unrestricted Profile Picture Upload
Nov 22, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-41940 HIGH
engine.io < 3.6.1 - Denial of Service via Crafted HTTP Request
Nov 22, 2022
CVSS 7.1
EPSS 0.02