npm

3,969 tracked vulnerabilities.

CVE-2022-21144 HIGH
libxmljs < 0.19.8 - Denial of Service via parseXml Function
May 01, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-29078 CRITICAL NUCLEI
ejs 3.1.6 - Server-Side Template Injection via outputFunctionName Option
Apr 25, 2022
CVSS 9.8
EPSS 0.93
CVE-2022-27103 MEDIUM
element-plus 2.0.5 - Cross-Site Scripting via el-table-column
Apr 25, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-1440 CRITICAL
git-interface < 2.1.2 - OS Command Injection via --upload-pack Argument
Apr 22, 2022
CVSS 9.8
EPSS 0.09
CVE-2022-24858 MEDIUM
next-auth < 3.29.2 and 4.0.0-4.3.1 - Authentication Bypass via Redirect Callback
Apr 19, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-1365 MEDIUM
cross-fetch < 3.1.5 - Exposure of Private Personal Information
Apr 15, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-24279 HIGH
madlib-object-utils <0.1.8 - Prototype Pollution
Apr 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-1330 MEDIUM
fullpage < 4.0.4 - Stored Cross-Site Scripting via Anchor URL
Apr 12, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-0436 MEDIUM
gruntjs/grunt <1.5.2 - Path Traversal
Apr 12, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-28397 CRITICAL
Ghost CMS 4.42.0 - Authenticated Arbitrary File Upload
Apr 12, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-27952 CRITICAL
PayloadCMS 0.15.0 - Arbitrary File Upload and Remote Code Execution via SVG File
Apr 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-27263 CRITICAL
Strapi v4.1.5 - Arbitrary File Upload and Remote Code Execution
Apr 12, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-27261 HIGH
express-fileupload 1.3.1 - Arbitrary File Write via Multiple File Upload
Apr 12, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-27260 CRITICAL
ButterCMS 1.2.8 - Arbitrary File Upload and Remote Code Execution via SVG File
Apr 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-27139 CRITICAL
Ghost 4.39.0 - Authenticated Arbitrary File Upload via SVG File
Apr 12, 2022
CVSS 9.8
EPSS 0.06
CVE-2022-21803 HIGH
nconf < 0.11.4 - Prototype Pollution via .set() Function
Apr 12, 2022
CVSS 7.3
EPSS 0.01
CVE-2022-29080 CRITICAL
npm-dependency-versions <0.3.0 - Command Injection
Apr 12, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-24815 HIGH
generator-jhipster 7.0.0-7.8.0 - SQL Injection in Reactive Spring WebFlux Entity Repository
Apr 11, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-1295 CRITICAL
fullpage < 4.0.2 - Prototype Pollution
Apr 11, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-1291 MEDIUM
tableexport.jquery.plugin < 1.25.0 - Cross-Site Scripting via onCellHtmlData Function
Apr 10, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-1243 MEDIUM
uri.js < 1.19.11 - Cross-Site Scripting via CRHTLF Protocol Extraction
Apr 05, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-1233 MEDIUM
URI.js <1.19.11 - URL Confusion When Scheme Is Missing
Apr 04, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-24814 HIGH
Directus < 9.7.0 - Stored Cross-Site Scripting via Rich Text HTML Interface
Apr 04, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-24785 HIGH
Moment.js 1.0.1-2.29.1 - Path Traversal via Locale Switching
Apr 04, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-24066 HIGH
simple-git <3.5.0 - Command Injection
Apr 01, 2022
CVSS 8.1
EPSS 0.03
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV