npm
4,198 tracked vulnerabilities.
CVE-2022-3978
MEDIUM
NodeBB < 2.5.8 - Cross-Site Request Forgery via /register/abort Endpoint
Nov 13, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-3971
MEDIUM
matrix-appservice-irc < 0.36.0 - SQL Injection in PgDataStore
Nov 13, 2022
CVSS 4.6
EPSS 0.01
CVE-2022-41878
HIGH
Parse Server <5.3.2, <4.10.19 - Auth Bypass
Nov 10, 2022
CVSS 7.2
EPSS 0.01
CVE-2022-41879
HIGH
Parse Server <5.3.3,4.10.20 - Prototype Pollution
Nov 10, 2022
CVSS 7.2
EPSS 0.01
CVE-2022-39396
CRITICAL
Parse Server < 4.10.18 and 5.X < 5.3.1 - Remote Code Execution via Prototype Pollution
Nov 10, 2022
CVSS 9.8
EPSS 0.39
CVE-2022-39386
HIGH
fastify/websocket 5.0.0-5.0.0 and 6.0.0-7.1.0 - Denial of Service via Malformed Packet
Nov 08, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-36077
HIGH
Electron <21.0.0-beta.1-18.3.7 - Info Disclosure
Nov 08, 2022
CVSS 7.2
EPSS 0.01
CVE-2022-42743
MEDIUM
deep-parse-json 1.0.2 - Prototype Pollution via __proto__ Key Injection
Nov 03, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-41714
MEDIUM
fastest-json-copy <1.0.1 - Code Injection
Nov 03, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-41713
MEDIUM
deep-object-diff <1.1.0 - Code Injection
Nov 03, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-41710
MEDIUM
Markdownify 1.4.1 - Info Disclosure
Nov 03, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-39353
CRITICAL
xmldom < 0.6.0 and 0.7.0-0.7.6 - Improper Validation of Consistency within Input
Nov 02, 2022
CVSS 9.4
EPSS 0.01
CVE-2022-39381
HIGH
Muhammarajs < 2.6.0 - Denial of Service
Nov 02, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25892
HIGH
muhammara < 2.6.1, 3.0.0-3.1.1 and hummus - Denial of Service via Malicious PDF Parsing
Nov 01, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25885
HIGH
muhammara < 2.6.0 - Denial of Service via PDFStreamForResponse
Nov 01, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-3783
LOW
node-red-dashboard < 3.2.0 - Cross-Site Scripting in ui_text Format Handler
Oct 31, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-37623
CRITICAL
browserify-shim < 3.8.16 - Prototype Pollution via resolveShims Function
Oct 31, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37620
HIGH
html-minifier-terser < 7.2.0 - Denial of Service via reCustomIgnore Regular Expression
Oct 31, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-37621
CRITICAL
browserify-shim < 3.8.16 - Prototype Pollution via resolveShims fullPath Variable
Oct 28, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-25918
MEDIUM
shescape >=1.5.10 <1.6.1 - Regular Expression Denial of Service via escapeArgBash Function
Oct 27, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-2422
CRITICAL
feathers-sequelize 6.0.0-6.3.3 - SQL Injection
Oct 26, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-2421
CRITICAL
socket.io-parser < 3.3.3 and 4.0.0-4.0.5 - SQL Injection via Attachment Parsing
Oct 26, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-29823
CRITICAL
feathers-sequelize 6.0.0-6.3.3 - Remote Code Execution via Prototype Pollution in cleanQuery
Oct 26, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-29822
CRITICAL
feathers-sequelize 6.0.0-6.3.3 - SQL Injection via Improper Parameter Filtering
Oct 26, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-39313
HIGH
Parse Server < 4.10.17 and 5.x < 5.2.8 - Denial of Service via Invalid Byte Range in File Download Request
Oct 24, 2022
CVSS 7.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters