npm
3,969 tracked vulnerabilities.
CVE-2022-24802
HIGH
deepmerge-ts < 4.0.2 - Prototype Pollution via defaultMergeRecords Function
Apr 01, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-24794
HIGH
auth0 express_openid_connect < 2.7.2 - Open Redirect via Unsanitized Original URL
Mar 31, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-0350
MEDIUM
GitHub vanessa219/vditor <3.8.13 - XSS
Mar 31, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-26260
CRITICAL
Simple-Plist <1.3.0 - Info Disclosure
Mar 22, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-21718
LOW
Electron < 13.6.6 - Unauthenticated Bluetooth Device Access via Web Bluetooth API
Mar 22, 2022
CVSS 3.4
EPSS 0.01
CVE-2022-26183
HIGH
pnpm < 6.15.1 - Untrusted Search Path on Windows
Mar 21, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-25766
HIGH
ungit < 1.5.20 - Remote Code Execution via Git Fetch Argument Injection
Mar 21, 2022
CVSS 8.8
EPSS 0.04
CVE-2022-24773
MEDIUM
Forge < 1.3.0 - Improper Verification of Cryptographic Signature
Mar 18, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-24772
HIGH
forge < 1.3.0 - Improper Verification of Cryptographic Signature via PKCS#1 v1.5 Padding
Mar 18, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-24771
HIGH
forge < 1.3.0 - Improper Verification of Cryptographic Signature
Mar 18, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-25760
HIGH
accesslog - Arbitrary Code Injection via Format Option
Mar 17, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-25354
HIGH
set-in < 2.0.3 - Prototype Pollution via setIn Method
Mar 17, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-25352
HIGH
libnested < 1.5.2 - Prototype Pollution via set Function
Mar 17, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25296
MEDIUM
bodymen < 1.1.1 - Prototype Pollution via Handler Function
Mar 17, 2022
CVSS 6.3
EPSS 0.00
CVE-2022-0748
CRITICAL
post-loader < 2.0.0 - Remote Code Execution via Markdown Parser
Mar 17, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-24728
MEDIUM
CKEditor 4 < 4.18.0 - Stored Cross-Site Scripting via HTML Sanitization Bypass
Mar 16, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-23812
CRITICAL
node-ipc 10.1.1-10.1.3 - Malicious Code Execution via Geo-Location Check
Mar 16, 2022
CVSS 9.8
EPSS 0.06
CVE-2022-21164
LOW
node-lmdb < 0.9.7 - Denial of Service via Non-Invokable ToString Value
Mar 16, 2022
CVSS 3.7
EPSS 0.00
CVE-2022-24762
MEDIUM
sysend.js < 1.10.0 - Origin Validation Error
Mar 14, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0341
MEDIUM
vditor < 3.8.12 - Stored Cross-Site Scripting
Mar 14, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-24760
CRITICAL
Parse Server < 4.10.7 - Remote Code Execution via Prototype Pollution in DatabaseController.js
Mar 12, 2022
CVSS 10.0
EPSS 0.76
CVE-2022-25839
MEDIUM
url-js < 2.1.0 - Hostname Spoofing via Improper Input Validation
Mar 11, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-24433
HIGH
simple-git <3.3.0 - Command Injection
Mar 11, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-0868
MEDIUM
uri.js < 1.19.10 - Open Redirect
Mar 06, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-24725
MEDIUM
shescape 1.4.0-1.5.1 - Home Directory Exposure via Interpolation Option in Bash
Mar 03, 2022
CVSS 6.2
EPSS 0.00
Products
openclaw 393
parse-server 92
n8n 62
directus 53
electron 48
flowise 48
next 47
vm2 32
hono 25
nocodb 25
axios 24
undici 22
ghost 21
vite 19
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
nodebb 14
sequelize 14
tinymce 14
flowise-components 13
signalk-server 13
angular 12
dompurify 12
handlebars 12
jsrsasign 12
matrix-js-sdk 12
Quick Filters