npm
4,198 tracked vulnerabilities.
CVE-2022-41709
HIGH
markdownify 1.4.1 - Remote Code Execution via Malicious Markdown File
Oct 19, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-3517
HIGH
minimatch < 3.0.5 - Denial of Service via braceExpand Function
Oct 17, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-37603
HIGH
webpack.js loader-utils < 1.4.2 - Regular Expression Denial of Service in interpolateName Function
Oct 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-37602
CRITICAL
grunt-karma 4.0.1 - Prototype Pollution via Key Variable
Oct 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-39300
HIGH
node-saml < 4.0.0 - Improper Verification of Cryptographic Signature
Oct 13, 2022
CVSS 7.7
EPSS 0.01
CVE-2022-39299
HIGH
passport-saml < 3.2.2 - Authentication Bypass via SAML Signature Verification Flaw
Oct 12, 2022
CVSS 7.4
EPSS 0.03
CVE-2022-37601
CRITICAL
webpack.js loader-utils <1.4.1 and >=2.0.0 <2.0.3 - Prototype Pollution via parseQuery Function
Oct 12, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-37614
CRITICAL
mockery - Prototype Pollution via Key Variable in enable Function
Oct 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37611
CRITICAL
gh-pages < 5.0.0 - Prototype Pollution via Partial Variable in util.js
Oct 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-40440
MEDIUM
mxGraph v4.2.2 - Cross-Site Scripting via setTooltips() Function
Oct 12, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-37617
CRITICAL
browserify-shim < 3.8.16 - Prototype Pollution via resolveShims Function
Oct 11, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37599
HIGH
webpack.js loader-utils 1.0.0-1.4.1 - Regular Expression Denial of Service in interpolateName Function
Oct 11, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-41376
MEDIUM
Metro UI 4.4.0-4.5.0 - Reflected Cross-Site Scripting via JavaScript Function
Oct 11, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-37616
CRITICAL
xmldom < 0.8.3 - Prototype Pollution via p Variable in copy Function
Oct 11, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-39288
HIGH
fastify < 4.8.1 - Denial of Service via Malicious Content-Type Header
Oct 10, 2022
CVSS 7.5
EPSS 0.59
CVE-2022-39287
HIGH
tiny-csrf < 1.1.0 - Cleartext Transmission of Sensitive Information
Oct 07, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-3423
HIGH
nocodb < 0.92.0 - Denial of Service via Resource Exhaustion
Oct 07, 2022
CVSS 7.3
EPSS 0.02
CVE-2022-40764
HIGH
Snyk CLI < 1.996.0 - OS Command Injection via vendor.json ignore field
Oct 03, 2022
CVSS 7.8
EPSS 0.01
CVE-2022-40277
HIGH
Joplin 2.8.8 - Remote Code Execution via Malicious Markdown Link Schema
Sep 30, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-24373
MEDIUM
react-native-reanimated <3.0.0-rc.1 - ReDoS
Sep 30, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-21222
MEDIUM
css-what < 2.1.3 - Regular Expression Denial of Service via Insecure Regular Expression in parse Function
Sep 30, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-39266
CRITICAL
isolated-vm < 4.3.6 - Sandbox Bypass via Untrusted CachedData
Sep 29, 2022
CVSS 9.6
EPSS 0.01
CVE-2022-39250
HIGH
Matrix JavaScript SDK <19.7.0 - XSS
Sep 29, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-39251
HIGH
Matrix Client-Server SDK <19.7.0 - Open Redirect
Sep 28, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-39249
HIGH
Matrix Client-Server SDK <19.7.0 - Info Disclosure
Sep 28, 2022
CVSS 7.5
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters