npm

4,198 tracked vulnerabilities.

CVE-2022-41709 HIGH
markdownify 1.4.1 - Remote Code Execution via Malicious Markdown File
Oct 19, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-3517 HIGH
minimatch < 3.0.5 - Denial of Service via braceExpand Function
Oct 17, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-37603 HIGH
webpack.js loader-utils < 1.4.2 - Regular Expression Denial of Service in interpolateName Function
Oct 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-37602 CRITICAL
grunt-karma 4.0.1 - Prototype Pollution via Key Variable
Oct 14, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-39300 HIGH
node-saml < 4.0.0 - Improper Verification of Cryptographic Signature
Oct 13, 2022
CVSS 7.7
EPSS 0.01
CVE-2022-39299 HIGH
passport-saml < 3.2.2 - Authentication Bypass via SAML Signature Verification Flaw
Oct 12, 2022
CVSS 7.4
EPSS 0.03
CVE-2022-37601 CRITICAL
webpack.js loader-utils <1.4.1 and >=2.0.0 <2.0.3 - Prototype Pollution via parseQuery Function
Oct 12, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-37614 CRITICAL
mockery - Prototype Pollution via Key Variable in enable Function
Oct 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37611 CRITICAL
gh-pages < 5.0.0 - Prototype Pollution via Partial Variable in util.js
Oct 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-40440 MEDIUM
mxGraph v4.2.2 - Cross-Site Scripting via setTooltips() Function
Oct 12, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-37617 CRITICAL
browserify-shim < 3.8.16 - Prototype Pollution via resolveShims Function
Oct 11, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37599 HIGH
webpack.js loader-utils 1.0.0-1.4.1 - Regular Expression Denial of Service in interpolateName Function
Oct 11, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-41376 MEDIUM
Metro UI 4.4.0-4.5.0 - Reflected Cross-Site Scripting via JavaScript Function
Oct 11, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-37616 CRITICAL
xmldom < 0.8.3 - Prototype Pollution via p Variable in copy Function
Oct 11, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-39288 HIGH
fastify < 4.8.1 - Denial of Service via Malicious Content-Type Header
Oct 10, 2022
CVSS 7.5
EPSS 0.59
CVE-2022-39287 HIGH
tiny-csrf < 1.1.0 - Cleartext Transmission of Sensitive Information
Oct 07, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-3423 HIGH
nocodb < 0.92.0 - Denial of Service via Resource Exhaustion
Oct 07, 2022
CVSS 7.3
EPSS 0.02
CVE-2022-40764 HIGH
Snyk CLI < 1.996.0 - OS Command Injection via vendor.json ignore field
Oct 03, 2022
CVSS 7.8
EPSS 0.01
CVE-2022-40277 HIGH
Joplin 2.8.8 - Remote Code Execution via Malicious Markdown Link Schema
Sep 30, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-24373 MEDIUM
react-native-reanimated <3.0.0-rc.1 - ReDoS
Sep 30, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-21222 MEDIUM
css-what < 2.1.3 - Regular Expression Denial of Service via Insecure Regular Expression in parse Function
Sep 30, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-39266 CRITICAL
isolated-vm < 4.3.6 - Sandbox Bypass via Untrusted CachedData
Sep 29, 2022
CVSS 9.6
EPSS 0.01
CVE-2022-39250 HIGH
Matrix JavaScript SDK <19.7.0 - XSS
Sep 29, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-39251 HIGH
Matrix Client-Server SDK <19.7.0 - Open Redirect
Sep 28, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-39249 HIGH
Matrix Client-Server SDK <19.7.0 - Info Disclosure
Sep 28, 2022
CVSS 7.5
EPSS 0.01