npm

3,969 tracked vulnerabilities.

CVE-2022-24723 MEDIUM
URI.js <1.19.9 - URL Parsing Confusion via Leading Whitespace
Mar 03, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-0841 CRITICAL
npm-lockfile 2.0.3-2.0.4 - OS Command Injection
Mar 03, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-24719 LOW
Fluture-Node 4.0.0/1 - Info Disclosure
Mar 01, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-0776 MEDIUM NUCLEI
GitHub hakimel/reveal.js <4.3.0 - XSS
Mar 01, 2022
CVSS 6.1
EPSS 0.10
CVE-2022-0764 MEDIUM
strapi/strapi <4.1.0 - Command Injection
Feb 26, 2022
CVSS 6.7
EPSS 0.00
CVE-2022-0654 HIGH
GitHub fgribreau/node-request-retry <7.0.0 - Info Disclosure
Feb 23, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-0691 CRITICAL
url-parse < 1.5.9 - Authorization Bypass Through User-Controlled Key
Feb 21, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-0686 CRITICAL
url-parse < 1.5.8 - Authorization Bypass Through User-Controlled Key
Feb 20, 2022
CVSS 9.1
EPSS 0.00
CVE-2022-23647 HIGH
Prism 1.14.0-1.26.0 - Cross-Site Scripting via Command Line Plugin
Feb 18, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-23646 MEDIUM
Next.js 10.0.0-12.0.9 - User Interface Misrepresentation via SVG Image Host Configuration
Feb 17, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-22912 CRITICAL
plist < 3.0.4 - Prototype Pollution via .parse()
Feb 17, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-0639 MEDIUM
url-parse < 1.5.7 - Authorization Bypass Through User-Controlled Key
Feb 17, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-0613 MEDIUM
uri.js < 1.19.8 - Authorization Bypass Through User-Controlled Key
Feb 16, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-0512 MEDIUM
url-parse < 1.5.6 - Authorization Bypass Through User-Controlled Key
Feb 14, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-23631 CRITICAL
blitzjs superjson < 1.8.1 - Unauthenticated Remote Code Execution via Prototype Pollution
Feb 09, 2022
CVSS 9.0
EPSS 0.00
CVE-2022-0536 LOW
NPM follow-redirects <1.14.8 - Info Disclosure
Feb 09, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-23340 CRITICAL
Joplin 2.6.10 - Remote Code Execution via User Search Results
Feb 08, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-23624 HIGH
frourio-express < 0.26.0 - Improper Input Validation via Class-Validator Integration
Feb 07, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-23623 HIGH
frourio < 0.26.0 - Improper Input Validation in class-validator Integration
Feb 07, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-0437 MEDIUM NUCLEI
karma < 6.3.14 - DOM-based Cross-Site Scripting
Feb 05, 2022
CVSS 6.1
EPSS 0.25
CVE-2022-0401 CRITICAL
w-zip < 1.0.12 - Path Traversal
Feb 01, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-21721 MEDIUM
Next.js 12.0.0-12.0.8 - Denial of Service via i18n Functionality
Jan 28, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-0355 HIGH
NPM simple-get <4.0.1 - Info Disclosure
Jan 26, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-21704 MEDIUM
log4js < 6.4.0 - Incorrect Default Permissions in Log File Creation
Jan 19, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-0235 MEDIUM
node-fetch < 2.6.7 and >=3.0.0 <3.1.1 - Open Redirect via URL Validation Bypass
Jan 16, 2022
CVSS 6.1
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV