npm

3,969 tracked vulnerabilities.

CVE-2022-21681 HIGH
marked < 4.0.10 - Denial of Service via Catastrophic Backtracking in ReflinkSearch Regex
Jan 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-21680 HIGH
marked < 4.0.10 - Regular Expression Denial of Service via Catastrophic Backtracking
Jan 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-21676 HIGH
Engine.IO 4.0.0-4.1.1, 5.0.0-5.2.0, 6.0.0-6.1.0 - Denial of Service via Crafted HTTP Request
Jan 12, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-0144 HIGH
shelljs < 0.8.5 - Improper Privilege Management
Jan 11, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-21670 MEDIUM
markdown-it <1.3.2 - Info Disclosure
Jan 10, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-0155 MEDIUM
follow-redirects < 1.14.7 - Exposure of Private Personal Information to an Unauthorized Actor
Jan 10, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-0122 MEDIUM
forge < 1.0.0 - URL Redirection to Untrusted Site
Jan 06, 2022
CVSS 6.1
EPSS 0.00
CVE-2021-4435 HIGH
Yarn < 1.22.13 - Untrusted Search Path Execution via Directory Content
Feb 04, 2024
CVSS 7.7
EPSS 0.00
CVE-2021-32050 MEDIUM
MongoDB Drivers - Sensitive Information Exposure via Command Listener Event Publication
Aug 29, 2023
CVSS 4.2
EPSS 0.00
CVE-2021-29057 MEDIUM
node-worker-threads-pool 1.4.3 - Denial of Service via StaticPool Resource Consumption
Aug 11, 2023
CVSS 6.5
EPSS 0.00
CVE-2021-27524 MEDIUM
margox braft-editor 2.3.8 - Cross-Site Scripting via Embed Media Feature
Aug 11, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-26505 CRITICAL
hello.js 1.18.6 - Prototype Pollution via hello.utils.extend
Aug 11, 2023
CVSS 9.8
EPSS 0.02
CVE-2021-4329 MEDIUM
json-logic-js 2.0.0 - Command Injection
Mar 05, 2023
CVSS 5.5
EPSS 0.10
CVE-2021-32860 MEDIUM
izimodal < 1.6.1 - Cross-Site Scripting via Untrusted Modal Title
Feb 21, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-32859 MEDIUM
baremetrics/date_range_picker < 1.0.14 - Cross-Site Scripting via Placeholder Parameter
Feb 21, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-32855 MEDIUM
Vditor < 3.8.7 - Cross-Site Scripting via Copy-Paste
Feb 21, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-32854 MEDIUM
textangular < 1.5.16 - Cross-Site Scripting via Copy-Paste
Feb 21, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-32853 MEDIUM NUCLEI
erxes < 0.22.3 - Cross-Site Scripting via Widget Renderer
Feb 20, 2023
CVSS 6.1
EPSS 0.85
CVE-2021-32851 MEDIUM
mind-elixir < 0.18.1 - Cross-Site Scripting via Untrusted Menu Handling
Feb 20, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-36686 MEDIUM
yapi 1.9.1 - Stored Cross-Site Scripting via Interface API Edit Page
Jan 26, 2023
CVSS 5.4
EPSS 0.00
CVE-2021-46871 MEDIUM
Phoenix Phoenix.HTML < 3.0.4 - Cross-Site Scripting in HEEx Class Attributes
Jan 10, 2023
CVSS 6.1
EPSS 0.00
CVE-2021-4307 MEDIUM
Yomguithereal Baobab <2.6.0 - Prototype Pollution
Jan 07, 2023
CVSS 6.3
EPSS 0.01
CVE-2021-4306 LOW
cronvel terminal-kit <2.1.8 - Info Disclosure
Jan 07, 2023
CVSS 3.5
EPSS 0.00
CVE-2021-4305 LOW
Woorank robots-txt-guard - Info Disclosure
Jan 05, 2023
CVSS 3.5
EPSS 0.00
CVE-2021-32821 MEDIUM
MooTools < 1.6.0 - Regular Expression Denial of Service via CSS Selector Parser
Jan 03, 2023
CVSS 6.2
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV