npm

4,198 tracked vulnerabilities.

CVE-2022-39236 MEDIUM
Matrix Javascript SDK 17.1.0-19.7.0 - Improper Input Validation in Beacon Event Processing
Sep 28, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-31367 HIGH
Strapi <3.6.10, <4.1.10 - Info Disclosure
Sep 27, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-21169 HIGH
express-xss-sanitizer < 1.1.3 - Prototype Pollution via allowedTags Attribute
Sep 26, 2022
CVSS 7.3
EPSS 0.01
CVE-2022-23461 MEDIUM
Jodit Editor 3.0.0-3.20.4 - Cross-Site Scripting via Pasting Specially Constructed Input
Sep 24, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-39231 LOW
parse-server < 4.10.16 and 5.0.0-5.2.6 - Improper Authentication via Facebook/Spotify App ID Validation Bypass
Sep 23, 2022
CVSS 3.7
EPSS 0.00
CVE-2022-39230 MEDIUM
fhir-works-on-aws-authz-smart 3.1.1-3.1.2 - Exposure of Sensitive Information via Search-Type Requests
Sep 23, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-39225 MEDIUM
Parse Server <4.10.15 or >5.0.0-<5.2.6 - Privilege Escalation
Sep 23, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-23458 MEDIUM
Toast UI Grid < 4.21.3 - Cross-Site Scripting via Editable Cell Paste
Sep 22, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-37265 CRITICAL
stealjs steal 2.2.4 - Prototype Pollution via Alias Variable in babel.js
Sep 20, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37259 HIGH
stealjs steal 2.2.4 - Regular Expression Denial of Service via String Variable in babel.js
Sep 20, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-38545 CRITICAL
valine < 1.5.0 - Remote Code Execution via Crafted POST Request
Sep 19, 2022
CVSS 9.6
EPSS 0.33
CVE-2022-25873 MEDIUM
vuetify 2.0.0-beta.4-2.6.10 - Cross-Site Scripting in VCalendar eventName Function
Sep 18, 2022
CVSS 4.6
EPSS 0.01
CVE-2022-37258 CRITICAL
stealjs steal - Prototype Pollution via packageName Variable in npm-convert.js
Sep 16, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37260 HIGH
stealjs steal 2.2.4 - Regular Expression Denial of Service via Input Variable
Sep 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-37264 CRITICAL
stealjs steal 2.2.4 - Prototype Pollution via optionName Variable
Sep 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37262 HIGH
stealjs steal 2.2.4 - Regular Expression Denial of Service via source and sourceWithComments Variable
Sep 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-37266 CRITICAL
stealjs steal - Prototype Pollution via babel.js extend Function
Sep 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37257 CRITICAL
stealjs steal - Prototype Pollution via npm-convert.js requestedVersion Variable
Sep 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-3224 MEDIUM
GitHub ionicabizau/parse-url <8.1.0 - Info Disclosure
Sep 15, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-2900 CRITICAL
parse-url < 8.1.0 - Server-Side Request Forgery
Sep 14, 2022
CVSS 9.1
EPSS 0.01
CVE-2022-39203 HIGH
matrix-appservice-irc < 0.35.0 - Improper Privilege Management via Channel Combination
Sep 13, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-39202 MEDIUM
matrix-appservice-irc < 0.35.0 - Improper Privilege Management via IRC Mode Command Parsing
Sep 13, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-38639 MEDIUM
markdown-nice 1.8.22 - Stored Cross-Site Scripting via Community Posting Field
Sep 09, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-36084 CRITICAL
cruddl <2.7.0-3.0.2 - Code Injection
Sep 08, 2022
CVSS 9.9
EPSS 0.01
CVE-2022-36083 MEDIUM
jose < 1.28.2, < 3.20.4, < 4.9.2 - Uncontrolled Resource Consumption via PBES2 Count Parameter
Sep 07, 2022
CVSS 5.3
EPSS 0.01