npm
4,198 tracked vulnerabilities.
CVE-2022-39236
MEDIUM
Matrix Javascript SDK 17.1.0-19.7.0 - Improper Input Validation in Beacon Event Processing
Sep 28, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-31367
HIGH
Strapi <3.6.10, <4.1.10 - Info Disclosure
Sep 27, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-21169
HIGH
express-xss-sanitizer < 1.1.3 - Prototype Pollution via allowedTags Attribute
Sep 26, 2022
CVSS 7.3
EPSS 0.01
CVE-2022-23461
MEDIUM
Jodit Editor 3.0.0-3.20.4 - Cross-Site Scripting via Pasting Specially Constructed Input
Sep 24, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-39231
LOW
parse-server < 4.10.16 and 5.0.0-5.2.6 - Improper Authentication via Facebook/Spotify App ID Validation Bypass
Sep 23, 2022
CVSS 3.7
EPSS 0.00
CVE-2022-39230
MEDIUM
fhir-works-on-aws-authz-smart 3.1.1-3.1.2 - Exposure of Sensitive Information via Search-Type Requests
Sep 23, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-39225
MEDIUM
Parse Server <4.10.15 or >5.0.0-<5.2.6 - Privilege Escalation
Sep 23, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-23458
MEDIUM
Toast UI Grid < 4.21.3 - Cross-Site Scripting via Editable Cell Paste
Sep 22, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-37265
CRITICAL
stealjs steal 2.2.4 - Prototype Pollution via Alias Variable in babel.js
Sep 20, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37259
HIGH
stealjs steal 2.2.4 - Regular Expression Denial of Service via String Variable in babel.js
Sep 20, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-38545
CRITICAL
valine < 1.5.0 - Remote Code Execution via Crafted POST Request
Sep 19, 2022
CVSS 9.6
EPSS 0.33
CVE-2022-25873
MEDIUM
vuetify 2.0.0-beta.4-2.6.10 - Cross-Site Scripting in VCalendar eventName Function
Sep 18, 2022
CVSS 4.6
EPSS 0.01
CVE-2022-37258
CRITICAL
stealjs steal - Prototype Pollution via packageName Variable in npm-convert.js
Sep 16, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37260
HIGH
stealjs steal 2.2.4 - Regular Expression Denial of Service via Input Variable
Sep 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-37264
CRITICAL
stealjs steal 2.2.4 - Prototype Pollution via optionName Variable
Sep 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37262
HIGH
stealjs steal 2.2.4 - Regular Expression Denial of Service via source and sourceWithComments Variable
Sep 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-37266
CRITICAL
stealjs steal - Prototype Pollution via babel.js extend Function
Sep 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37257
CRITICAL
stealjs steal - Prototype Pollution via npm-convert.js requestedVersion Variable
Sep 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-3224
MEDIUM
GitHub ionicabizau/parse-url <8.1.0 - Info Disclosure
Sep 15, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-2900
CRITICAL
parse-url < 8.1.0 - Server-Side Request Forgery
Sep 14, 2022
CVSS 9.1
EPSS 0.01
CVE-2022-39203
HIGH
matrix-appservice-irc < 0.35.0 - Improper Privilege Management via Channel Combination
Sep 13, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-39202
MEDIUM
matrix-appservice-irc < 0.35.0 - Improper Privilege Management via IRC Mode Command Parsing
Sep 13, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-38639
MEDIUM
markdown-nice 1.8.22 - Stored Cross-Site Scripting via Community Posting Field
Sep 09, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-36084
CRITICAL
cruddl <2.7.0-3.0.2 - Code Injection
Sep 08, 2022
CVSS 9.9
EPSS 0.01
CVE-2022-36083
MEDIUM
jose < 1.28.2, < 3.20.4, < 4.9.2 - Uncontrolled Resource Consumption via PBES2 Count Parameter
Sep 07, 2022
CVSS 5.3
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters