npm

3,969 tracked vulnerabilities.

CVE-2021-4299 MEDIUM
cronvel string-kit <0.12.8 - Info Disclosure
Jan 02, 2023
CVSS 4.3
EPSS 0.00
CVE-2021-35065 HIGH
glob-parent 6.0.0 - Regular Expression Denial of Service via Enclosure Regex
Dec 26, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-4279 MEDIUM
Starcounter-Jack JSON-Patch <3.1.0 - Prototype Pollution
Dec 25, 2022
CVSS 6.3
EPSS 0.00
CVE-2021-4278 MEDIUM
cronvel tree-kit <0.7.0 - Prototype Pollution
Dec 25, 2022
CVSS 5.5
EPSS 0.00
CVE-2021-4264 MEDIUM
LinkedIn dustjs <3.0.0 - Prototype Pollution
Dec 21, 2022
CVSS 6.3
EPSS 0.01
CVE-2021-4260 MEDIUM
oils-js < 2021-03-23 - Open Redirect in Web.js
Dec 19, 2022
CVSS 6.3
EPSS 0.00
CVE-2021-4245 MEDIUM
chbrown rfc6902 - Prototype Pollution
Dec 15, 2022
CVSS 5.5
EPSS 0.01
CVE-2021-33420 CRITICAL
inikulin replicator <1.0.4 - Code Injection
Dec 15, 2022
CVSS 9.8
EPSS 0.02
CVE-2021-43309 MEDIUM
uri-template-lite < 22.9.0 - Regular Expression Denial of Service via URI.expand Method
Aug 24, 2022
CVSS 5.9
EPSS 0.00
CVE-2021-23451 MEDIUM
otp-generator <3.0.0 - Info Disclosure
Jul 25, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-23373 HIGH
set-deep-prop - Prototype Pollution via Main Functionality
Jul 25, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-40663 CRITICAL
deep.assign 0.0.0-alpha.0 - Prototype Pollution
Jun 30, 2022
CVSS 9.8
EPSS 0.01
CVE-2021-33295 MEDIUM
Joplin < 1.8.5 - Stored Cross-Site Scripting via Improper HTML Sanitization
Jun 16, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-43308 MEDIUM
markdown-link-extractor < 3.0.2 - Regular Expression Denial of Service via Exponential ReDoS
Jun 02, 2022
CVSS 5.9
EPSS 0.00
CVE-2021-43307 MEDIUM
semver-regex < 3.1.4 - Regular Expression Denial of Service via test() Method
Jun 02, 2022
CVSS 5.9
EPSS 0.01
CVE-2021-43306 MEDIUM
jquery-validation < 1.19.4 - Regular Expression Denial of Service via url2 Method
Jun 02, 2022
CVSS 5.9
EPSS 0.01
CVE-2021-34084 CRITICAL
s3-uploader < 2.0.3 - OS Command Injection via Metadata Function
Jun 02, 2022
CVSS 9.8
EPSS 0.15
CVE-2021-34083 HIGH
google-it < 1.6.2 - Remote Code Execution via Open in Browser Option
Jun 02, 2022
CVSS 8.1
EPSS 0.01
CVE-2021-34082 CRITICAL
proctree < 0.1.1 - OS Command Injection via fix Function
Jun 02, 2022
CVSS 9.8
EPSS 0.13
CVE-2021-34081 HIGH
gitsome < 0.2.3 - OS Command Injection via Crafted Git Tag Name
Jun 02, 2022
CVSS 8.8
EPSS 0.06
CVE-2021-34080 CRITICAL
ssl-utils < 1.0.0 - OS Command Injection via createCertRequest() and createCert() Functions
Jun 02, 2022
CVSS 9.8
EPSS 0.15
CVE-2021-34079 CRITICAL
docker-tester < 1.2.1 - OS Command Injection via docker-compose.yml Ports Entry
Jun 02, 2022
CVSS 9.8
EPSS 0.10
CVE-2021-34078 HIGH
lifion-verify-dependencies < 1.2.0 - OS Command Injection via Crafted Dependency Name
Jun 02, 2022
CVSS 8.8
EPSS 0.03
CVE-2021-4229 MEDIUM
ua-parser-js 0.7.29 0.8.0 1.0.0 - Backdoor via Crypto Mining Component
May 24, 2022
CVSS 5.0
EPSS 0.01
CVE-2021-42648 MEDIUM
Coder code-server < 3.12.0 - Cross-Site Scripting via Crafted URL
May 11, 2022
CVSS 6.1
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV