npm

4,198 tracked vulnerabilities.

CVE-2022-36079 HIGH
Parse Server <4.10.14-5.2.5 - Info Disclosure
Sep 07, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-35513 HIGH
Blink1Control2 <= 2.2.7 - Weak Password Encryption
Sep 07, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-36067 CRITICAL
vm2 <3.9.11 - Remote Code Execution
Sep 06, 2022
CVSS 10.0
EPSS 0.48
CVE-2022-36076 HIGH
NodeBB Forum Software - Info Disclosure
Sep 02, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-36046 MEDIUM
Next.js <12.2.3 - Unhandled Rejection
Aug 31, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-36045 CRITICAL
NodeBB Forum Software - Info Disclosure
Aug 31, 2022
CVSS 9.0
EPSS 0.01
CVE-2022-25887 MEDIUM
sanitize-html < 2.7.1 - Regular Expression Denial of Service via HTML Comment Removal
Aug 30, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-25646 MEDIUM
x-data-spreadsheet - Stored Cross-Site Scripting via Cell Value Injection
Aug 30, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-36036 LOW
mdx-mermaid <1.3.0, <2.0.0-rc1 - Code Injection
Aug 29, 2022
CVSS 3.6
EPSS 0.00
CVE-2022-36034 HIGH
nitrado.js < 0.2.5 - Inefficient Regular Expression Complexity via Malicious Input
Aug 29, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25921 HIGH
morgan-json - Arbitrary Code Execution via Function Constructor Input
Aug 29, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-21165 CRITICAL
font-converter - OS Command Injection via Unsanitized Input to child_process.exec()
Aug 29, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-24375 HIGH
node-opcua < 2.74.0 - Denial of Service via Multiple CloseSession Requests
Aug 24, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-25231 HIGH
node-opcua < 2.74.0 - Denial of Service via Crafted OPC UA Message
Aug 23, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-21208 HIGH
node-opcua < 2.74.0 - Denial of Service via Unlimited Chunk Reception
Aug 23, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-2932 MEDIUM
mobiledoc-kit < 0.14.2 - Reflected Cross-Site Scripting
Aug 22, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-36031 MEDIUM
Directus < 9.15.0 - Authenticated Denial of Service via filename_disk Field Manipulation
Aug 19, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-35204 MEDIUM
vitejs/vite < 2.9.13 - Path Traversal via Crafted URL
Aug 18, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-36010 CRITICAL
react-editable-json-tree < 2.2.2 - Remote Code Execution via JsonFunctionValue Eval Injection
Aug 15, 2022
CVSS 10.0
EPSS 0.01
CVE-2022-35948 MEDIUM
undici < 5.8.1 - CRLF Injection via Content-Type Header
Aug 15, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-35949 MEDIUM
undici <5.8.2 - Server-Side Request Forgery via pathname URL Confusion
Aug 12, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-35942 CRITICAL
loopback-connector-postgresql < 5.5.1 - SQL Injection via 'contains' LoopBack Filter
Aug 12, 2022
CVSS 9.3
EPSS 0.01
CVE-2022-25973 HIGH
mc-kill-port - Arbitrary Command Execution via Port Argument Injection
Aug 10, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-25907 HIGH
typescript_deep_merge < 2.0.2 - Prototype Pollution via Merge Function
Aug 09, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-35144 MEDIUM
Raneto < 0.17.1 - Stored Cross-Site Scripting
Aug 04, 2022
CVSS 4.8
EPSS 0.01