npm

4,198 tracked vulnerabilities.

CVE-2022-35143 CRITICAL
Raneto < 0.17.1 - Weak Password Requirements
Aug 04, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-35142 HIGH
Raneto < 0.17.1 - Denial of Service via Search Parameter
Aug 04, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-35923 HIGH
v8n <1.5.1 - Denial of Service
Aug 02, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-35924 CRITICAL
NextAuth.js <4.10.3, 3.29.10 - Info Disclosure
Aug 02, 2022
CVSS 9.1
EPSS 0.01
CVE-2022-35915 MEDIUM
OpenZeppelin Contracts <4.7.2 - Info Disclosure
Aug 01, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31186 LOW
NextAuth.js <4.10.2, <3.29.9 - Info Disclosure
Aug 01, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-31180 CRITICAL
shescape 1.4.0-1.5.7 - Command Injection via Interpolation Option
Aug 01, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-31179 HIGH
shescape < 1.5.8 - Command Injection via Line Feed Character
Aug 01, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-2596 MEDIUM
GitHub node-fetch <3.2.10 - Info Disclosure
Aug 01, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-2564 CRITICAL
automattic/mongoose <6.4.6 - Info Disclosure
Jul 28, 2022
CVSS 9.8
EPSS 0.33
CVE-2022-35131 CRITICAL
Joplin < 2.9.1 - Stored Cross-Site Scripting via Node Title Injection
Jul 25, 2022
CVSS 9.0
EPSS 0.02
CVE-2022-21802 MEDIUM
grapesjs < 0.19.5 - Cross-Site Scripting in Selector Manager
Jul 25, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-25759 CRITICAL
convert-svg-core < 0.6.2 - Remote Code Injection via Malicious SVG File
Jul 22, 2022
CVSS 9.9
EPSS 0.09
CVE-2022-36313 MEDIUM
File-type <16.5.4, 17.x <17.1.3 - DoS
Jul 21, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-31151 LOW
undici < 5.7.1 - Cookie Header Leakage on Cross-Origin Redirect
Jul 21, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-31160 MEDIUM
jQuery UI < 1.13.2 - Cross-Site Scripting via Checkboxradio Widget Refresh
Jul 20, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-31150 MEDIUM
undici < 5.8.0 - CRLF Injection in HTTP Headers
Jul 19, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-36127 HIGH
Apache SkyWalking NodeJS Agent <0.5.1 - DoS
Jul 18, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25869 MEDIUM
angularjs - Cross-Site Scripting via Textarea Interpolation
Jul 15, 2022
CVSS 4.2
EPSS 0.07
CVE-2022-25858 MEDIUM
terser < 4.8.1 and 5.0.0-5.14.2 - Regular Expression Denial of Service
Jul 15, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-31147 HIGH
jQuery Validation Plugin <1.19.5 - DoS
Jul 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31142 HIGH
@fastify/bearer-auth <7.0.2-8.0.1 - Info Disclosure
Jul 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-32214 MEDIUM
llhttp < 2.1.5 - HTTP Request Smuggling via CRLF Sequence Mismanagement
Jul 14, 2022
CVSS 6.5
EPSS 0.81
CVE-2022-32213 MEDIUM
llhttp < 2.1.5 - HTTP Request Smuggling via Transfer-Encoding Header
Jul 14, 2022
CVSS 6.5
EPSS 0.42
CVE-2022-32210 MEDIUM
Undici 4.8.2-5.5.0 - Improper Certificate Validation in ProxyAgent
Jul 14, 2022
CVSS 6.5
EPSS 0.00