npm
4,198 tracked vulnerabilities.
CVE-2022-35143
CRITICAL
Raneto < 0.17.1 - Weak Password Requirements
Aug 04, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-35142
HIGH
Raneto < 0.17.1 - Denial of Service via Search Parameter
Aug 04, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-35923
HIGH
v8n <1.5.1 - Denial of Service
Aug 02, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-35924
CRITICAL
NextAuth.js <4.10.3, 3.29.10 - Info Disclosure
Aug 02, 2022
CVSS 9.1
EPSS 0.01
CVE-2022-35915
MEDIUM
OpenZeppelin Contracts <4.7.2 - Info Disclosure
Aug 01, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-31186
LOW
NextAuth.js <4.10.2, <3.29.9 - Info Disclosure
Aug 01, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-31180
CRITICAL
shescape 1.4.0-1.5.7 - Command Injection via Interpolation Option
Aug 01, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-31179
HIGH
shescape < 1.5.8 - Command Injection via Line Feed Character
Aug 01, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-2596
MEDIUM
GitHub node-fetch <3.2.10 - Info Disclosure
Aug 01, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-2564
CRITICAL
automattic/mongoose <6.4.6 - Info Disclosure
Jul 28, 2022
CVSS 9.8
EPSS 0.33
CVE-2022-35131
CRITICAL
Joplin < 2.9.1 - Stored Cross-Site Scripting via Node Title Injection
Jul 25, 2022
CVSS 9.0
EPSS 0.02
CVE-2022-21802
MEDIUM
grapesjs < 0.19.5 - Cross-Site Scripting in Selector Manager
Jul 25, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-25759
CRITICAL
convert-svg-core < 0.6.2 - Remote Code Injection via Malicious SVG File
Jul 22, 2022
CVSS 9.9
EPSS 0.09
CVE-2022-36313
MEDIUM
File-type <16.5.4, 17.x <17.1.3 - DoS
Jul 21, 2022
CVSS 5.5
EPSS 0.00
CVE-2022-31151
LOW
undici < 5.7.1 - Cookie Header Leakage on Cross-Origin Redirect
Jul 21, 2022
CVSS 3.7
EPSS 0.01
CVE-2022-31160
MEDIUM
jQuery UI < 1.13.2 - Cross-Site Scripting via Checkboxradio Widget Refresh
Jul 20, 2022
CVSS 6.1
EPSS 0.02
CVE-2022-31150
MEDIUM
undici < 5.8.0 - CRLF Injection in HTTP Headers
Jul 19, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-36127
HIGH
Apache SkyWalking NodeJS Agent <0.5.1 - DoS
Jul 18, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-25869
MEDIUM
angularjs - Cross-Site Scripting via Textarea Interpolation
Jul 15, 2022
CVSS 4.2
EPSS 0.07
CVE-2022-25858
MEDIUM
terser < 4.8.1 and 5.0.0-5.14.2 - Regular Expression Denial of Service
Jul 15, 2022
CVSS 5.3
EPSS 0.03
CVE-2022-31147
HIGH
jQuery Validation Plugin <1.19.5 - DoS
Jul 14, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31142
HIGH
@fastify/bearer-auth <7.0.2-8.0.1 - Info Disclosure
Jul 14, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-32214
MEDIUM
llhttp < 2.1.5 - HTTP Request Smuggling via CRLF Sequence Mismanagement
Jul 14, 2022
CVSS 6.5
EPSS 0.81
CVE-2022-32213
MEDIUM
llhttp < 2.1.5 - HTTP Request Smuggling via Transfer-Encoding Header
Jul 14, 2022
CVSS 6.5
EPSS 0.42
CVE-2022-32210
MEDIUM
Undici 4.8.2-5.5.0 - Improper Certificate Validation in ProxyAgent
Jul 14, 2022
CVSS 6.5
EPSS 0.00
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters