npm
4,198 tracked vulnerabilities.
CVE-2022-25875
MEDIUM
svelte < 3.49.0 - Cross-Site Scripting via Custom toString Function in SSR
Jul 12, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-31129
HIGH
moment 2.18.0-2.29.3 - Denial of Service via RFC2822 Date Parsing
Jul 06, 2022
CVSS 7.5
EPSS 0.05
CVE-2022-31127
HIGH
next-auth < 3.29.8 and < 4.9.0 - Cross-Site Scripting via Email Sign-In Endpoint
Jul 06, 2022
CVSS 7.1
EPSS 0.01
CVE-2022-33171
CRITICAL
TypeORM < 0.3.0 - SQL Injection via FindOneOptions Parameter
Jul 04, 2022
CVSS 9.8
EPSS 0.20
CVE-2022-25900
HIGH
git-clone - Command Injection via --upload-pack Feature
Jul 01, 2022
CVSS 8.1
EPSS 0.03
CVE-2022-25898
HIGH
jsrsasign 4.8.0-10.5.24 - Improper Verification of Cryptographic Signature
Jul 01, 2022
CVSS 7.7
EPSS 0.01
CVE-2022-25896
MEDIUM
passport < 0.6.0 - Session Fixation via Session Regeneration
Jul 01, 2022
CVSS 4.8
EPSS 0.01
CVE-2022-25876
MEDIUM
link-preview-js < 2.1.16 - Server-Side Request Forgery via DNS Rebinding Bypass
Jul 01, 2022
CVSS 6.2
EPSS 0.00
CVE-2022-25758
MEDIUM
scss-tokenizer < 0.4.3 - Denial of Service via Insecure Regular Expression in loadAnnotation
Jul 01, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-31112
HIGH
parse-server < 4.10.13 - Information Exposure via LiveQuery Protected Fields
Jun 30, 2022
CVSS 8.2
EPSS 0.01
CVE-2022-31110
MEDIUM
RSSHub < 2022-06-21 - Denial of Service via Inefficient Regular Expression in Filter Parameters
Jun 29, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-31108
MEDIUM
mermaid 8.0.0-9.1.2 - CSS Injection via Crafted CSS Selectors
Jun 28, 2022
CVSS 4.1
EPSS 0.01
CVE-2022-0624
HIGH
GitHub ionicabizau/parse-path <5.0.0 - Auth Bypass
Jun 28, 2022
CVSS 7.3
EPSS 0.01
CVE-2022-31103
HIGH
lettersanitizer < 1.0.2 - Denial of Service via CSS @keyframes Processing
Jun 27, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-31093
HIGH
next-auth < 3.29.5 - Denial of Service via Malformed Callback URL
Jun 27, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31089
HIGH
Parse Server <4.10.12, <5.2.3 - DoS
Jun 27, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-2218
MEDIUM
parse-url < 7.0.0 - Stored Cross-Site Scripting
Jun 27, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-2216
CRITICAL
parse-url < 7.0.0 - Server-Side Request Forgery
Jun 27, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-2217
MEDIUM
parse-url < 7.0.0 - Cross-Site Scripting
Jun 27, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-0722
HIGH
ionicabizau/parse-url <7.0.0 - Info Disclosure
Jun 27, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-21231
HIGH
deep-get-set - Prototype Pollution via 'deep' Function
Jun 24, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-23080
MEDIUM
Directus 9.0.0-beta.2-9.6.0 - Server-Side Request Forgery via Media Upload Functionality
Jun 22, 2022
CVSS 5.0
EPSS 0.01
CVE-2022-33987
MEDIUM
got < 12.1.0 and 11.8.5 - Server-Side Request Forgery via UNIX Socket Redirect
Jun 18, 2022
CVSS 5.3
EPSS 0.02
CVE-2022-25872
MEDIUM
fast-string-search - Out-of-bounds Read via Incorrect Memory Handling
Jun 17, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-25871
MEDIUM
querymen - Prototype Pollution via Unsanitized Handler Function Parameters
Jun 17, 2022
CVSS 5.9
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters