npm
4,198 tracked vulnerabilities.
CVE-2022-25852
HIGH
libpq and pg-native - Denial of Service via Incorrect Type Conversion
Jun 17, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-22138
HIGH
fast-string-search - Denial of Service via Incorrect Calculation for Non-String Inputs
Jun 17, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-21213
HIGH
mout < 1.2.4 - Prototype Pollution via deepFillIn and deepMixIn Functions
Jun 17, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31083
HIGH
Parse Server <4.10.11, <5.2.2 - Auth Bypass
Jun 17, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-2079
MEDIUM
nocodb < 0.91.7 - Stored Cross-Site Scripting
Jun 14, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-29257
MEDIUM
Electron <18.0.0-beta.6, 17.2.0, 16.2.6, 15.5.5 - Code Injection
Jun 13, 2022
CVSS 6.6
EPSS 0.01
CVE-2022-29247
LOW
Electron <18.0.0-beta.6,17.2.0,16.2.6,15.5.5 - Privilege Escalation
Jun 13, 2022
CVSS 2.2
EPSS 0.01
CVE-2022-29244
HIGH
npm <7.9.0-7.13.0 - Info Disclosure
Jun 13, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-2064
HIGH
nocodb < 0.91.7 - Insufficient Session Expiration
Jun 13, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-2063
HIGH
nocodb < 0.91.7 - Improper Privilege Management
Jun 13, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-2062
HIGH
nocodb < 0.91.7 - Sensitive Information Exposure via Error Message
Jun 13, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-29894
MEDIUM
Strapi v3.x.x - Stored Cross-Site Scripting in File Upload Function
Jun 13, 2022
CVSS 4.8
EPSS 0.01
CVE-2022-25863
HIGH
gatsby-plugin-mdx < 2.14.1, 3.0.0-3.15.2 - Deserialization of Untrusted Data via gray-matter Input
Jun 10, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-25851
HIGH
jpeg-js < 0.4.4 - Denial of Service via Infinite Loop
Jun 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-24429
HIGH
convert-svg-core <0.6.3 - Code Injection
Jun 10, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-24376
HIGH
git-promise - Command Injection via Inappropriate Fix
Jun 10, 2022
CVSS 7.2
EPSS 0.03
CVE-2022-24278
HIGH
convert-svg-core <0.6.4 - Path Traversal
Jun 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-21211
MEDIUM
posix - Denial of Service via toString Method Invocation
Jun 10, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-31051
MEDIUM
semantic-release 17.0.4-19.0.3 - Exposure of Sensitive Information via URI Encoding Bypass
Jun 09, 2022
CVSS 4.4
EPSS 0.02
CVE-2022-31830
CRITICAL
Kity Minder v1.3.5 - Server-Side Request Forgery via ImageCapture.class.php Init Function
Jun 09, 2022
CVSS 9.1
EPSS 0.15
CVE-2022-21122
CRITICAL
metacalc < 0.0.2 - Remote Code Execution via Math Class Exposure
Jun 08, 2022
CVSS 9.0
EPSS 0.02
CVE-2022-1929
MEDIUM
devcert < 1.2.1 - Denial of Service via Inefficient Regular Expression in certificateFor Method
Jun 02, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-25878
HIGH
protobufjs < 6.11.3 - Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption
May 27, 2022
CVSS 8.2
EPSS 0.02
CVE-2022-29256
MEDIUM
sharp < 0.30.5 - OS Command Injection via PKG_CONFIG_PATH Environment Variable
May 25, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-29214
MEDIUM
NextAuth.js <3.29.3, <4.3.3 - Open Redirect
May 21, 2022
CVSS 6.1
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters