npm

4,198 tracked vulnerabilities.

CVE-2022-25852 HIGH
libpq and pg-native - Denial of Service via Incorrect Type Conversion
Jun 17, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-22138 HIGH
fast-string-search - Denial of Service via Incorrect Calculation for Non-String Inputs
Jun 17, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-21213 HIGH
mout < 1.2.4 - Prototype Pollution via deepFillIn and deepMixIn Functions
Jun 17, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-31083 HIGH
Parse Server <4.10.11, <5.2.2 - Auth Bypass
Jun 17, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-2079 MEDIUM
nocodb < 0.91.7 - Stored Cross-Site Scripting
Jun 14, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-29257 MEDIUM
Electron <18.0.0-beta.6, 17.2.0, 16.2.6, 15.5.5 - Code Injection
Jun 13, 2022
CVSS 6.6
EPSS 0.01
CVE-2022-29247 LOW
Electron <18.0.0-beta.6,17.2.0,16.2.6,15.5.5 - Privilege Escalation
Jun 13, 2022
CVSS 2.2
EPSS 0.01
CVE-2022-29244 HIGH
npm <7.9.0-7.13.0 - Info Disclosure
Jun 13, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-2064 HIGH
nocodb < 0.91.7 - Insufficient Session Expiration
Jun 13, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-2063 HIGH
nocodb < 0.91.7 - Improper Privilege Management
Jun 13, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-2062 HIGH
nocodb < 0.91.7 - Sensitive Information Exposure via Error Message
Jun 13, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-29894 MEDIUM
Strapi v3.x.x - Stored Cross-Site Scripting in File Upload Function
Jun 13, 2022
CVSS 4.8
EPSS 0.01
CVE-2022-25863 HIGH
gatsby-plugin-mdx < 2.14.1, 3.0.0-3.15.2 - Deserialization of Untrusted Data via gray-matter Input
Jun 10, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-25851 HIGH
jpeg-js < 0.4.4 - Denial of Service via Infinite Loop
Jun 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-24429 HIGH
convert-svg-core <0.6.3 - Code Injection
Jun 10, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-24376 HIGH
git-promise - Command Injection via Inappropriate Fix
Jun 10, 2022
CVSS 7.2
EPSS 0.03
CVE-2022-24278 HIGH
convert-svg-core <0.6.4 - Path Traversal
Jun 10, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-21211 MEDIUM
posix - Denial of Service via toString Method Invocation
Jun 10, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-31051 MEDIUM
semantic-release 17.0.4-19.0.3 - Exposure of Sensitive Information via URI Encoding Bypass
Jun 09, 2022
CVSS 4.4
EPSS 0.02
CVE-2022-31830 CRITICAL
Kity Minder v1.3.5 - Server-Side Request Forgery via ImageCapture.class.php Init Function
Jun 09, 2022
CVSS 9.1
EPSS 0.15
CVE-2022-21122 CRITICAL
metacalc < 0.0.2 - Remote Code Execution via Math Class Exposure
Jun 08, 2022
CVSS 9.0
EPSS 0.02
CVE-2022-1929 MEDIUM
devcert < 1.2.1 - Denial of Service via Inefficient Regular Expression in certificateFor Method
Jun 02, 2022
CVSS 5.9
EPSS 0.01
CVE-2022-25878 HIGH
protobufjs < 6.11.3 - Prototype Pollution via util.setProperty or ReflectionObject.setParsedOption
May 27, 2022
CVSS 8.2
EPSS 0.02
CVE-2022-29256 MEDIUM
sharp < 0.30.5 - OS Command Injection via PKG_CONFIG_PATH Environment Variable
May 25, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-29214 MEDIUM
NextAuth.js <3.29.3, <4.3.3 - Open Redirect
May 21, 2022
CVSS 6.1
EPSS 0.01