npm
4,198 tracked vulnerabilities.
CVE-2022-24434
HIGH
dicer - Denial of Service via Malicious Form Data
May 20, 2022
CVSS 7.5
EPSS 0.03
CVE-2022-30618
HIGH
Strapi 3.0.0-3.6.9 and 4.0.0-4.1.8 - Authenticated Sensitive Data Exposure via Admin Panel Relationships
May 19, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-30617
HIGH
Strapi 3.0.0-3.6.9 and <4.0.0-beta.15 - Authenticated Sensitive Information Exposure via Admin Panel Relationships
May 19, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-29229
MEDIUM
CaSS Library <1.5.8 - Info Disclosure
May 18, 2022
CVSS 6.3
EPSS 0.00
CVE-2022-1726
MEDIUM
bootstrap-table < 1.20.2 - Cross-Site Scripting via Table Export Plugin with htmlContent Enabled
May 16, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-29623
HIGH
connect-multiparty 2.2.0 - Arbitrary File Upload via Crafted PDF File
May 16, 2022
CVSS 7.8
EPSS 0.01
CVE-2022-29622
CRITICAL
formidable 3.1.4 - Arbitrary File Upload via Crafted Filename
May 16, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-29351
CRITICAL
TiddlyWiki5 v5.2.2 - Arbitrary File Upload via Crafted SVG File
May 16, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-25865
HIGH
workspace-tools < 0.18.4 - Command Injection via Git Argument Injection
May 13, 2022
CVSS 8.1
EPSS 0.07
CVE-2022-25862
MEDIUM
sds - Prototype Pollution via set Function
May 13, 2022
CVSS 4.0
EPSS 0.01
CVE-2022-21190
HIGH
convict < 6.2.3 - Prototype Pollution via Bypass of CVE-2022-22143 Fix
May 13, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-1650
HIGH
GitHub eventsource <2.0.2 - Info Disclosure
May 12, 2022
CVSS 8.1
EPSS 0.02
CVE-2022-1537
HIGH
gruntjs/grunt < 1.5.3 - Arbitrary File Write via TOCTOU Race Condition in file.copy
May 10, 2022
CVSS 7.0
EPSS 0.00
CVE-2022-25324
HIGH
bignum - Denial of Service via .powm Function Type-Check Exception
May 06, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-29172
MEDIUM
Auth0 Lock < 11.33.0 - Stored Cross-Site Scripting via Additional Signup Fields
May 05, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-29167
HIGH
Hawk < 9.0.1 - Denial of Service via Host Header Regular Expression
May 05, 2022
CVSS 7.4
EPSS 0.01
CVE-2022-29166
HIGH
matrix-appservice-irc <0.33.2 - RCE
May 05, 2022
CVSS 8.0
EPSS 0.01
CVE-2022-30241
MEDIUM
jquery.json-viewer < 1.4.0 - Cross-Site Scripting via Improper Character Escaping
May 04, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-24901
HIGH
parse-server < 4.10.10 - Improper Certificate Validation in Apple Game Center Authentication
May 04, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-28118
CRITICAL
SiteServer CMS 7.0.0-7.1.2 - Remote Code Execution via Crafted Plugin
May 03, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-25301
HIGH
jsgui-lang-essentials - Prototype Pollution via Object Attribute Manipulation
May 01, 2022
CVSS 7.7
EPSS 0.01
CVE-2022-25844
MEDIUM
angularjs >=1.7.0 - Regular Expression Denial of Service via Custom Locale Rule
May 01, 2022
CVSS 5.3
EPSS 0.05
CVE-2022-25645
MEDIUM
dset < 3.1.2 - Prototype Pollution via Malicious Object Bypass
May 01, 2022
CVSS 6.5
EPSS 0.02
CVE-2022-25349
MEDIUM
materialize-css - Cross-Site Scripting in Autocomplete Component
May 01, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-24437
CRITICAL
git-pull-or-clone <2.0.2 - Command Injection
May 01, 2022
CVSS 9.8
EPSS 0.04
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters