npm

4,198 tracked vulnerabilities.

CVE-2022-23923 HIGH
jailed - Sandbox Bypass via Exported alert() Method
May 01, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-22143 HIGH
convict <6.2.2 - Prototype Pollution
May 01, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-21227 HIGH
sqlite3 < 5.0.3 - Denial of Service via Invalid Function Object
May 01, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-21189 HIGH
dexie < 3.2.2 and 4.0.0-alpha.1-4.0.0-alpha.3 - Prototype Pollution via setByKeyPath Function
May 01, 2022
CVSS 7.3
EPSS 0.02
CVE-2022-21144 HIGH
libxmljs < 0.19.8 - Denial of Service via parseXml Function
May 01, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-29078 CRITICAL NUCLEI
ejs 3.1.6 - Server-Side Template Injection via outputFunctionName Option
Apr 25, 2022
CVSS 9.8
EPSS 0.33
CVE-2022-27103 MEDIUM
element-plus 2.0.5 - Cross-Site Scripting via el-table-column
Apr 25, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-1440 CRITICAL
git-interface < 2.1.2 - OS Command Injection via --upload-pack Argument
Apr 22, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-24858 MEDIUM
next-auth < 3.29.2 and 4.0.0-4.3.1 - Authentication Bypass via Redirect Callback
Apr 19, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-1365 MEDIUM
cross-fetch < 3.1.5 - Exposure of Private Personal Information
Apr 15, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-24279 HIGH
madlib-object-utils <0.1.8 - Prototype Pollution
Apr 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-1330 MEDIUM
fullpage < 4.0.4 - Stored Cross-Site Scripting via Anchor URL
Apr 12, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-0436 MEDIUM
gruntjs/grunt <1.5.2 - Path Traversal
Apr 12, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-28397 CRITICAL
Ghost CMS 4.42.0 - Authenticated Arbitrary File Upload
Apr 12, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-27952 CRITICAL
PayloadCMS 0.15.0 - Arbitrary File Upload and Remote Code Execution via SVG File
Apr 12, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-27263 CRITICAL
Strapi v4.1.5 - Arbitrary File Upload and Remote Code Execution
Apr 12, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-27261 HIGH
express-fileupload 1.3.1 - Arbitrary File Write via Multiple File Upload
Apr 12, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-27260 CRITICAL
ButterCMS 1.2.8 - Arbitrary File Upload and Remote Code Execution via SVG File
Apr 12, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-27139 CRITICAL
Ghost 4.39.0 - Authenticated Arbitrary File Upload via SVG File
Apr 12, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-21803 HIGH
nconf < 0.11.4 - Prototype Pollution via .set() Function
Apr 12, 2022
CVSS 7.3
EPSS 0.02
CVE-2022-29080 CRITICAL
npm-dependency-versions <0.3.0 - Command Injection
Apr 12, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-24815 HIGH
generator-jhipster 7.0.0-7.8.0 - SQL Injection in Reactive Spring WebFlux Entity Repository
Apr 11, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-1295 CRITICAL
fullpage < 4.0.2 - Prototype Pollution
Apr 11, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-1291 MEDIUM
tableexport.jquery.plugin < 1.25.0 - Cross-Site Scripting via onCellHtmlData Function
Apr 10, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-1243 MEDIUM
uri.js < 1.19.11 - Cross-Site Scripting via CRHTLF Protocol Extraction
Apr 05, 2022
CVSS 6.1
EPSS 0.01