npm
4,198 tracked vulnerabilities.
CVE-2022-23923
HIGH
jailed - Sandbox Bypass via Exported alert() Method
May 01, 2022
CVSS 8.6
EPSS 0.01
CVE-2022-22143
HIGH
convict <6.2.2 - Prototype Pollution
May 01, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-21227
HIGH
sqlite3 < 5.0.3 - Denial of Service via Invalid Function Object
May 01, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-21189
HIGH
dexie < 3.2.2 and 4.0.0-alpha.1-4.0.0-alpha.3 - Prototype Pollution via setByKeyPath Function
May 01, 2022
CVSS 7.3
EPSS 0.02
CVE-2022-21144
HIGH
libxmljs < 0.19.8 - Denial of Service via parseXml Function
May 01, 2022
CVSS 7.5
EPSS 0.02
CVE-2022-29078
CRITICAL
NUCLEI
ejs 3.1.6 - Server-Side Template Injection via outputFunctionName Option
Apr 25, 2022
CVSS 9.8
EPSS 0.33
CVE-2022-27103
MEDIUM
element-plus 2.0.5 - Cross-Site Scripting via el-table-column
Apr 25, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-1440
CRITICAL
git-interface < 2.1.2 - OS Command Injection via --upload-pack Argument
Apr 22, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-24858
MEDIUM
next-auth < 3.29.2 and 4.0.0-4.3.1 - Authentication Bypass via Redirect Callback
Apr 19, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-1365
MEDIUM
cross-fetch < 3.1.5 - Exposure of Private Personal Information
Apr 15, 2022
CVSS 6.5
EPSS 0.01
CVE-2022-24279
HIGH
madlib-object-utils <0.1.8 - Prototype Pollution
Apr 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-1330
MEDIUM
fullpage < 4.0.4 - Stored Cross-Site Scripting via Anchor URL
Apr 12, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-0436
MEDIUM
gruntjs/grunt <1.5.2 - Path Traversal
Apr 12, 2022
CVSS 5.5
EPSS 0.01
CVE-2022-28397
CRITICAL
Ghost CMS 4.42.0 - Authenticated Arbitrary File Upload
Apr 12, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-27952
CRITICAL
PayloadCMS 0.15.0 - Arbitrary File Upload and Remote Code Execution via SVG File
Apr 12, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-27263
CRITICAL
Strapi v4.1.5 - Arbitrary File Upload and Remote Code Execution
Apr 12, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-27261
HIGH
express-fileupload 1.3.1 - Arbitrary File Write via Multiple File Upload
Apr 12, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-27260
CRITICAL
ButterCMS 1.2.8 - Arbitrary File Upload and Remote Code Execution via SVG File
Apr 12, 2022
CVSS 9.8
EPSS 0.03
CVE-2022-27139
CRITICAL
Ghost 4.39.0 - Authenticated Arbitrary File Upload via SVG File
Apr 12, 2022
CVSS 9.8
EPSS 0.04
CVE-2022-21803
HIGH
nconf < 0.11.4 - Prototype Pollution via .set() Function
Apr 12, 2022
CVSS 7.3
EPSS 0.02
CVE-2022-29080
CRITICAL
npm-dependency-versions <0.3.0 - Command Injection
Apr 12, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-24815
HIGH
generator-jhipster 7.0.0-7.8.0 - SQL Injection in Reactive Spring WebFlux Entity Repository
Apr 11, 2022
CVSS 8.1
EPSS 0.01
CVE-2022-1295
CRITICAL
fullpage < 4.0.2 - Prototype Pollution
Apr 11, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-1291
MEDIUM
tableexport.jquery.plugin < 1.25.0 - Cross-Site Scripting via onCellHtmlData Function
Apr 10, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-1243
MEDIUM
uri.js < 1.19.11 - Cross-Site Scripting via CRHTLF Protocol Extraction
Apr 05, 2022
CVSS 6.1
EPSS 0.01
Products
openclaw 433
parse-server 98
flowise 67
n8n 67
directus 53
electron 48
next 47
vm2 41
axios 33
hono 30
undici 30
nocodb 25
pnpm 25
ghost 22
vite 21
tinymce 18
astro 17
ckeditor4 15
fuxa-server 15
jspdf 15
tar 15
joplin 14
liquidjs 14
nodebb 14
protobufjs 14
sequelize 14
flowise-components 13
react-router 13
signalk-server 13
angular 12
Quick Filters