npm Latest Vulnerabilities
Latest vulnerabilities published by npm
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Denial of Service Vulnerability in Pacote Package by NPM
CVE-2026-9496NPMPacote8.7HIGHPrototype Pollution Vulnerability in parse-ini by npm
CVE-2025-63703npmparse-ini9.8CRITICALPrototype Pollution Vulnerability in Query Parser String NPM Package
CVE-2025-63704NPMquery-parser-string9.8CRITICALOS Command Injection Vulnerability in Node-ts-ocr by NPM
CVE-2025-63705NPMnode-ts-ocr8.8HIGHNode.js Wrapper for Tesseract OCR Vulnerability Exposes Command Injection Risk
CVE-2026-26832npmnode-tesseract-ocr9.8CRITICALRegular Expression Denial of Service Vulnerability in markdown-it by npm
CVE-2026-2327npmMarkdown-it6.9MEDIUMLocal Privilege Escalation Vulnerability in npm CLI by npm Inc.
CVE-2026-0775NpmCli7HIGHPrototype Pollution Vulnerability in spmrc Package Affecting Node.js Applications
CVE-2025-57327npmspmrc7.5HIGHPrototype Pollution Vulnerability in cli-util by npm Inc.
CVE-2024-57078npm Inc.cli-util7.5HIGHArbitrary Code Execution and Sensitive Information Theft via isPublic()
CVE-2023-42282NPMIp9.8CRITICALVulnerability in Fastify OAuth2 Affects User Session Security
CVE-2023-31999Npm@fastify/oauth28.8HIGHtextAngular text editor vulnerable to Cross-site Scripting
CVE-2021-32854NpmTextangular6.1MEDIUMvditor vulnerable to Cross-site Scripting
CVE-2021-32855NpmVditor6.1MEDIUMiziModal vulnerable to Cross-site Scripting
CVE-2021-32860NpmIzimodal6.1MEDIUMjQuery MiniColors vulnerable to Cross-site Scripting
CVE-2021-32850Npm@claviska/jquery-minic...6.1MEDIUMjQuery MiniColors vulnerable to Cross-site Scripting
CVE-2021-32851NpmMind-elixir6.1MEDIUMErxes vulnerable to Cross-site Scripting
CVE-2021-32853NpmErxesEPSS 84%6.1MEDIUMCommand Injection
CVE-2020-7795Get-npm-package-v...Get-npm-package-version7.3HIGHCommand Injection
CVE-2020-28445Npm-help ProjectNpm-help9.8CRITICALnpm packing does not respect root-level ignore files in workspaces
CVE-2022-29244NpmNpm7.5HIGHCommand Injection Vulnerability in npm-dependency-versions for Node.js
CVE-2022-29080Npm-dependency-ve...Npm-dependency-versions9.8CRITICALUNIX Symbolic Link (Symlink) Following in @npmcli/arborist
CVE-2021-39135NpmArborist8.2HIGHUNIX Symbolic Link (Symlink) Following in @npmcli/arborist
CVE-2021-39134NpmArborist8.2HIGHArbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
CVE-2021-37713NpmNode-tar8.2HIGHArbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
CVE-2021-37701NpmNode-tar8.2HIGH