npm Package Vulnerabilities
All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,229 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 1.openclaw322 CVEs
- 2.n8n66 CVEs
- 3.flowise63 CVEs
- 4.parse-server55 CVEs
- 5.directus53 CVEs
- 6.electron49 CVEs
- 7.nocodb44 CVEs
- 8.next42 CVEs
- 9.vm241 CVEs
- 10.axios33 CVEs
- 11.hono32 CVEs
- 12.undici27 CVEs
- 13.@anthropic-ai/claude-code24 CVEs
- 14.fuxa-server22 CVEs
- 15.vite22 CVEs
- 16.astro19 CVEs
- 17.ghost19 CVEs
- 18.@openzeppelin/contracts19 CVEs
- 19.@budibase/server18 CVEs
- 20.@openzeppelin/contracts-upgradeable18 CVEs
- 21.tinymce18 CVEs
- 22.ckeditor416 CVEs
- 23.@haxtheweb/haxcms-nodejs16 CVEs
- 24.pnpm16 CVEs
- 25.jspdf15 CVEs
- 26.protobufjs15 CVEs
- 27.dompurify14 CVEs
- 28.joplin14 CVEs
- 29.nodebb14 CVEs
- 30.react-router14 CVEs
- 31.signalk-server14 CVEs
- 32.tar14 CVEs
- 33.flowise-components13 CVEs
- 34.sequelize13 CVEs
- 35.systeminformation13 CVEs
- 36.angular12 CVEs
- 37.@directus/api12 CVEs
- 38.@evershop/evershop12 CVEs
- 39.jsrsasign12 CVEs
- 40.liquidjs12 CVEs
- 41.matrix-js-sdk12 CVEs
- 42.node-forge12 CVEs
- 43.nuxt12 CVEs
- 44.@nyariv/sandboxjs12 CVEs
- 45.strapi12 CVEs
- 46.electerm11 CVEs
- 47.handlebars11 CVEs
- 48.@lobehub/chat11 CVEs
- 49.marked11 CVEs
- 50.sillytavern11 CVEs
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →