npm Package Vulnerabilities

All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,229 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 1.openclaw322 CVEs
  2. 2.n8n66 CVEs
  3. 3.flowise63 CVEs
  4. 4.parse-server55 CVEs
  5. 5.directus53 CVEs
  6. 6.electron49 CVEs
  7. 7.nocodb44 CVEs
  8. 8.next42 CVEs
  9. 9.vm241 CVEs
  10. 10.axios33 CVEs
  11. 11.hono32 CVEs
  12. 12.undici27 CVEs
  13. 13.@anthropic-ai/claude-code24 CVEs
  14. 14.fuxa-server22 CVEs
  15. 15.vite22 CVEs
  16. 16.astro19 CVEs
  17. 17.ghost19 CVEs
  18. 18.@openzeppelin/contracts19 CVEs
  19. 19.@budibase/server18 CVEs
  20. 20.@openzeppelin/contracts-upgradeable18 CVEs
  21. 21.tinymce18 CVEs
  22. 22.ckeditor416 CVEs
  23. 23.@haxtheweb/haxcms-nodejs16 CVEs
  24. 24.pnpm16 CVEs
  25. 25.jspdf15 CVEs
  26. 26.protobufjs15 CVEs
  27. 27.dompurify14 CVEs
  28. 28.joplin14 CVEs
  29. 29.nodebb14 CVEs
  30. 30.react-router14 CVEs
  31. 31.signalk-server14 CVEs
  32. 32.tar14 CVEs
  33. 33.flowise-components13 CVEs
  34. 34.sequelize13 CVEs
  35. 35.systeminformation13 CVEs
  36. 36.angular12 CVEs
  37. 37.@directus/api12 CVEs
  38. 38.@evershop/evershop12 CVEs
  39. 39.jsrsasign12 CVEs
  40. 40.liquidjs12 CVEs
  41. 41.matrix-js-sdk12 CVEs
  42. 42.node-forge12 CVEs
  43. 43.nuxt12 CVEs
  44. 44.@nyariv/sandboxjs12 CVEs
  45. 45.strapi12 CVEs
  46. 46.electerm11 CVEs
  47. 47.handlebars11 CVEs
  48. 48.@lobehub/chat11 CVEs
  49. 49.marked11 CVEs
  50. 50.sillytavern11 CVEs

Which npm packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →