npm Package Vulnerabilities
All 2,643 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,245 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 601.@theia/mini-browser2 CVEs
- 602.thrift2 CVEs
- 603.tiny-secp256k12 CVEs
- 604.tree-kill2 CVEs
- 605.tree-kit2 CVEs
- 606.@trpc/server2 CVEs
- 607.@tryghost/portal2 CVEs
- 608.tryton-sao2 CVEs
- 609.ts-deepmerge2 CVEs
- 610.turbo2 CVEs
- 611.uglify-js2 CVEs
- 612.@umbraco-cms/backoffice2 CVEs
- 613.underscore2 CVEs
- 614.useragent2 CVEs
- 615.utils-extend2 CVEs
- 616.vega-selections2 CVEs
- 617.@vendure/core2 CVEs
- 618.@vitejs/plugin-rsc2 CVEs
- 619.vitest2 CVEs
- 620.vxe-table2 CVEs
- 621.@workos-inc/authkit-remix2 CVEs
- 622.xmlhttprequest-ssl2 CVEs
- 623.yaml2 CVEs
- 624.zx2 CVEs
- 625.1011 CVE
- 626.11xiaoli1 CVE
- 627.22lixian1 CVE
- 628.360class.jansenhm1 CVE
- 629.6261 CVE
- 630.@75lb/deep-merge1 CVE
- 631.a11y-mcp1 CVE
- 632.abacus-ext-cmdline1 CVE
- 633.@aborruso/ckan-mcp-server1 CVE
- 634.@absolunet/kafe1 CVE
- 635.@abw/badger-database1 CVE
- 636.accesslog1 CVE
- 637.access-policy1 CVE
- 638.@acrontum/filesystem-template1 CVE
- 639.@actions/artifact1 CVE
- 640.@actions/http-client1 CVE
- 641.actual1 CVE
- 642.@actual-app/cli1 CVE
- 643.@actual-app/web1 CVE
- 644.adamvr-geoip-lite1 CVE
- 645.adb-driver1 CVE
- 646.adb-mcp1 CVE
- 647.adm-zip1 CVE
- 648.@adolph_dudu/ratio-swiper1 CVE
- 649.@adonisjs/core1 CVE
- 650.@adonisjs/http-server1 CVE
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →