npm Package Vulnerabilities

All 2,643 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,245 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 601.@theia/mini-browser2 CVEs
  2. 602.thrift2 CVEs
  3. 603.tiny-secp256k12 CVEs
  4. 604.tree-kill2 CVEs
  5. 605.tree-kit2 CVEs
  6. 606.@trpc/server2 CVEs
  7. 607.@tryghost/portal2 CVEs
  8. 608.tryton-sao2 CVEs
  9. 609.ts-deepmerge2 CVEs
  10. 610.turbo2 CVEs
  11. 611.uglify-js2 CVEs
  12. 612.@umbraco-cms/backoffice2 CVEs
  13. 613.underscore2 CVEs
  14. 614.useragent2 CVEs
  15. 615.utils-extend2 CVEs
  16. 616.vega-selections2 CVEs
  17. 617.@vendure/core2 CVEs
  18. 618.@vitejs/plugin-rsc2 CVEs
  19. 619.vitest2 CVEs
  20. 620.vxe-table2 CVEs
  21. 621.@workos-inc/authkit-remix2 CVEs
  22. 622.xmlhttprequest-ssl2 CVEs
  23. 623.yaml2 CVEs
  24. 624.zx2 CVEs
  25. 625.1011 CVE
  26. 626.11xiaoli1 CVE
  27. 627.22lixian1 CVE
  28. 628.360class.jansenhm1 CVE
  29. 629.6261 CVE
  30. 630.@75lb/deep-merge1 CVE
  31. 631.a11y-mcp1 CVE
  32. 632.abacus-ext-cmdline1 CVE
  33. 633.@aborruso/ckan-mcp-server1 CVE
  34. 634.@absolunet/kafe1 CVE
  35. 635.@abw/badger-database1 CVE
  36. 636.accesslog1 CVE
  37. 637.access-policy1 CVE
  38. 638.@acrontum/filesystem-template1 CVE
  39. 639.@actions/artifact1 CVE
  40. 640.@actions/http-client1 CVE
  41. 641.actual1 CVE
  42. 642.@actual-app/cli1 CVE
  43. 643.@actual-app/web1 CVE
  44. 644.adamvr-geoip-lite1 CVE
  45. 645.adb-driver1 CVE
  46. 646.adb-mcp1 CVE
  47. 647.adm-zip1 CVE
  48. 648.@adolph_dudu/ratio-swiper1 CVE
  49. 649.@adonisjs/core1 CVE
  50. 650.@adonisjs/http-server1 CVE

Which npm packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →