npm Package Vulnerabilities

All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,231 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 51.@strapi/strapi11 CVEs
  2. 52.apostrophe10 CVEs
  3. 53.lodash10 CVEs
  4. 54.sanitize-html10 CVEs
  5. 55.@sveltejs/kit10 CVEs
  6. 56.bootstrap9 CVEs
  7. 57.fastify9 CVEs
  8. 58.matrix-appservice-irc9 CVEs
  9. 59.mermaid9 CVEs
  10. 60.multer9 CVEs
  11. 61.next-auth9 CVEs
  12. 62.npm9 CVEs
  13. 63.open-webui9 CVEs
  14. 64.payload9 CVEs
  15. 65.xmldom9 CVEs
  16. 66.editor.md8 CVEs
  17. 67.elliptic8 CVEs
  18. 68.fast-jwt8 CVEs
  19. 69.fast-xml-parser8 CVEs
  20. 70.jquery8 CVEs
  21. 71.lodash-es8 CVEs
  22. 72.matrix-react-sdk8 CVEs
  23. 73.shescape8 CVEs
  24. 74.steal8 CVEs
  25. 75.urijs8 CVEs
  26. 76.url-parse8 CVEs
  27. 77.validator8 CVEs
  28. 78.@xmldom/xmldom8 CVEs
  29. 79.@auth0/nextjs-auth07 CVEs
  30. 80.@backstage/plugin-scaffolder-backend7 CVEs
  31. 81.@builder.io/qwik-city7 CVEs
  32. 82.hermes-engine7 CVEs
  33. 83.jquery-ui7 CVEs
  34. 84.mattermost-desktop7 CVEs
  35. 85.n8n-mcp7 CVEs
  36. 86.qs7 CVEs
  37. 87.react-server-dom-parcel7 CVEs
  38. 88.react-server-dom-turbopack7 CVEs
  39. 89.react-server-dom-webpack7 CVEs
  40. 90.simple-git7 CVEs
  41. 91.snyk-broker7 CVEs
  42. 92.@strapi/plugin-users-permissions7 CVEs
  43. 93.tarteaucitronjs7 CVEs
  44. 94.total.js7 CVEs
  45. 95.uptime-kuma7 CVEs
  46. 96.vega7 CVEs
  47. 97.aaptjs6 CVEs
  48. 98.@angular/core6 CVEs
  49. 99.@angular/platform-server6 CVEs
  50. 100.@angular/ssr6 CVEs

Which npm packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →