npm Package Vulnerabilities
All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,231 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 51.@strapi/strapi11 CVEs
- 52.apostrophe10 CVEs
- 53.lodash10 CVEs
- 54.sanitize-html10 CVEs
- 55.@sveltejs/kit10 CVEs
- 56.bootstrap9 CVEs
- 57.fastify9 CVEs
- 58.matrix-appservice-irc9 CVEs
- 59.mermaid9 CVEs
- 60.multer9 CVEs
- 61.next-auth9 CVEs
- 62.npm9 CVEs
- 63.open-webui9 CVEs
- 64.payload9 CVEs
- 65.xmldom9 CVEs
- 66.editor.md8 CVEs
- 67.elliptic8 CVEs
- 68.fast-jwt8 CVEs
- 69.fast-xml-parser8 CVEs
- 70.jquery8 CVEs
- 71.lodash-es8 CVEs
- 72.matrix-react-sdk8 CVEs
- 73.shescape8 CVEs
- 74.steal8 CVEs
- 75.urijs8 CVEs
- 76.url-parse8 CVEs
- 77.validator8 CVEs
- 78.@xmldom/xmldom8 CVEs
- 79.@auth0/nextjs-auth07 CVEs
- 80.@backstage/plugin-scaffolder-backend7 CVEs
- 81.@builder.io/qwik-city7 CVEs
- 82.hermes-engine7 CVEs
- 83.jquery-ui7 CVEs
- 84.mattermost-desktop7 CVEs
- 85.n8n-mcp7 CVEs
- 86.qs7 CVEs
- 87.react-server-dom-parcel7 CVEs
- 88.react-server-dom-turbopack7 CVEs
- 89.react-server-dom-webpack7 CVEs
- 90.simple-git7 CVEs
- 91.snyk-broker7 CVEs
- 92.@strapi/plugin-users-permissions7 CVEs
- 93.tarteaucitronjs7 CVEs
- 94.total.js7 CVEs
- 95.uptime-kuma7 CVEs
- 96.vega7 CVEs
- 97.aaptjs6 CVEs
- 98.@angular/core6 CVEs
- 99.@angular/platform-server6 CVEs
- 100.@angular/ssr6 CVEs
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →