npm Package Vulnerabilities

All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,231 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 101.better-auth6 CVEs
  2. 102.@budibase/backend-core6 CVEs
  3. 103.@fedify/fedify6 CVEs
  4. 104.hapi6 CVEs
  5. 105.locutus6 CVEs
  6. 106.mongoose6 CVEs
  7. 107.openpgp6 CVEs
  8. 108.parse-url6 CVEs
  9. 109.prismjs6 CVEs
  10. 110.rsshub6 CVEs
  11. 111.svelte6 CVEs
  12. 112.ua-parser-js6 CVEs
  13. 113.ws6 CVEs
  14. 114.@angular/common5 CVEs
  15. 115.@angular/compiler5 CVEs
  16. 116.auth0-js5 CVEs
  17. 117.bootstrap-sass5 CVEs
  18. 118.dojo5 CVEs
  19. 119.ejs5 CVEs
  20. 120.express5 CVEs
  21. 121.@frangoteam/fuxa5 CVEs
  22. 122.froala-editor5 CVEs
  23. 123.happy-dom5 CVEs
  24. 124.http-proxy-middleware5 CVEs
  25. 125.katex5 CVEs
  26. 126.keystone5 CVEs
  27. 127.@keystone-6/core5 CVEs
  28. 128.koa5 CVEs
  29. 129.lodash-amd5 CVEs
  30. 130.mathjs5 CVEs
  31. 131.mcp-server-kubernetes5 CVEs
  32. 132.mysql25 CVEs
  33. 133.path-to-regexp5 CVEs
  34. 134.@perfood/couch-auth5 CVEs
  35. 135.rendertron5 CVEs
  36. 136.safe-eval5 CVEs
  37. 137.seroval5 CVEs
  38. 138.serve5 CVEs
  39. 139.@steipete/summarize5 CVEs
  40. 140.total45 CVEs
  41. 141.trix5 CVEs
  42. 142.vditor5 CVEs
  43. 143.vega-functions5 CVEs
  44. 144.webpack-dev-server5 CVEs
  45. 145.xlsx5 CVEs
  46. 146.yarn5 CVEs
  47. 147.@actual-app/sync-server4 CVEs
  48. 148.angular-expressions4 CVEs
  49. 149.@apollo/gateway4 CVEs
  50. 150.auth0-lock4 CVEs

Which npm packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →