npm Package Vulnerabilities
All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,231 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 101.better-auth6 CVEs
- 102.@budibase/backend-core6 CVEs
- 103.@fedify/fedify6 CVEs
- 104.hapi6 CVEs
- 105.locutus6 CVEs
- 106.mongoose6 CVEs
- 107.openpgp6 CVEs
- 108.parse-url6 CVEs
- 109.prismjs6 CVEs
- 110.rsshub6 CVEs
- 111.svelte6 CVEs
- 112.ua-parser-js6 CVEs
- 113.ws6 CVEs
- 114.@angular/common5 CVEs
- 115.@angular/compiler5 CVEs
- 116.auth0-js5 CVEs
- 117.bootstrap-sass5 CVEs
- 118.dojo5 CVEs
- 119.ejs5 CVEs
- 120.express5 CVEs
- 121.@frangoteam/fuxa5 CVEs
- 122.froala-editor5 CVEs
- 123.happy-dom5 CVEs
- 124.http-proxy-middleware5 CVEs
- 125.katex5 CVEs
- 126.keystone5 CVEs
- 127.@keystone-6/core5 CVEs
- 128.koa5 CVEs
- 129.lodash-amd5 CVEs
- 130.mathjs5 CVEs
- 131.mcp-server-kubernetes5 CVEs
- 132.mysql25 CVEs
- 133.path-to-regexp5 CVEs
- 134.@perfood/couch-auth5 CVEs
- 135.rendertron5 CVEs
- 136.safe-eval5 CVEs
- 137.seroval5 CVEs
- 138.serve5 CVEs
- 139.@steipete/summarize5 CVEs
- 140.total45 CVEs
- 141.trix5 CVEs
- 142.vditor5 CVEs
- 143.vega-functions5 CVEs
- 144.webpack-dev-server5 CVEs
- 145.xlsx5 CVEs
- 146.yarn5 CVEs
- 147.@actual-app/sync-server4 CVEs
- 148.angular-expressions4 CVEs
- 149.@apollo/gateway4 CVEs
- 150.auth0-lock4 CVEs
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →