npm Package Vulnerabilities
All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,231 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 151.aws-iot-device-sdk-v24 CVEs
- 152.brace-expansion4 CVEs
- 153.budibase4 CVEs
- 154.@clerk/nextjs4 CVEs
- 155.code-server4 CVEs
- 156.convert-svg-core4 CVEs
- 157.devalue4 CVEs
- 158.@earendil-works/pi-coding-agent4 CVEs
- 159.engine.io4 CVEs
- 160.erxes4 CVEs
- 161.express-cart4 CVEs
- 162.@fastify/middie4 CVEs
- 163.@finos/git-proxy4 CVEs
- 164.follow-redirects4 CVEs
- 165.@grpc/grpc-js4 CVEs
- 166.@hono/node-server4 CVEs
- 167.hummus4 CVEs
- 168.@intlify/vue-i18n-core4 CVEs
- 169.jquery-validation4 CVEs
- 170.jsonwebtoken4 CVEs
- 171.langsmith4 CVEs
- 172.libxmljs4 CVEs
- 173.markdown-it4 CVEs
- 174.materialize-css4 CVEs
- 175.meshcentral4 CVEs
- 176.moment4 CVEs
- 177.mongo-express4 CVEs
- 178.mongosh4 CVEs
- 179.muhammara4 CVEs
- 180.network-ai4 CVEs
- 181.nodemailer4 CVEs
- 182.@node-saml/node-saml4 CVEs
- 183.parse-dashboard4 CVEs
- 184.passport-wsfed-saml24 CVEs
- 185.petite-vue-i18n4 CVEs
- 186.postcss4 CVEs
- 187.protobufjs-cli4 CVEs
- 188.remarkable4 CVEs
- 189.@saltcorn/server4 CVEs
- 190.serialize-javascript4 CVEs
- 191.snyk4 CVEs
- 192.socket.io-parser4 CVEs
- 193.@strapi/admin4 CVEs
- 194.swagger-ui4 CVEs
- 195.tar-fs4 CVEs
- 196.@tinacms/cli4 CVEs
- 197.@tinacms/graphql4 CVEs
- 198.@uppy/companion4 CVEs
- 199.valine4 CVEs
- 200.vite-plus4 CVEs
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →