npm Package Vulnerabilities

All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,231 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 151.aws-iot-device-sdk-v24 CVEs
  2. 152.brace-expansion4 CVEs
  3. 153.budibase4 CVEs
  4. 154.@clerk/nextjs4 CVEs
  5. 155.code-server4 CVEs
  6. 156.convert-svg-core4 CVEs
  7. 157.devalue4 CVEs
  8. 158.@earendil-works/pi-coding-agent4 CVEs
  9. 159.engine.io4 CVEs
  10. 160.erxes4 CVEs
  11. 161.express-cart4 CVEs
  12. 162.@fastify/middie4 CVEs
  13. 163.@finos/git-proxy4 CVEs
  14. 164.follow-redirects4 CVEs
  15. 165.@grpc/grpc-js4 CVEs
  16. 166.@hono/node-server4 CVEs
  17. 167.hummus4 CVEs
  18. 168.@intlify/vue-i18n-core4 CVEs
  19. 169.jquery-validation4 CVEs
  20. 170.jsonwebtoken4 CVEs
  21. 171.langsmith4 CVEs
  22. 172.libxmljs4 CVEs
  23. 173.markdown-it4 CVEs
  24. 174.materialize-css4 CVEs
  25. 175.meshcentral4 CVEs
  26. 176.moment4 CVEs
  27. 177.mongo-express4 CVEs
  28. 178.mongosh4 CVEs
  29. 179.muhammara4 CVEs
  30. 180.network-ai4 CVEs
  31. 181.nodemailer4 CVEs
  32. 182.@node-saml/node-saml4 CVEs
  33. 183.parse-dashboard4 CVEs
  34. 184.passport-wsfed-saml24 CVEs
  35. 185.petite-vue-i18n4 CVEs
  36. 186.postcss4 CVEs
  37. 187.protobufjs-cli4 CVEs
  38. 188.remarkable4 CVEs
  39. 189.@saltcorn/server4 CVEs
  40. 190.serialize-javascript4 CVEs
  41. 191.snyk4 CVEs
  42. 192.socket.io-parser4 CVEs
  43. 193.@strapi/admin4 CVEs
  44. 194.swagger-ui4 CVEs
  45. 195.tar-fs4 CVEs
  46. 196.@tinacms/cli4 CVEs
  47. 197.@tinacms/graphql4 CVEs
  48. 198.@uppy/companion4 CVEs
  49. 199.valine4 CVEs
  50. 200.vite-plus4 CVEs

Which npm packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →