npm Package Vulnerabilities
All 2,648 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,342 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 2,301.sqlite.js1 CVE
- 2,302.sqliter1 CVE
- 2,303.sqlite-vec1 CVE
- 2,304.sqlserver1 CVE
- 2,305.srvx1 CVE
- 2,306.ssb-db1 CVE
- 2,307.sse-channel1 CVE
- 2,308.ssh21 CVE
- 2,309.sshpk1 CVE
- 2,310.ssl-utils1 CVE
- 2,311.sspa1 CVE
- 2,312.ssrf-agent1 CVE
- 2,313.stage-js1 CVE
- 2,314.starkbank-ecdsa1 CVE
- 2,315.startserver1 CVE
- 2,316.static-dev-server1 CVE
- 2,317.static-eval1 CVE
- 2,318.static-html-server1 CVE
- 2,319.statichttpserver1 CVE
- 2,320.static-resource-server1 CVE
- 2,321.static-server1 CVE
- 2,322.stattic1 CVE
- 2,323.stellar-sdk1 CVE
- 2,324.steroids1 CVE
- 2,325.stimulus_reflex1 CVE
- 2,326.@stoqey/gnuplot1 CVE
- 2,327.store21 CVE
- 2,328.storefront-api1 CVE
- 2,329.strapi-admin1 CVE
- 2,330.@strapi/content-type-builder1 CVE
- 2,331.strapi-plugin-content-manager1 CVE
- 2,332.@strapi/plugin-content-type-builder1 CVE
- 2,333.strapi-plugin-content-type-builder1 CVE
- 2,334.@strapi/plugin-email1 CVE
- 2,335.strapi-plugin-protected-populate1 CVE
- 2,336.@strapi/plugin-upload1 CVE
- 2,337.@strapi/upload1 CVE
- 2,338.strider-sauce1 CVE
- 2,339.string1 CVE
- 2,340.string-kit1 CVE
- 2,341.string-math1 CVE
- 2,342.stringstream1 CVE
- 2,343.striptags1 CVE
- 2,344.strong-nginx-controller1 CVE
- 2,345.@stryker-mutator/util1 CVE
- 2,346.studiocms1 CVE
- 2,347.sublinear-time-solver1 CVE
- 2,348.summit1 CVE
- 2,349.@sunwood-ai-labs/github-kanban-mcp-server1 CVE
- 2,350.@supabase/auth-js1 CVE
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →