npm Package Vulnerabilities
All 2,648 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,346 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 2,501.ungit1 CVE
- 2,502.unhead1 CVE
- 2,503.unicode1 CVE
- 2,504.unicode-json1 CVE
- 2,505.unicorn-list1 CVE
- 2,506.@uniswap/universal-router1 CVE
- 2,507.unzipper1 CVE
- 2,508.uplot1 CVE
- 2,509.uri-js1 CVE
- 2,510.uri-template-lite1 CVE
- 2,511.url-js1 CVE
- 2,512.urlregex1 CVE
- 2,513.url-regex1 CVE
- 2,514.@urql/next1 CVE
- 2,515.@usebruno/cli1 CVE
- 2,516.utahcityfinder1 CVE
- 2,517.@utcp/http1 CVE
- 2,518.utilities1 CVE
- 2,519.utilitify1 CVE
- 2,520.uuid1 CVE
- 2,521.uv-tj-demo1 CVE
- 2,522.uws1 CVE
- 2,523.v8n1 CVE
- 2,524.vagrant.js1 CVE
- 2,525.valib1 CVE
- 2,526.valibot1 CVE
- 2,527.validate.js1 CVE
- 2,528.@valtimo/components1 CVE
- 2,529.vconsole1 CVE
- 2,530.vega-expression1 CVE
- 2,531.vega-interpreter1 CVE
- 2,532.vega-util1 CVE
- 2,533.velocityjs1 CVE
- 2,534.@vendure/asset-server-plugin1 CVE
- 2,535.vercel1 CVE
- 2,536.@vercel/flags1 CVE
- 2,537.verdaccio1 CVE
- 2,538.versionn1 CVE
- 2,539.video.js1 CVE
- 2,540.@viking04/merge1 CVE
- 2,541.vis-timeline1 CVE
- 2,542.vite-plugin-static-copy1 CVE
- 2,543.@vltpkg/tar1 CVE
- 2,544.vmd1 CVE
- 2,545.vnu-jar1 CVE
- 2,546.vscode-npm-script1 CVE
- 2,547.vue1 CVE
- 2,548.@vue/cli-plugin-pwa1 CVE
- 2,549.@vuelidate/validators1 CVE
- 2,550.vue-storefront-api1 CVE
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →