npm Package Vulnerabilities
All 2,648 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,352 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 2,601.windows-latestchromedriver1 CVE
- 2,602.windows-selenium-chromedriver1 CVE
- 2,603.windows-seleniumjar1 CVE
- 2,604.windows-seleniumjar-mirror1 CVE
- 2,605.wintiwebdev1 CVE
- 2,606.wixtoolset1 CVE
- 2,607.@wong2/mcp-cli1 CVE
- 2,608.word-wrap1 CVE
- 2,609.workerd1 CVE
- 2,610.@workos/authkit-session1 CVE
- 2,611.@workos-inc/authkit-react-router1 CVE
- 2,612.worksmith1 CVE
- 2,613.workspace-tools1 CVE
- 2,614.w-zip1 CVE
- 2,615.x-assign1 CVE
- 2,616.xcode-mcp-server1 CVE
- 2,617.x-data-spreadsheet1 CVE
- 2,618.xd-testing1 CVE
- 2,619.xml2js1 CVE
- 2,620.xmlhttprequest1 CVE
- 2,621.xopen1 CVE
- 2,622.xo-server1 CVE
- 2,623.xo-web1 CVE
- 2,624.xrpl1 CVE
- 2,625.xtalk1 CVE
- 2,626.xterm1 CVE
- 2,627.y18n1 CVE
- 2,628.@yaireo/tagify1 CVE
- 2,629.yargs-parser1 CVE
- 2,630.yauzl1 CVE
- 2,631.yeoman-environment1 CVE
- 2,632.yii2-mcp-server1 CVE
- 2,633.@yoda.digital/gitlab-mcp-server1 CVE
- 2,634.youtube-regex1 CVE
- 2,635.yttivy1 CVE
- 2,636.yui21 CVE
- 2,637.yyooopack1 CVE
- 2,638.yzt1 CVE
- 2,639.@zag-js/core1 CVE
- 2,640.@zenuml/core1 CVE
- 2,641.zip-local1 CVE
- 2,642.zjjserver1 CVE
- 2,643.zod1 CVE
- 2,644.@zowe/cli1 CVE
- 2,645.@zowe/imperative1 CVE
- 2,646.zrender1 CVE
- 2,647.zsa1 CVE
- 2,648.zwserver1 CVE
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →