npm Package Vulnerabilities
All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,232 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 251.js-yaml3 CVEs
- 252.keycloak-connect3 CVEs
- 253.@langchain/community3 CVEs
- 254.layui3 CVEs
- 255.llhttp3 CVEs
- 256.loader-utils3 CVEs
- 257.@lobehub/lobehub3 CVEs
- 258.mailgen3 CVEs
- 259.@mariozechner/pi-coding-agent3 CVEs
- 260.@materializecss/materialize3 CVEs
- 261.mcp-markdownify-server3 CVEs
- 262.@modelcontextprotocol/sdk3 CVEs
- 263.multiparty3 CVEs
- 264.mxgraph3 CVEs
- 265.nadesiko33 CVEs
- 266.@nestjs/platform-fastify3 CVEs
- 267.node-fetch3 CVEs
- 268.node-jose3 CVEs
- 269.node-opcua3 CVEs
- 270.node-red-dashboard3 CVEs
- 271.node-saml3 CVEs
- 272.nuxt-og-image3 CVEs
- 273.@nuxt/rspack-builder3 CVEs
- 274.@nuxt/webpack-builder3 CVEs
- 275.object-path3 CVEs
- 276.openmct3 CVEs
- 277.passport-saml3 CVEs
- 278.@payloadcms/graphql3 CVEs
- 279.@payloadcms/next3 CVEs
- 280.pdf-image3 CVEs
- 281.@plone/volto3 CVEs
- 282.psitransfer3 CVEs
- 283.public3 CVEs
- 284.raneto3 CVEs
- 285.@remix-run/server-runtime3 CVEs
- 286.safer-eval3 CVEs
- 287.sails3 CVEs
- 288.@samanhappy/mcphub3 CVEs
- 289.samlify3 CVEs
- 290.send3 CVEs
- 291.@sequelize/core3 CVEs
- 292.set-in3 CVEs
- 293.shell-quote3 CVEs
- 294.simplehttpserver3 CVEs
- 295.simple-markdown3 CVEs
- 296.slpjs3 CVEs
- 297.slp-validate3 CVEs
- 298.sm-crypto3 CVEs
- 299.snowflake-sdk3 CVEs
- 300.socket.io3 CVEs
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →