npm Package Vulnerabilities

All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,232 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 251.js-yaml3 CVEs
  2. 252.keycloak-connect3 CVEs
  3. 253.@langchain/community3 CVEs
  4. 254.layui3 CVEs
  5. 255.llhttp3 CVEs
  6. 256.loader-utils3 CVEs
  7. 257.@lobehub/lobehub3 CVEs
  8. 258.mailgen3 CVEs
  9. 259.@mariozechner/pi-coding-agent3 CVEs
  10. 260.@materializecss/materialize3 CVEs
  11. 261.mcp-markdownify-server3 CVEs
  12. 262.@modelcontextprotocol/sdk3 CVEs
  13. 263.multiparty3 CVEs
  14. 264.mxgraph3 CVEs
  15. 265.nadesiko33 CVEs
  16. 266.@nestjs/platform-fastify3 CVEs
  17. 267.node-fetch3 CVEs
  18. 268.node-jose3 CVEs
  19. 269.node-opcua3 CVEs
  20. 270.node-red-dashboard3 CVEs
  21. 271.node-saml3 CVEs
  22. 272.nuxt-og-image3 CVEs
  23. 273.@nuxt/rspack-builder3 CVEs
  24. 274.@nuxt/webpack-builder3 CVEs
  25. 275.object-path3 CVEs
  26. 276.openmct3 CVEs
  27. 277.passport-saml3 CVEs
  28. 278.@payloadcms/graphql3 CVEs
  29. 279.@payloadcms/next3 CVEs
  30. 280.pdf-image3 CVEs
  31. 281.@plone/volto3 CVEs
  32. 282.psitransfer3 CVEs
  33. 283.public3 CVEs
  34. 284.raneto3 CVEs
  35. 285.@remix-run/server-runtime3 CVEs
  36. 286.safer-eval3 CVEs
  37. 287.sails3 CVEs
  38. 288.@samanhappy/mcphub3 CVEs
  39. 289.samlify3 CVEs
  40. 290.send3 CVEs
  41. 291.@sequelize/core3 CVEs
  42. 292.set-in3 CVEs
  43. 293.shell-quote3 CVEs
  44. 294.simplehttpserver3 CVEs
  45. 295.simple-markdown3 CVEs
  46. 296.slpjs3 CVEs
  47. 297.slp-validate3 CVEs
  48. 298.sm-crypto3 CVEs
  49. 299.snowflake-sdk3 CVEs
  50. 300.socket.io3 CVEs

Which npm packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →