npm Package Vulnerabilities
All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,240 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 351.bootstrap-table2 CVEs
- 352.@boxlite-ai/boxlite2 CVEs
- 353.braces2 CVEs
- 354.@braintree/sanitize-url2 CVEs
- 355.browserstack-runner2 CVEs
- 356.@budibase/worker2 CVEs
- 357.buttle2 CVEs
- 358.cached-path-relative2 CVEs
- 359.chromedriver2 CVEs
- 360.ckeditor52 CVEs
- 361.@ckeditor/ckeditor5-clipboard2 CVEs
- 362.@clerk/hono2 CVEs
- 363.@clerk/react-router2 CVEs
- 364.@clerk/shared2 CVEs
- 365.@clerk/tanstack-react-start2 CVEs
- 366.@cloudflare/workers-oauth-provider2 CVEs
- 367.color-string2 CVEs
- 368.compressing2 CVEs
- 369.converse.js2 CVEs
- 370.cordova-plugin-inappbrowser2 CVEs
- 371.crud-file-server2 CVEs
- 372.crypto-js2 CVEs
- 373.css-what2 CVEs
- 374.@cubejs-backend/api-gateway2 CVEs
- 375.@cubejs-backend/server-core2 CVEs
- 376.cyberchef2 CVEs
- 377.datatables.net2 CVEs
- 378.dbgate-api2 CVEs
- 379.dbgate-web2 CVEs
- 380.decal2 CVEs
- 381.deep-get-set2 CVEs
- 382.deephas2 CVEs
- 383.deepseek-tui2 CVEs
- 384.defaults-deep2 CVEs
- 385.@dependencytrack/frontend2 CVEs
- 386.detect-character-encoding2 CVEs
- 387.devcert2 CVEs
- 388.dijit2 CVEs
- 389.@directus/app2 CVEs
- 390.@directus/storage-driver-s32 CVEs
- 391.@discordjs/opus2 CVEs
- 392.dotty2 CVEs
- 393.droppy2 CVEs
- 394.electron-markdownify2 CVEs
- 395.element-plus2 CVEs
- 396.elysia2 CVEs
- 397.enclave-vm2 CVEs
- 398.eta2 CVEs
- 399.@excalidraw/excalidraw2 CVEs
- 400.exifreader2 CVEs
Which npm packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →