npm Package Vulnerabilities

All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,240 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 351.bootstrap-table2 CVEs
  2. 352.@boxlite-ai/boxlite2 CVEs
  3. 353.braces2 CVEs
  4. 354.@braintree/sanitize-url2 CVEs
  5. 355.browserstack-runner2 CVEs
  6. 356.@budibase/worker2 CVEs
  7. 357.buttle2 CVEs
  8. 358.cached-path-relative2 CVEs
  9. 359.chromedriver2 CVEs
  10. 360.ckeditor52 CVEs
  11. 361.@ckeditor/ckeditor5-clipboard2 CVEs
  12. 362.@clerk/hono2 CVEs
  13. 363.@clerk/react-router2 CVEs
  14. 364.@clerk/shared2 CVEs
  15. 365.@clerk/tanstack-react-start2 CVEs
  16. 366.@cloudflare/workers-oauth-provider2 CVEs
  17. 367.color-string2 CVEs
  18. 368.compressing2 CVEs
  19. 369.converse.js2 CVEs
  20. 370.cordova-plugin-inappbrowser2 CVEs
  21. 371.crud-file-server2 CVEs
  22. 372.crypto-js2 CVEs
  23. 373.css-what2 CVEs
  24. 374.@cubejs-backend/api-gateway2 CVEs
  25. 375.@cubejs-backend/server-core2 CVEs
  26. 376.cyberchef2 CVEs
  27. 377.datatables.net2 CVEs
  28. 378.dbgate-api2 CVEs
  29. 379.dbgate-web2 CVEs
  30. 380.decal2 CVEs
  31. 381.deep-get-set2 CVEs
  32. 382.deephas2 CVEs
  33. 383.deepseek-tui2 CVEs
  34. 384.defaults-deep2 CVEs
  35. 385.@dependencytrack/frontend2 CVEs
  36. 386.detect-character-encoding2 CVEs
  37. 387.devcert2 CVEs
  38. 388.dijit2 CVEs
  39. 389.@directus/app2 CVEs
  40. 390.@directus/storage-driver-s32 CVEs
  41. 391.@discordjs/opus2 CVEs
  42. 392.dotty2 CVEs
  43. 393.droppy2 CVEs
  44. 394.electron-markdownify2 CVEs
  45. 395.element-plus2 CVEs
  46. 396.elysia2 CVEs
  47. 397.enclave-vm2 CVEs
  48. 398.eta2 CVEs
  49. 399.@excalidraw/excalidraw2 CVEs
  50. 400.exifreader2 CVEs

Which npm packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →