npm Package Vulnerabilities

All 2,642 JavaScript / Node.js packages with known CVEs, ranked by live CVE volume — 5,240 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 401.expo2 CVEs
  2. 402.express-fileupload2 CVEs
  3. 403.express-gateway2 CVEs
  4. 404.express-openid-connect2 CVEs
  5. 405.express-xss-sanitizer2 CVEs
  6. 406.expr-eval2 CVEs
  7. 407.expr-eval-fork2 CVEs
  8. 408.fast-filesystem-mcp2 CVEs
  9. 409.fastify-csrf2 CVEs
  10. 410.@fastify/multipart2 CVEs
  11. 411.fastify-multipart2 CVEs
  12. 412.@fastify/passport2 CVEs
  13. 413.@fastify/static2 CVEs
  14. 414.fastify-static2 CVEs
  15. 415.@fastly/js-compute2 CVEs
  16. 416.fast-string-search2 CVEs
  17. 417.fast-uri2 CVEs
  18. 418.fast-xml-builder2 CVEs
  19. 419.financejs2 CVEs
  20. 420.@finastra/nestjs-proxy2 CVEs
  21. 421.@finastra/ssr-pages2 CVEs
  22. 422.find-my-way2 CVEs
  23. 423.fiora2 CVEs
  24. 424.flatted2 CVEs
  25. 425.form-data2 CVEs
  26. 426.formio2 CVEs
  27. 427.forms2 CVEs
  28. 428.ftp-srv2 CVEs
  29. 429.fullpage.js2 CVEs
  30. 430.generator-jhipster2 CVEs
  31. 431.generator-jhipster-kotlin2 CVEs
  32. 432.genieacs2 CVEs
  33. 433.ggit2 CVEs
  34. 434.gitbook2 CVEs
  35. 435.@github/copilot2 CVEs
  36. 436.@gitlawb/openclaude2 CVEs
  37. 437.glob-parent2 CVEs
  38. 438.@hapi/content2 CVEs
  39. 439.@hapi/wreck2 CVEs
  40. 440.Haraka2 CVEs
  41. 441.harp2 CVEs
  42. 442.hashbrown-cms2 CVEs
  43. 443.hawk2 CVEs
  44. 444.@haxtheweb/open-apis2 CVEs
  45. 445.@haxtheweb/video-player2 CVEs
  46. 446.hekto2 CVEs
  47. 447.hellojs2 CVEs
  48. 448.hexo2 CVEs
  49. 449.highcharts2 CVEs
  50. 450.hoek2 CVEs

Which npm packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →