| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2021-32853 | Erxes vulnerable to Cross-site Scripting | npm | erxes | Medium | 6.1 | 2023-02-20 00:00:00 | Deep Dive |
| CVE-2021-32851 | jQuery MiniColors vulnerable to Cross-site Scripting | npm | mind-elixir | Medium | 6.1 | 2023-02-20 00:00:00 | Deep Dive |
| CVE-2021-32850 | jQuery MiniColors vulnerable to Cross-site Scripting | npm | @claviska/jquery-minicolors | Medium | 6.1 | 2023-02-20 00:00:00 | Deep Dive |
| CVE-2022-25979 | Jsuites 跨站脚本漏洞 | - | jsuites | Medium | 5.4 | 2023-01-31 05:00:02 | Deep Dive |
| CVE-2022-25881 | http-cache-semantics 安全漏洞 | - | http-cache-semantics | Medium | 5.3 | 2023-01-31 05:00:01 | Deep Dive |
| CVE-2022-25901 | CookieJar 安全漏洞 | - | cookiejar | Medium | 5.3 | 2023-01-18 05:00:01 | Deep Dive |
| CVE-2020-7795 | Command Injection | - | get-npm-package-version | High | 7.3 | 2022-08-02 13:27:06 | Deep Dive |
| CVE-2020-28445 | Command Injection | - | npm-help | Critical | 9.8 | 2022-07-25 14:10:11 | Deep Dive |
| CVE-2022-25869 | Angular 跨站脚本漏洞 | - | angular | Medium | 4.2 | 2022-07-15 20:02:03 | Deep Dive |
| CVE-2022-29244 | npm packing does not respect root-level ignore files in workspaces | npm | npm | 高危 | - | 2022-06-13 13:40:27 | Deep Dive |
| CVE-2022-0841 | OS Command Injection in ljharb/npm-lockfile | ljharb | ljharb/npm-lockfile | 超危 | - | 2022-03-03 15:50:10 | Deep Dive |
| CVE-2021-35225 | Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5 | SolarWinds | NPM | Medium | 5.0 | 2021-10-21 17:40:00 | Deep Dive |
| CVE-2021-39135 | UNIX Symbolic Link (Symlink) Following in @npmcli/arborist | npm | arborist | High | 8.2 | 2021-08-31 17:10:10 | Deep Dive |
| CVE-2021-39134 | UNIX Symbolic Link (Symlink) Following in @npmcli/arborist | npm | arborist | High | 8.2 | 2021-08-31 16:55:11 | Deep Dive |
| CVE-2021-37713 | Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization | npm | node-tar | High | 8.2 | 2021-08-31 16:50:09 | Deep Dive |
| CVE-2021-37701 | Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links | npm | node-tar | High | 8.2 | 2021-08-31 00:00:00 | Deep Dive |
| CVE-2021-37712 | Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links | npm | node-tar | High | 8.2 | 2021-08-31 00:00:00 | Deep Dive |
| CVE-2021-32804 | Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization | npm | node-tar | High | 8.2 | 2021-08-03 19:10:12 | Deep Dive |
| CVE-2021-32803 | Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning | npm | node-tar | High | 8.2 | 2021-08-03 19:05:12 | Deep Dive |
| CVE-2021-26700 | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | Microsoft | Visual Studio Code - npm-script Extension | High | 7.8 | 2021-02-25 23:02:00 | Deep Dive |