Vulnerable packages
Packages
Reverse lookup: every package coordinate seen in a CVE's affected list. Click a row to see every CVE that mentions it — with affected version range, fixed-in version, severity, and KEV status.
Sort by:
| # | Ecosystem | Package | CVEs | Latest CVE | purl |
|---|---|---|---|---|---|
| 1 | npm | openclaw | 392 | May 6, 2026 | pkg:npm/openclaw |
| 2 | npm | parse-server | 106 | May 12, 2026 | pkg:npm/parse-server |
| 3 | npm | n8n | 67 | May 14, 2026 | pkg:npm/n8n |
| 4 | npm | flowise | 63 | May 14, 2026 | pkg:npm/flowise |
| 5 | npm | directus | 53 | Apr 9, 2026 | pkg:npm/directus |
| 6 | npm | electron | 48 | Apr 7, 2026 | pkg:npm/electron |
| 7 | npm | next | 47 | May 13, 2026 | pkg:npm/next |
| 8 | npm | vm2 | 32 | May 13, 2026 | pkg:npm/vm2 |
| 9 | npm | hono | 26 | May 13, 2026 | pkg:npm/hono |
| 10 | npm | nocodb | 25 | Mar 2, 2026 | pkg:npm/nocodb |
| 11 | npm | @anthropic-ai/claude-code | 24 | May 5, 2026 | pkg:npm/%40anthropic-ai/claude-code |
| 12 | npm | axios | 23 | May 8, 2026 | pkg:npm/axios |
| 13 | npm | undici | 22 | Mar 12, 2026 | pkg:npm/undici |
| 14 | npm | ghost | 21 | Mar 7, 2026 | pkg:npm/ghost |
| 15 | npm | @openzeppelin/contracts | 19 | Jul 17, 2025 | pkg:npm/%40openzeppelin/contracts |
| 16 | npm | vite | 19 | Apr 7, 2026 | pkg:npm/vite |
| 17 | npm | @openzeppelin/contracts-upgradeable | 18 | Jul 17, 2025 | pkg:npm/%40openzeppelin/contracts-upgradeable |
| 18 | npm | astro | 17 | May 13, 2026 | pkg:npm/astro |
| 19 | npm | ckeditor4 | 15 | Aug 21, 2024 | pkg:npm/ckeditor4 |
| 20 | npm | jspdf | 15 | Mar 18, 2026 | pkg:npm/jspdf |
| 21 | npm | sequelize | 15 | Mar 10, 2026 | pkg:npm/sequelize |
| 22 | npm | tar | 15 | Mar 9, 2026 | pkg:npm/tar |
| 23 | npm | @nyariv/sandboxjs | 14 | May 11, 2026 | pkg:npm/%40nyariv/sandboxjs |
| 24 | npm | flowise-components | 14 | May 11, 2026 | pkg:npm/flowise-components |
| 25 | npm | fuxa-server | 14 | Feb 9, 2026 | pkg:npm/fuxa-server |
| 26 | npm | joplin | 14 | Nov 14, 2024 | pkg:npm/joplin |
| 27 | npm | nodebb | 14 | Aug 27, 2025 | pkg:npm/nodebb |
| 28 | npm | tinymce | 14 | Jun 19, 2024 | pkg:npm/tinymce |
| 29 | npm | signalk-server | 13 | May 9, 2026 | pkg:npm/signalk-server |
| 30 | npm | systeminformation | 13 | May 13, 2026 | pkg:npm/systeminformation |
| 31 | npm | @directus/api | 12 | Feb 12, 2026 | pkg:npm/%40directus/api |
| 32 | npm | @evershop/evershop | 12 | Jan 5, 2026 | pkg:npm/%40evershop/evershop |
| 33 | npm | angular | 12 | Apr 29, 2025 | pkg:npm/angular |
| 34 | npm | dompurify | 12 | Apr 23, 2026 | pkg:npm/dompurify |
| 35 | npm | handlebars | 12 | Mar 27, 2026 | pkg:npm/handlebars |
| 36 | npm | jsrsasign | 12 | Mar 23, 2026 | pkg:npm/jsrsasign |
| 37 | npm | matrix-js-sdk | 12 | Sep 16, 2025 | pkg:npm/matrix-js-sdk |
| 38 | npm | node-forge | 12 | Mar 27, 2026 | pkg:npm/node-forge |
| 39 | npm | pnpm | 12 | Jan 26, 2026 | pkg:npm/pnpm |
| 40 | npm | strapi | 12 | Sep 27, 2022 | pkg:npm/strapi |
| 41 | npm | svelte | 12 | May 14, 2026 | pkg:npm/svelte |
| 42 | npm | @lobehub/chat | 11 | Jan 30, 2026 | pkg:npm/%40lobehub/chat |
| 43 | npm | @oneuptime/common | 11 | Mar 10, 2026 | pkg:npm/%40oneuptime/common |
| 44 | npm | marked | 11 | Apr 24, 2026 | pkg:npm/marked |
| 45 | npm | protobufjs | 11 | May 13, 2026 | pkg:npm/protobufjs |
| 46 | npm | @strapi/strapi | 10 | Oct 16, 2025 | pkg:npm/%40strapi/strapi |
| 47 | npm | @sveltejs/kit | 10 | Apr 10, 2026 | pkg:npm/%40sveltejs/kit |
| 48 | npm | apostrophe | 10 | May 14, 2026 | pkg:npm/apostrophe |
| 49 | npm | clawdbot | 10 | Mar 5, 2026 | pkg:npm/clawdbot |
| 50 | npm | electerm | 10 | May 14, 2026 | pkg:npm/electerm |
| 51 | npm | fastify | 10 | Apr 15, 2026 | pkg:npm/fastify |
| 52 | npm | fast-xml-parser | 10 | May 7, 2026 | pkg:npm/fast-xml-parser |
| 53 | npm | lodash | 10 | Mar 31, 2026 | pkg:npm/lodash |
| 54 | npm | payload | 10 | Apr 1, 2026 | pkg:npm/payload |
| 55 | npm | sillytavern | 10 | May 12, 2026 | pkg:npm/sillytavern |
| 56 | npm | @haxtheweb/haxcms-nodejs | 9 | Jan 10, 2026 | pkg:npm/%40haxtheweb/haxcms-nodejs |
| 57 | npm | bootstrap | 9 | May 15, 2025 | pkg:npm/bootstrap |
| 58 | npm | liquidjs | 9 | May 9, 2026 | pkg:npm/liquidjs |
| 59 | npm | matrix-appservice-irc | 9 | Feb 25, 2025 | pkg:npm/matrix-appservice-irc |
| 60 | npm | mermaid | 9 | May 11, 2026 | pkg:npm/mermaid |
| 61 | npm | next-auth | 9 | Nov 20, 2023 | pkg:npm/next-auth |
| 62 | npm | npm | 9 | Jan 23, 2026 | pkg:npm/npm |
| 63 | npm | sanitize-html | 9 | Apr 15, 2026 | pkg:npm/sanitize-html |
| 64 | npm | shescape | 9 | Mar 11, 2026 | pkg:npm/shescape |
| 65 | npm | validator | 9 | Nov 27, 2025 | pkg:npm/validator |
| 66 | npm | xmldom | 9 | May 7, 2026 | pkg:npm/xmldom |
| 67 | npm | @builder.io/qwik-city | 8 | Mar 20, 2026 | pkg:npm/%40builder.io/qwik-city |
| 68 | npm | @xmldom/xmldom | 8 | May 7, 2026 | pkg:npm/%40xmldom/xmldom |
| 69 | npm | editor.md | 8 | May 1, 2023 | pkg:npm/editor.md |
| 70 | npm | elliptic | 8 | Jan 8, 2026 | pkg:npm/elliptic |
| 71 | npm | fast-jwt | 8 | May 13, 2026 | pkg:npm/fast-jwt |
| 72 | npm | jquery | 8 | May 19, 2020 | pkg:npm/jquery |
| 73 | npm | locutus | 8 | Mar 27, 2026 | pkg:npm/locutus |
| 74 | npm | lodash-es | 8 | Mar 31, 2026 | pkg:npm/lodash-es |
| 75 | npm | matrix-react-sdk | 8 | Oct 15, 2024 | pkg:npm/matrix-react-sdk |
| 76 | npm | steal | 8 | Sep 20, 2022 | pkg:npm/steal |
| 77 | npm | uptime-kuma | 8 | Mar 12, 2026 | pkg:npm/uptime-kuma |
| 78 | npm | urijs | 8 | Apr 5, 2022 | pkg:npm/urijs |
| 79 | npm | url-parse | 8 | Feb 21, 2022 | pkg:npm/url-parse |
| 80 | npm | @astrojs/node | 7 | Apr 24, 2026 | pkg:npm/%40astrojs/node |
| 81 | npm | @auth0/nextjs-auth0 | 7 | Apr 17, 2026 | pkg:npm/%40auth0/nextjs-auth0 |
| 82 | npm | @backstage/plugin-scaffolder-backend | 7 | Mar 12, 2026 | pkg:npm/%40backstage/plugin-scaffolder-backend |
| 83 | npm | @budibase/server | 7 | May 15, 2026 | pkg:npm/%40budibase/server |
| 84 | npm | @strapi/plugin-users-permissions | 7 | May 14, 2026 | pkg:npm/%40strapi/plugin-users-permissions |
| 85 | npm | hermes-engine | 7 | Jan 15, 2022 | pkg:npm/hermes-engine |
| 86 | npm | jquery-ui | 7 | Jul 20, 2022 | pkg:npm/jquery-ui |
| 87 | npm | lunary | 7 | Sep 13, 2024 | pkg:npm/lunary |
| 88 | npm | mattermost-desktop | 7 | Dec 17, 2025 | pkg:npm/mattermost-desktop |
| 89 | npm | multer | 7 | Mar 4, 2026 | pkg:npm/multer |
| 90 | npm | react-router | 7 | Jan 10, 2026 | pkg:npm/react-router |
| 91 | npm | react-server-dom-parcel | 7 | May 6, 2026 | pkg:npm/react-server-dom-parcel |
| 92 | npm | react-server-dom-turbopack | 7 | May 6, 2026 | pkg:npm/react-server-dom-turbopack |
| 93 | npm | react-server-dom-webpack | 7 | May 6, 2026 | pkg:npm/react-server-dom-webpack |
| 94 | npm | simple-git | 7 | Apr 25, 2026 | pkg:npm/simple-git |
| 95 | npm | snyk-broker | 7 | Jul 25, 2022 | pkg:npm/snyk-broker |
| 96 | npm | studiocms | 7 | Mar 18, 2026 | pkg:npm/studiocms |
| 97 | npm | tarteaucitronjs | 7 | Jan 13, 2026 | pkg:npm/tarteaucitronjs |
| 98 | npm | total.js | 7 | Aug 30, 2021 | pkg:npm/total.js |
| 99 | npm | vega | 7 | Nov 13, 2025 | pkg:npm/vega |
| 100 | npm | @angular/ssr | 6 | May 13, 2026 | pkg:npm/%40angular/ssr |
- npmMay 6, 2026pkg:npm/openclaw
- npmMay 12, 2026pkg:npm/parse-server
- npmMay 14, 2026pkg:npm/n8n
- npmMay 14, 2026pkg:npm/flowise
- npmApr 9, 2026pkg:npm/directus
- npmApr 7, 2026pkg:npm/electron
- npmMay 13, 2026pkg:npm/next
- npmMay 13, 2026pkg:npm/vm2
- npmMay 13, 2026pkg:npm/hono
- npmMar 2, 2026pkg:npm/nocodb
- npmMay 5, 2026pkg:npm/%40anthropic-ai/claude-code
- npmMay 8, 2026pkg:npm/axios
- npmMar 12, 2026pkg:npm/undici
- npmMar 7, 2026pkg:npm/ghost
- npmJul 17, 2025pkg:npm/%40openzeppelin/contracts
- npmApr 7, 2026pkg:npm/vite
- npmJul 17, 2025pkg:npm/%40openzeppelin/contracts-upgradeable
- npmMay 13, 2026pkg:npm/astro
- npmAug 21, 2024pkg:npm/ckeditor4
- npmMar 18, 2026pkg:npm/jspdf
- npmMar 10, 2026pkg:npm/sequelize
- npmMar 9, 2026pkg:npm/tar
- npmMay 11, 2026pkg:npm/%40nyariv/sandboxjs
- npmMay 11, 2026pkg:npm/flowise-components
- npmFeb 9, 2026pkg:npm/fuxa-server
- npmNov 14, 2024pkg:npm/joplin
- npmAug 27, 2025pkg:npm/nodebb
- npmJun 19, 2024pkg:npm/tinymce
- npmMay 9, 2026pkg:npm/signalk-server
- npmMay 13, 2026pkg:npm/systeminformation
- npmFeb 12, 2026pkg:npm/%40directus/api
- npmJan 5, 2026pkg:npm/%40evershop/evershop
- npmApr 29, 2025pkg:npm/angular
- npmApr 23, 2026pkg:npm/dompurify
- npmMar 27, 2026pkg:npm/handlebars
- npmMar 23, 2026pkg:npm/jsrsasign
- npmSep 16, 2025pkg:npm/matrix-js-sdk
- npmMar 27, 2026pkg:npm/node-forge
- npmJan 26, 2026pkg:npm/pnpm
- npmSep 27, 2022pkg:npm/strapi
- npmMay 14, 2026pkg:npm/svelte
- npmJan 30, 2026pkg:npm/%40lobehub/chat
- npmMar 10, 2026pkg:npm/%40oneuptime/common
- npmApr 24, 2026pkg:npm/marked
- npmMay 13, 2026pkg:npm/protobufjs
- npmOct 16, 2025pkg:npm/%40strapi/strapi
- npmApr 10, 2026pkg:npm/%40sveltejs/kit
- npmMay 14, 2026pkg:npm/apostrophe
- npmMar 5, 2026pkg:npm/clawdbot
- npmMay 14, 2026pkg:npm/electerm
- npmApr 15, 2026pkg:npm/fastify
- npmMay 7, 2026pkg:npm/fast-xml-parser
- npmMar 31, 2026pkg:npm/lodash
- npmApr 1, 2026pkg:npm/payload
- npmMay 12, 2026pkg:npm/sillytavern
- npmJan 10, 2026pkg:npm/%40haxtheweb/haxcms-nodejs
- npmMay 15, 2025pkg:npm/bootstrap
- npmMay 9, 2026pkg:npm/liquidjs
- npmFeb 25, 2025pkg:npm/matrix-appservice-irc
- npmMay 11, 2026pkg:npm/mermaid
- npmNov 20, 2023pkg:npm/next-auth
- npmJan 23, 2026pkg:npm/npm
- npmApr 15, 2026pkg:npm/sanitize-html
- npmMar 11, 2026pkg:npm/shescape
- npmNov 27, 2025pkg:npm/validator
- npmMay 7, 2026pkg:npm/xmldom
- npmMar 20, 2026pkg:npm/%40builder.io/qwik-city
- npmMay 7, 2026pkg:npm/%40xmldom/xmldom
- npmMay 1, 2023pkg:npm/editor.md
- npmJan 8, 2026pkg:npm/elliptic
- npmMay 13, 2026pkg:npm/fast-jwt
- npmMay 19, 2020pkg:npm/jquery
- npmMar 27, 2026pkg:npm/locutus
- npmMar 31, 2026pkg:npm/lodash-es
- npmOct 15, 2024pkg:npm/matrix-react-sdk
- npmSep 20, 2022pkg:npm/steal
- npmMar 12, 2026pkg:npm/uptime-kuma
- npmApr 5, 2022pkg:npm/urijs
- npmFeb 21, 2022pkg:npm/url-parse
- npmApr 24, 2026pkg:npm/%40astrojs/node
- npmApr 17, 2026pkg:npm/%40auth0/nextjs-auth0
- npmMar 12, 2026pkg:npm/%40backstage/plugin-scaffolder-backend
- npmMay 15, 2026pkg:npm/%40budibase/server
- npmMay 14, 2026pkg:npm/%40strapi/plugin-users-permissions
- npmJan 15, 2022pkg:npm/hermes-engine
- npmJul 20, 2022pkg:npm/jquery-ui
- npmSep 13, 2024pkg:npm/lunary
- npmDec 17, 2025pkg:npm/mattermost-desktop
- npmMar 4, 2026pkg:npm/multer
- npmJan 10, 2026pkg:npm/react-router
- npmMay 6, 2026pkg:npm/react-server-dom-parcel
- npmMay 6, 2026pkg:npm/react-server-dom-turbopack
- npmMay 6, 2026pkg:npm/react-server-dom-webpack
- npmApr 25, 2026pkg:npm/simple-git
- npmJul 25, 2022pkg:npm/snyk-broker
- npmMar 18, 2026pkg:npm/studiocms
- npmJan 13, 2026pkg:npm/tarteaucitronjs
- npmAug 30, 2021pkg:npm/total.js
- npmNov 13, 2025pkg:npm/vega
- npmMay 13, 2026pkg:npm/%40angular/ssr
Showing top 100 packages in npm by CVE count. Data union of GitHub Security Advisories + OSV.dev (refreshed every 15 min).