npm packages — vulnerability index

These pages aggregate every CVE that affects a given npm package, sourced from NVD's CPE matching.

About these pages

Each entry below links to the full CVE history for that npm package: severity, CVSS, KEV flag, summary, and the original NVD record. Counts update as new advisories land — typically within hours of publication. The catalog is curated and bounded to ~100 high-impact packages; expansion to PyPI / Maven / crates / Go-modules follows the same shape.

All packages (71)

PackageCVEsKEVHighest CVSSLatest disclosed
Next.js51110.02026-05-13
Electron469.82026-06-23
axios349.92026-06-11
Angular318.82026-06-22
undici307.52026-06-17
Nuxt229.82026-06-23
Vite2218.32026-06-22
Sequelize1410.02026-03-10
node-tar148.82026-06-22
jQuery1117.52020-05-19
marked117.52026-04-24
Fastify107.52026-04-15
Handlebars109.82026-03-27
lodash109.12026-03-31
NestJS99.82026-06-22
multer97.52026-06-15
Express77.52024-10-29
Ember.js66.12022-06-30
Mongoose69.82026-05-14
React6110.02026-01-26
qs67.52026-05-17
EJS59.82023-05-04
Koa57.52026-02-26
minimatch57.52026-02-26
webpack-dev-server57.52026-06-15
Socket.IO47.52026-03-20
hapi47.52018-06-04
jsonwebtoken49.82022-12-23
moment47.52022-07-06
webpack49.82026-02-05
ws47.52026-06-17
node-fetch36.12022-08-01
tough-cookie37.52023-07-01
Ajv25.62026-02-11
Parcel27.52025-09-17
Vue24.82024-10-15
body-parser27.52025-11-24
cookie27.52024-10-04
debug23.52025-09-15
formidable29.82025-04-26
request26.12023-03-16
send25.32024-09-10
serve-static25.02024-09-10
underscore25.92026-03-03
uuid27.52026-04-24
JSON517.12022-12-24
Passport14.82022-07-01
Pug16.82021-03-03
async17.82022-04-06
bcrypt15.92020-07-01
got15.32022-06-18
minimist15.62020-03-11
morgan19.82019-03-21
react-dom16.12018-12-31
semver15.32023-06-21
sharp16.52022-05-25
Backbone.js0
ESLint0
Helmet0
Jest0
Knex.js0
Mocha0
Prettier0
ShellJS0
chalk0
commander0
cookie-parser0
cors0
dotenv0
validator0
yargs0