logo

Database

Security

Vulnerabilities

Real-time alerts of vulnerabilities across monitored open-source ecosystems.

Ecosystems covered

9

Alpine, Alpm, Debian & more

Total vulnerabilities tracked

561

From global vulnerability databases

Exclude malware
Package ejs

FLAT-CWD37 (CVE-2026-48931)

Insecure deserialization In nodejs

1.1

Low

Ecosystem: Alpine

Package: nodejs

FLAT-G4954 (CVE-2026-48937)

Improper authorization control for web services In nodejs

4.5

Medium

Ecosystem: Debian

Package: nodejs

FLAT-1HTNU (CVE-2026-48617)

Insecure object reference In nodejs

5.8

Medium

Ecosystem: Debian

Package: nodejs

FLAT-CB83B (CVE-2026-48527)

Server side cross-site scripting In @haxtheweb/haxcms-nodejs

5.6

Medium

Ecosystem: Npm

Package: @haxtheweb/haxcms-nodejs

FLAT-LRU4O (GHSA-hgv7-v322-mmgr)

Sensitive information sent insecurely In @sveltejs/kit

2.1

Low

Ecosystem: Npm

Package: @sveltejs/kit

FLAT-T09HY (CVE-2026-46357)

Asymmetric denial of service In @haxtheweb/haxcms-nodejs

5.7

Medium

Ecosystem: Npm

Package: @haxtheweb/haxcms-nodejs

FLAT-B76VJ (CVE-2026-46511)

Reflected cross-site scripting (XSS) In @haxtheweb/haxcms-nodejs

6.3

Medium

Ecosystem: Npm

Package: @haxtheweb/haxcms-nodejs

FLAT-9Q31O (CVE-2026-46395)

Insecure encryption algorithm In @haxtheweb/haxcms-nodejs

8.1

High

Ecosystem: Npm

Package: @haxtheweb/haxcms-nodejs

FLAT-TXCUK (CVE-2026-46393)

Server-side request forgery (SSRF) In @haxtheweb/haxcms-nodejs

4.9

Medium

Ecosystem: Npm

Package: @haxtheweb/haxcms-nodejs

FLAT-7CNWO (GHSA-w94c-4vhp-22gx)

Asymmetric denial of service In @vitejs/plugin-rsc

7.7

High

Ecosystem: Npm

Package: @vitejs/plugin-rsc

FLAT-N07PB (CVE-2026-40074)

Insecure deserialization In @sveltejs/kit

1.7

Low

Ecosystem: Npm

Package: @sveltejs/kit

FLAT-EGYL9 (CVE-2026-40073)

Inadequate file size control In @sveltejs/kit

4.6

Medium

Ecosystem: Npm

Package: @sveltejs/kit

FLAT-3AAMD (GHSA-v457-wxvj-p9w9)

Asymmetric denial of service - ReDoS In @vitejs/plugin-rsc

7.7

High

Ecosystem: Npm

Package: @vitejs/plugin-rsc

FLAT-B3MM0 (CVE-2021-22883)

Asymmetric denial of service In nodejs

6.6

Medium

Ecosystem: Alpm

Package: nodejs

FLAT-WRWZJ (CVE-2021-22884)

Lack of data validation In nodejs

5.2

Medium

Ecosystem: Alpm

Package: nodejs

FLAT-176YW (CVE-2021-22959)

HTTP request smuggling In nodejs

2.7

Low

Ecosystem: Alpm

Package: nodejs

FLAT-VFZA6 (CVE-2021-22960)

HTTP request smuggling In nodejs

2.7

Low

Ecosystem: Alpm

Package: nodejs

FLAT-UV4J2 (CVE-2020-8265)

Out-of-bounds read In nodejs

7.2

High

Ecosystem: Alpm

Package: nodejs

FLAT-0RMFC (CVE-2020-8287)

HTTP request smuggling In nodejs

2.7

Low

Ecosystem: Alpm

Package: nodejs

FLAT-YBUJH (CVE-2021-23362)

Asymmetric denial of service In nodejs

2.7

Low

Ecosystem: Alpm

Package: nodejs

FLAT-JSQQY (CVE-2021-27290)

Asymmetric denial of service In nodejs

4.6

Medium

Ecosystem: Alpm

Package: nodejs

FLAT-HKTWC (CVE-2021-22930)

Out-of-bounds read In nodejs

8.1

High

Ecosystem: Alpm

Package: nodejs

FLAT-IRAC2 (CVE-2021-22939)

Insecure digital certificates In nodejs

2.7

Low

Ecosystem: Alpm

Package: nodejs

FLAT-L03A8 (CVE-2021-22940)

Out-of-bounds read In nodejs

6.6

Medium

Ecosystem: Alpm

Package: nodejs

FLAT-5SHH6 (CVE-2024-27982)

HTTP request smuggling In nodejs-lts-iron

1.7

Low

Ecosystem: Alpm

Package: nodejs-lts-iron

FLAT-WUKQH (CVE-2024-27983)

Asymmetric denial of service In nodejs-lts-iron

6.6

Medium

Ecosystem: Alpm

Package: nodejs-lts-iron

FLAT-320SE (CVE-2025-23166)

Asymmetric denial of service In nodejs

0.6

Low

Ecosystem: Alpm

Package: nodejs

FLAT-8D94J (CVE-2025-23165)

Improper resource allocation In nodejs-lts-jod

2.7

Low

Ecosystem: Alpm

Package: nodejs-lts-jod

FLAT-5QPRB (CVE-2025-23167)

HTTP request smuggling In nodejs-lts-iron

2.7

Low

Ecosystem: Alpm

Package: nodejs-lts-iron

FLAT-Q3BON (CVE-2026-47099)

Reflected cross-site scripting (XSS) In telejson

0.5

Low

Ecosystem: Npm

Package: telejson

FLAT-ZEYL0 (CVE-2026-21717)

Insecure encryption algorithm In nodejs

6.3

Medium

Ecosystem: Alpine

Package: nodejs

FLAT-PGYMK (CVE-2026-21714)

Improper resource allocation In nodejs

7.7

High

Ecosystem: Alpine

Package: nodejs

FLAT-0GG0U (CVE-2026-21716)

Improper authorization control for web services In nodejs

3.6

Low

Ecosystem: Alpine

Package: nodejs

FLAT-B4W5I (CVE-2026-21715)

Improper authorization control for web services In nodejs

0.4

Low

Ecosystem: Alpine

Package: nodejs

FLAT-95169 (CVE-2026-21713)

Lack of data validation - Path Traversal In nodejs

2.5

Low

Ecosystem: Alpine

Package: nodejs

FLAT-1ATTA (CVE-2026-21710)

Lack of data validation - Type confusion In nodejs

6.3

Medium

Ecosystem: Alpine

Package: nodejs

FLAT-3WRL6 (CVE-2026-21712)

Inappropriate coding practices In nodejs

7.7

High

Ecosystem: Alpine

Package: nodejs

FLAT-83CLM (CVE-2026-21711)

Improper authorization control for web services In nodejs

1.1

Low

Ecosystem: RPM

Package: nodejs

FLAT-2NE29 (DSA-6183-1)

Non-upgradable dependencies In nodejs

0.6

Low

Ecosystem: Debian

Package: nodejs

FLAT-NP5YV (CVE-2026-33872)

Race condition In nodejs

4.9

Medium

Ecosystem: Hex

Package: nodejs

FLAT-ZGRFR (MAL-2026-2365)

Use of software with malware In env-nodejs

5.2

Medium

Ecosystem: Npm

Package: env-nodejs

FLAT-Z1M6E (MAL-2026-1962)

Use of software with malware In parsejson-pro

5.2

Medium

Ecosystem: Npm

Package: parsejson-pro

FLAT-THV31 (MAL-2026-1715)

Use of software with malware In dotenv-nodejs

5.2

Medium

Ecosystem: Npm

Package: dotenv-nodejs

FLAT-KB654 (DSA-6166-1)

Non-upgradable dependencies In nodejs

0.6

Low

Ecosystem: Debian

Package: nodejs

FLAT-50E65 (GHSA-fpg4-jhqr-589c)

Inadequate file size control In @sveltejs/kit

1.7

Low

Ecosystem: Npm

Package: @sveltejs/kit

FLAT-GN7JX (GHSA-88qp-p4qg-rqm6)

Lack of data validation - Type confusion In @sveltejs/kit

2.7

Low

Ecosystem: Npm

Package: @sveltejs/kit

FLAT-EWWTM (GHSA-vrhm-gvg7-fpcf)

Improper resource allocation In @sveltejs/kit

4.6

Medium

Ecosystem: Npm

Package: @sveltejs/kit

FLAT-5812H (CVE-2026-27118)

Lack of data validation In @sveltejs/adapter-vercel

1.3

Low

Ecosystem: Npm

Package: @sveltejs/adapter-vercel

FLAT-LF1TH (CVE-2026-25957)

Asymmetric denial of service In @cubejs-backend/server-core

5.7

Medium

Ecosystem: Npm

Package: @cubejs-backend/server-core

FLAT-3SDYV (CVE-2026-25958)

Lack of data validation - Trust boundary violation In @cubejs-backend/server-core

5.9

Medium

Ecosystem: Npm

Package: @cubejs-backend/server-core

FLAT-XWMVV (MAL-2026-406)

Use of software with malware In aws-crt-nodejs

5.2

Medium

Ecosystem: Npm

Package: aws-crt-nodejs

FLAT-NIC8W (CVE-2026-21637)

Asymmetric denial of service In nodejs

6.3

Medium

Ecosystem: Alpine

Package: nodejs

FLAT-OO70F (CVE-2025-59466)

Improper resource allocation In nodejs

6.3

Medium

Ecosystem: Alpine

Package: nodejs

FLAT-ZK9KZ (CVE-2025-59465)

Asymmetric denial of service - ReDoS In nodejs

6.3

Medium

Ecosystem: Alpine

Package: nodejs

FLAT-P2FAE (CVE-2025-55130)

Lack of data validation - Path Traversal In nodejs

5.8

Medium

Ecosystem: Alpine

Package: nodejs

FLAT-X9W0T (CVE-2025-55131)

Inappropriate coding practices In nodejs

0.6

Low

Ecosystem: Alpine

Package: nodejs

FLAT-L42S6 (CVE-2025-55132)

Excessive privileges In nodejs

1.1

Low

Ecosystem: Alpine

Package: nodejs

FLAT-WL573 (CVE-2025-59464)

Improper resource allocation In nodejs

6.5

Medium

Ecosystem: RPM

Package: nodejs

FLAT-J04US (MAL-2026-312)

Use of software with malware In spire.officejs-externs

5.2

Medium

Ecosystem: Npm

Package: spire.officejs-externs

FLAT-WVEXR (MAL-2026-313)

Use of software with malware In spire.officejs-fonts

5.2

Medium

Ecosystem: Npm

Package: spire.officejs-fonts

FLAT-DZEHK (CVE-2026-22803)

Lack of data validation In @sveltejs/kit

4.6

Medium

Ecosystem: Npm

Package: @sveltejs/kit

FLAT-9BNZ9 (CVE-2025-67647)

Server-side request forgery (SSRF) In @sveltejs/kit

5.0

Medium

Ecosystem: Npm

Package: @sveltejs/kit

FLAT-L8RWA (CVE-2026-22704)

Server side cross-site scripting In @haxtheweb/haxcms-nodejs

5.8

Medium

Ecosystem: Npm

Package: @haxtheweb/haxcms-nodejs

FLAT-9UAF3 (MAL-2026-41)

Use of software with malware In spire.officejs-document

5.2

Medium

Ecosystem: Npm

Package: spire.officejs-document

FLAT-TGQER (MAL-2026-39)

Use of software with malware In spire.officejs-common

5.2

Medium

Ecosystem: Npm

Package: spire.officejs-common

FLAT-2D1SV (MAL-2026-40)

Use of software with malware In spire.officejs-editors

5.2

Medium

Ecosystem: Npm

Package: spire.officejs-editors

FLAT-PXDW7 (MAL-2025-192852)

Use of software with malware In polyfill-corejs2

5.2

Medium

Ecosystem: Npm

Package: polyfill-corejs2

FLAT-GR44L (CVE-2025-68155)

Lack of data validation - Path Traversal In @vitejs/plugin-rsc

6.5

Medium

Ecosystem: Npm

Package: @vitejs/plugin-rsc

FLAT-EZ35R (GHSA-c6m7-q6pr-c64r)

Insecure deserialization In @vitejs/plugin-rsc

2.7

Low

Ecosystem: Npm

Package: @vitejs/plugin-rsc

FLAT-NOFMI (GHSA-cpqf-f22c-r95x)

Asymmetric denial of service - ReDoS In @vitejs/plugin-rsc

7.7

High

Ecosystem: Npm

Package: @vitejs/plugin-rsc

FLAT-9GWAP (CVE-2025-67489)

Server side template injection In @vitejs/plugin-rsc

8.4

High

Ecosystem: Npm

Package: @vitejs/plugin-rsc

FLAT-PFMJV (GHSA-fmh4-wr37-44fp)

Insecure deserialization In @vitejs/plugin-rsc

8.4

High

Ecosystem: Npm

Package: @vitejs/plugin-rsc

FLAT-LWRW4 (MAL-2025-191579)

Use of software with malware In lbank-connector-nodejs

5.2

Medium

Ecosystem: Npm

Package: lbank-connector-nodejs

FLAT-OICAO (MAL-2025-191564)

Use of software with malware In aps-simple-viewer-nodejs

5.2

Medium

Ecosystem: Npm

Package: aps-simple-viewer-nodejs

FLAT-R0LFU (MAL-2025-191301)

Use of software with malware In @productdevbook/animejs-vue

5.2

Medium

Ecosystem: Npm

Package: @productdevbook/animejs-vue

FLAT-G49Z0 (MAL-2025-191426)

Use of software with malware In simplejsonform

5.2

Medium

Ecosystem: Npm

Package: simplejsonform

FLAT-8SUGQ (MAL-2025-190718)

Use of software with malware In @asyncapi/nodejs-template

5.2

Medium

Ecosystem: Npm

Package: @asyncapi/nodejs-template

FLAT-P98RW (MAL-2025-190728)

Use of software with malware In @ensdomains/dnssecoraclejs

5.2

Medium

Ecosystem: Npm

Package: @ensdomains/dnssecoraclejs

FLAT-138X9 (MAL-2025-190719)

Use of software with malware In @asyncapi/nodejs-ws-template

5.2

Medium

Ecosystem: Npm

Package: @asyncapi/nodejs-ws-template

FLAT-WUF91 (MAL-2025-190727)

Use of software with malware In @ensdomains/dnsprovejs

5.2

Medium

Ecosystem: Npm

Package: @ensdomains/dnsprovejs

FLAT-9T63N (GHSA-8wj8-cfxr-9374)

Remote command execution In aws-advanced-nodejs-wrapper

7.7

High

Ecosystem: Npm

Package: aws-advanced-nodejs-wrapper

FLAT-V7BC5 (MAL-2025-188330)

Use of software with malware In nodejs-sublimation-blueshift-ganymede

5.2

Medium

Ecosystem: Npm

Package: nodejs-sublimation-blueshift-ganymede

FLAT-VHS7L (MAL-2025-187767)

Use of software with malware In levels-event-bionics-nodejs

5.2

Medium

Ecosystem: Npm

Package: levels-event-bionics-nodejs

FLAT-378MI (MAL-2025-188329)

Use of software with malware In nodejs-sass-loader-carina-duplex

5.2

Medium

Ecosystem: Npm

Package: nodejs-sass-loader-carina-duplex

FLAT-0ADAL (MAL-2025-188325)

Use of software with malware In nodejs-csrf-sagitta-materialize

5.2

Medium

Ecosystem: Npm

Package: nodejs-csrf-sagitta-materialize

FLAT-W54UV (MAL-2025-186716)

Use of software with malware In element-ui-nodejs-bellatrix-hapi

5.2

Medium

Ecosystem: Npm

Package: element-ui-nodejs-bellatrix-hapi

FLAT-2YI9U (MAL-2025-186252)

Use of software with malware In commitlint-config-angular-nodejs-carpo-vortex

5.2

Medium

Ecosystem: Npm

Package: commitlint-config-angular-nodejs-carpo-vortex

FLAT-DQ4QV (MAL-2025-190103)

Use of software with malware In ursa-auth0-delphinus-nodejs

5.2

Medium

Ecosystem: Npm

Package: ursa-auth0-delphinus-nodejs

FLAT-DQWDN (MAL-2025-188327)

Use of software with malware In nodejs-oberon-ignite-node-sass

5.2

Medium

Ecosystem: Npm

Package: nodejs-oberon-ignite-node-sass

FLAT-5ZVLU (MAL-2025-187752)

Use of software with malware In less-geckodriver-mongodb-nodejs

5.2

Medium

Ecosystem: Npm

Package: less-geckodriver-mongodb-nodejs

FLAT-WSYNS (MAL-2025-188512)

Use of software with malware In paleoclimatology-jsonp-troposphere-nodejs

5.2

Medium

Ecosystem: Npm

Package: paleoclimatology-jsonp-troposphere-nodejs

FLAT-AQI41 (MAL-2025-186042)

Use of software with malware In celeste-baryon-stop-nodejs

5.2

Medium

Ecosystem: Npm

Package: celeste-baryon-stop-nodejs

FLAT-D516J (MAL-2025-186569)

Use of software with malware In despina-photon-nodejs-on

5.2

Medium

Ecosystem: Npm

Package: despina-photon-nodejs-on

FLAT-0WKXP (MAL-2025-188328)

Use of software with malware In nodejs-radioastronomy-tailwindcss-chalk

5.2

Medium

Ecosystem: Npm

Package: nodejs-radioastronomy-tailwindcss-chalk

FLAT-MUUUL (MAL-2025-188248)

Use of software with malware In neutronstar-bootstrap-nodejs-paleomagnetism

5.2

Medium

Ecosystem: Npm

Package: neutronstar-bootstrap-nodejs-paleomagnetism

FLAT-MJ1N7 (MAL-2025-186942)

Use of software with malware In farout-quark-joviology-nodejs

5.2

Medium

Ecosystem: Npm

Package: farout-quark-joviology-nodejs

FLAT-N2NHU (MAL-2025-185457)

Use of software with malware In andromeda-webpack-nodejs-sadr

5.2

Medium

Ecosystem: Npm

Package: andromeda-webpack-nodejs-sadr

FLAT-PA04J (MAL-2025-186648)

Use of software with malware In duplex-parcel-nodejs-membrane

5.2

Medium

Ecosystem: Npm

Package: duplex-parcel-nodejs-membrane

FLAT-JDAHL (MAL-2025-187646)

Use of software with malware In jwt-jwt-nodejs-publish

5.2

Medium

Ecosystem: Npm

Package: jwt-jwt-nodejs-publish

FLAT-BVYQJ (MAL-2025-190288)

Use of software with malware In webpack-dotenv-safe-avior-nodejs

5.2

Medium

Ecosystem: Npm

Package: webpack-dotenv-safe-avior-nodejs