npm2396 advisories

npm security advisories

Most-affected npm packages

openclaw — 203 advisories
flowise — 45 advisories
n8n — 40 advisories
vm2 — 30 advisories
nocodb — 29 advisories
axios — 25 advisories
electron — 21 advisories
hono — 20 advisories
dompurify — 15 advisories
flowise-components — 14 advisories
next — 14 advisories
protobufjs — 12 advisories
@budibase/server — 12 advisories
liquidjs — 11 advisories
directus — 11 advisories
parse-server — 10 advisories
sillytavern — 10 advisories
electerm — 10 advisories
praisonai — 9 advisories
nuxt — 9 advisories

Latest npm advisories

GHSA-vcv2-r9jh-99m5 — high · npm/agentic-flow
GHSA-cgxm-vr2f-6fj8 — high · npm/parse-server
CVE-2026-12151 — high · npm/undici
CVE-2026-9679 — medium · npm/undici
CVE-2026-6734 — high · npm/undici
CVE-2026-54051 — critical · npm/network-ai
CVE-2026-48814 — critical · npm/network-ai
GHSA-76f5-jq4m-cjc3 — medium · npm/ts-esys
GHSA-pw67-28xc-x677 — medium · npm/ts-ecro-helper
GHSA-6wmf-9mj4-fx3x — medium · npm/mongoose-jsonify
GHSA-fq6v-3gxv-7rjv — medium · npm/eth-util
GHSA-748x-3gxw-v7xv — medium · npm/assert-kit
GHSA-hr44-2g4q-fx38 — medium · npm/ethereum-gas-reporter
GHSA-3cg2-mrw5-67r6 — medium · npm/ts-big-ecro
GHSA-chhh-8532-pg35 — medium · npm/new-ecro
CVE-2026-55591 — medium · npm/signalk-server
CVE-2026-0755 — critical · npm/gemini-mcp-tool
CVE-2026-53854 — medium · npm/openclaw
CVE-2026-53865 — high · npm/openclaw
CVE-2026-53858 — high · npm/openclaw
CVE-2026-53849 — high · npm/openclaw
CVE-2026-53850 — medium · npm/openclaw
CVE-2026-53846 — high · npm/openclaw
CVE-2026-53853 — high · npm/openclaw
CVE-2026-53844 — medium · npm/openclaw
CVE-2026-53856 — medium · npm/openclaw
CVE-2026-53857 — high · npm/openclaw
CVE-2026-53847 — medium · npm/openclaw
CVE-2026-53841 — medium · npm/openclaw
CVE-2026-53851 — medium · npm/openclaw
CVE-2026-53855 — high · npm/openclaw
CVE-2026-53859 — medium · npm/openclaw
GHSA-qqf5-x7mj-v43p — high · npm/budibase
GHSA-gfj5-979r-92pw — critical · npm/@acastellon/auth
GHSA-fq4x-789w-jg5h#@agenticmail/openclaw — high · npm/@agenticmail/openclaw
GHSA-fq4x-789w-jg5h#@agenticmail/codex — high · npm/@agenticmail/codex
GHSA-fq4x-789w-jg5h#@agenticmail/claudecode — high · npm/@agenticmail/claudecode
GHSA-fq4x-789w-jg5h#@agenticmail/core — high · npm/@agenticmail/core
GHSA-hjwc-26pj-v3pm — high · npm/@agenticmail/api
GHSA-w6cg-2gpv-j66m — medium · npm/parket-helper

Stateward audits your npm dependencies on every pull request and only flags what your code reaches.

Scan my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.