CVE Archive

npm Vulnerability Archive

Recent and critical CVEs affecting npm packages. Kodem’s runtime-powered SCA identifies which are actually reachable in your applications.

Top affected packages

Recent npm CVEs

CVE

Package / summary

Severity

CVE-2026-55650

@outerbase/studio · Outerbase Studio: Stored XSS in Text Widget Leads to Authentication Token…

Medium

CVE-2026-54074

@tinacms/cli · @tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration —…

High

CVE-2026-55091

flat-to-nested · flat-to-nested: Prototype pollution in flat-to-nested convert() via __proto__…

High

CVE-2026-12151

undici · undici WebSocket client vulnerable to denial of service via fragment count…

High

CVE-2026-9679

undici · undici vulnerable to HTTP header injection via Set-Cookie percent-decoding

Medium

CVE-2026-6734

undici · undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

High

CVE-2026-54051

network-ai · Network-AI: Improper Neutralization of Special Elements used in an OS Command

Critical

CVE-2026-48814

network-ai · Network-AI: CVE-2026-46701 fix incomplete — empty default secret still…

Critical

CVE-2026-12644

ts-deepmerge · ts-deepmerge: Prototype Method Override leads to DoS

Medium

CVE-2026-55591

signalk-server · Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints

Medium

CVE-2026-0755

gemini-mcp-tool · gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via…

Critical

CVE-2026-53865

openclaw · OpenClaw: Workspace-derived service PATH could influence trash command selection

High

CVE-2026-53858

openclaw · OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime…

High

CVE-2026-53849

openclaw · OpenClaw: Discord allowFrom could bind to mutable display names

High

CVE-2026-53846

openclaw · OpenClaw: Workspace .env npm_execpath could influence bundled runtime…

High

CVE-2026-53853

openclaw · OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns

High

CVE-2026-53844

openclaw · OpenClaw: memory-wiki shared search could miss session visibility checks

Medium

Stop the waste.
Protect your environment with Kodem.

Get a personalized demo

npm Vulnerability Archive

Stop the waste.Protect your environment with Kodem.

Stop the waste.
Protect your environment with Kodem.