Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
npm/payload — 10 CVEs · VulnScope
pkg:npm/
payload
10 total CVEs
CRITICAL
2
HIGH
3
MEDIUM
3
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.8
CVE-2022-27952
Unrestricted Upload of File with Dangerous Type in Payload
from 0, < 0.15.1
CRITICAL
9.1
CVE-2026-34751
Payload: Pre-Authentication Account Takeover via Parameter Injection in Password Recovery
from 0, < 3.79.1
HIGH
8.5
CVE-2026-34747
Payload has an SQL Injection via Query Handling
from 0, < 3.79.1
HIGH
7.7
Payload has Authenticated SSRF via Upload Functionality
from 0, < 3.79.1
HIGH
7.4
Hidden fields can be leaked on readable collections in Payload
from 0, < 1.7.0
MEDIUM
6.5
Payload: Server-Side Request Forgery (SSRF) in External File URL Uploads
from 0, < 3.75.0
MEDIUM
5.4
Payload has a CSRF Protection Bypass in Authentication Flow
from 0, < 3.79.1
MEDIUM
5.4
payload-preferences has Cross-Collection IDOR in Access Control (Multi-Auth Environments)
from 0, < 3.74.0
—
Payload's SQLite adapter Session Fixation vulnerability
from 0, < 3.44.0
—
Payload does not invalidate JWTs after log out
from 0, < 3.44.0
CVE-2026-34746
CVE-2023-30843
CVE-2026-27567
CVE-2026-34749
CVE-2026-25574
CVE-2025-4644
CVE-2025-4643