Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-6m52-m754-pw2g
  • npm/@nuxt/rspack-builder
  • npm/@nuxt/webpack-builder
 Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99) 5 days ago
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-79cf-xcqc-c78w
  • npm/webpack-dev-server
 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins 6 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-rv78-f8rc-xrxh
  • npm/react-server-dom-parcel
  • npm/react-server-dom-turbopack
  • npm/react-server-dom-webpack
 Facebook React has a Denial of Service Vulnerability in React Server Components 11 May
  • Fix available
  • Severity - 7.5 (High)
GHSA-479c-33wc-g2pg
  • npm/react-server-dom-parcel
  • npm/react-server-dom-turbopack
  • npm/react-server-dom-webpack
 React Server Components have a Denial of Service Vulnerability 10 Apr
  • Fix available
  • Severity - 7.5 (High)
MAL-2026-918
  • npm/webpack-vite
 Malicious code in webpack-vite (npm) 16 Feb
  • No fix available
GHSA-8fgc-7cc6-rx7x
  • npm/webpack
 webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior 05 Feb
  • Fix available
  • Severity - 3.7 (Low)
GHSA-38r7-794h-5758
  • npm/webpack
 webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence 05 Feb
  • Fix available
  • Severity - 3.7 (Low)
GHSA-83fc-fqcc-2hmg
  • npm/react-server-dom-parcel
  • npm/react-server-dom-turbopack
  • npm/react-server-dom-webpack
 React Server Components have multiple Denial of Service Vulnerabilities 29 Jan
  • Fix available
  • Severity - 7.5 (High)
MAL-2026-70
  • npm/@shop-cicd/webpack-package-artifact
 Malicious code in @shop-cicd/webpack-package-artifact (npm) 06 Jan
  • No fix available
MAL-2025-192693
  • npm/airslate-dep-webpack
 Malicious code in airslate-dep-webpack (npm) 22 Dec 2025
  • No fix available
GHSA-7gmr-mq3h-m5h9
  • npm/react-server-dom-parcel
  • npm/react-server-dom-turbopack
  • npm/react-server-dom-webpack
 Denial of Service Vulnerability in React Server Components 12 Dec 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-2m3v-v2m8-q956
  • npm/react-server-dom-parcel
  • npm/react-server-dom-turbopack
  • npm/react-server-dom-webpack
 Denial of Service Vulnerability in React Server Components 11 Dec 2025
  • Fix available
  • Severity - 7.5 (High)
GHSA-925w-6v3x-g4j4
  • npm/react-server-dom-parcel
  • npm/react-server-dom-turbopack
  • npm/react-server-dom-webpack
 Source Code Exposure Vulnerability in React Server Components 11 Dec 2025
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-fv66-9v8q-g76r
  • npm/react-server-dom-parcel
  • npm/react-server-dom-turbopack
  • npm/react-server-dom-webpack
 React Server Components are Vulnerable to RCE 03 Dec 2025
  • Fix available
  • Severity - 10.0 (Critical)
MAL-2025-191154
  • npm/webpack-loader-httpfile
 Malicious code in webpack-loader-httpfile (npm) 24 Nov 2025
  • No fix available
MAL-2025-190916
  • npm/@tezign/html-webpack-plugin
 Malicious code in @tezign/html-webpack-plugin (npm) 24 Nov 2025
  • No fix available
Load more...