GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Moderate
CVE-2025-24360
was published
for
@nuxt/vite-builder
(npm)
Jan 27, 2025
Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Moderate
CVE-2025-24361
was published
for
@nuxt/rspack-builder
(npm)
Jan 27, 2025
Vitest browser mode serves arbitrary files
Moderate
CVE-2025-24963
was published
for
@vitest/browser
(npm)
Feb 4, 2025
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Critical
CVE-2025-24964
was published
for
vitest
(npm)
Feb 4, 2025
esbuild enables any website to send any requests to the development server and read the response
Moderate
GHSA-67mh-4wv8-2f99
was published
for
esbuild
(npm)
Feb 10, 2025
Information exposure in Next.js dev server due to lack of origin verification
Low
CVE-2025-48068
was published
for
next
(npm)
May 28, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site
Moderate
CVE-2025-30359
was published
for
webpack-dev-server
(npm)
Jun 4, 2025
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Moderate
CVE-2025-30360
was published
for
webpack-dev-server
(npm)
Jun 4, 2025
webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins
Moderate
CVE-2026-6402
was published
for
webpack-dev-server
(npm)
May 18, 2026
Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Moderate
CVE-2026-45670
was published
for
@nuxt/rspack-builder
(npm)
May 19, 2026
ProTip!
Advisories are also available from the
GraphQL API