@haxtheweb/haxcms-nodejs vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-48527High@haxtheweb/haxcms-nodejs: HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpointCVE-2026-46357Medium@haxtheweb/haxcms-nodejs: HAX CMS: Denial of Service using Malicious Import RequestCVE-2026-46511High@haxtheweb/haxcms-nodejs: HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack CVE-2026-46396High@haxtheweb/haxcms-nodejs: Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeoverCVE-2026-46395Critical@haxtheweb/haxcms-nodejs: HAXcms: Private Key Disclosure via Broken HMAC ImplementationCVE-2026-46496Medium@haxtheweb/haxcms-nodejs: HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token…CVE-2026-46393High@haxtheweb/haxcms-nodejs: HAXcms createSite SSRF Enables Arbitrary File ReadCVE-2026-22704High@haxtheweb/haxcms-nodejs: HAXcms Has Stored XSS Vulnerability that May Lead to Account TakeoverCVE-2025-54378High@haxtheweb/haxcms-nodejs: HAX CMS API Lacks Authorization ChecksCVE-2025-54139Medium@haxtheweb/haxcms-nodejs: HAX CMS application pages vulnerable to clickjackingCVE-2025-54137High@haxtheweb/haxcms-nodejs: NodeJS version of the HAX CMS application is distributed with Default SecretsCVE-2025-54134High@haxtheweb/haxcms-nodejs: HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of ServiceCVE-2025-54128High@haxtheweb/haxcms-nodejs: NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site ScriptingCVE-2025-54127Critical@haxtheweb/haxcms-nodejs: NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated AccessCVE-2025-49141High@haxtheweb/haxcms-nodejs: HaxCMS-PHP Command Injection VulnerabilityCVE-2025-49139Medium@haxtheweb/haxcms-nodejs: @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability

Stop the waste.
Protect your environment with Kodem.