deno vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-55517Mediumdeno: Deno: Denial of service via non-ASCII bytes in WebSocket response headersCVE-2026-49401Mediumdeno: Deno: Permission Bypass via Unicode Normalization Mismatch on macOS (APFS)CVE-2026-49406Mediumdeno: Deno: BYONM module resolution allows `package.json` main path traversal to bypass `--allow-read`…CVE-2026-49411Mediumdeno: Deno: Node TCPWrap numeric hostname aliases bypass --deny-net resolved-IP deny checksCVE-2026-49440Highdeno: Deno: Miller-Rabin Primality Test Allows Zero RoundsCVE-2026-49402Highdeno: Deno: Command Injection via spawnSync & spawn on WindowsCVE-2026-49983Mediumdeno: Deno: process.loadEnvFile() bypasses env permission checks and mutates process.env with only read…CVE-2026-49860Mediumdeno: Deno: WebSocket API sandbox bypass via missing post-DNS checkCVE-2026-49859Mediumdeno: Deno: `fetch()` API sandbox bypass via missing DNS resolution checkCVE-2026-44726Highdeno: Deno's TLS retry copies stale upgrade hook, risking plaintext trafficCVE-2026-32260Highdeno: Deno vulnerable to command Injection via incomplete shell metacharacter blocklist in…CVE-2026-27190Highdeno: Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_processCVE-2026-22864Highdeno: Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension…CVE-2026-22863Criticaldeno: Deno node:crypto doesn't finalize cipherCVE-2025-61787Highdeno: Deno is Vulnerable to Command Injection on Windows During Batch File ExecutionCVE-2025-61786Lowdeno: Deno's --deny-read check does not prevent permission bypassCVE-2025-61785Lowdeno: Deno's --deny-write check does not prevent permission bypassCVE-2024-21486Mediumdeno: Deno vulnerable to Exposure of Sensitive Information to an Unauthorized ActorCVE-2025-48935Mediumdeno: Deno has --allow-read / --allow-write permission bypass in `node:sqlite`CVE-2025-48934Mediumdeno: Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variablesCVE-2025-48888Mediumdeno: Deno run with --allow-read and --deny-read flags results in allowedCVE-2025-24015Highdeno: Deno's AES GCM authentication tags are not verifiedCVE-2025-21620Highdeno_fetch: fetch: Authorization headers not dropped when redirecting cross-originCVE-2024-34346Highdeno: Deno permission escalation vulnerability via open of privileged files with missing `--deny` flagCVE-2024-27934HighDeno: *const c_void / ExternalPointer unsoundness leading to use-after-free

Stop the waste.
Protect your environment with Kodem.