github.com/esm-dev/esm.sh vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-44594Highgithub.com/esm-dev/esm.sh: esm.sh: Path Traversal via package.json browser field allows reading arbitrary server filesCVE-2026-44593Highgithub.com/esm-dev/esm.sh: esm.sh: Legacy Route Path Traversal Can Lead to RCECVE-2026-27730Highgithub.com/esm-dev/esm.sh: esm.sh has SSRF localhost/private-network bypass in `/http(s)` module routeCVE-2025-50180Highgithub.com/esm-dev/esm.sh: esm.sh is vulnerable to full-response SSRFCVE-2026-23644Highgithub.com/esm-dev/esm.sh: esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packagesCVE-2025-65026Mediumgithub.com/esm-dev/esm.sh: esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScriptCVE-2025-65025Highgithub.com/esm-dev/esm.sh: esm.sh CDN service has arbitrary file write via tarslipCVE-2025-59342Mediumgithub.com/esm-dev/esm.sh: esm.sh has arbitrary file write via path traversal in `X-Zone-Id` headerCVE-2025-59341Highgithub.com/esm-dev/esm.sh: esm.sh has File Inclusion issue

Stop the waste.
Protect your environment with Kodem.