nuxt vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-M3Q2-P4FW-W38MLownuxt: Cross-site scripting via <NoScript> slot content in Nuxt's head componentsCVE-2026-53722Mediumnuxt: Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URLGHSA-534H-C3CW-V3H9Mediumnuxt: Nuxt dev server vite-node IPC socket is world-connectable on LinuxCVE-2026-53721Highnuxt: Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcherCVE-2026-56326Mediumnuxt: Nuxt: URL-handling weaknesses in `navigateTo` and `reloadNuxtApp`: SSR open redirect, client-side script execution via the `open` option,…GHSA-RQ7W-G337-39QQLownuxt: Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`CVE-2026-47200Mediumnuxt: Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`CVE-2026-46342Lownuxt: Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoningCVE-2026-45669Mediumnuxt: Nuxt: Reflected XSS in `navigateTo()` external redirectCVE-2025-59414Lownuxt: Nuxt has Client-Side Path Traversal in Nuxt Island Payload RevivalCVE-2025-27415Highnuxt: Nuxt allows DOS via cache poisoning with payload rendering responseCVE-2024-34344Criticalnuxt: Nuxt vulnerable to remote code execution via the browser when running the test locallyCVE-2024-34343Mediumnuxt: nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSRCVE-2023-3224Criticalnuxt: nuxt Code Injection vulnerability

Stop the waste.
Protect your environment with Kodem.