CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

OSV•added 2026/04/14 1:10 p.m.•3 views

JLSEC-2026-109 Deno run with --allow-read and --deny-read flags results in allowed

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions give...

6.9CVSS5.8AI score0.00258EPSS

Exploits1References8

OSV•added 2026/04/14 1:10 p.m.•1 views

JLSEC-2026-112 Deno's --deny-read check does not prevent permission bypass

Summary Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explicit read access to the script is executed with --deny-read=./ Similar APIs like Deno.stat a...

3.3CVSS5.8AI score0.00023EPSS

Exploits1References7

RedhatCVE•added 2025/10/09 1:13 a.m.•3 views

CVE-2025-61786

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

3.3CVSS6.5AI score0.00023EPSS

Exploits1References1

OSV•added 2025/10/08 5:56 p.m.•5 views

GHSA-QQ26-84MH-26J9 Deno's --deny-read check does not prevent permission bypass

3.3CVSS6.7AI score0.00023EPSS

Exploits1References7

Github Security Blog•added 2025/10/08 5:56 p.m.•4 views

Deno's --deny-read check does not prevent permission bypass

3.3CVSS6.7AI score0.00023EPSS

Exploits1References7Affected Software1

NVD•added 2025/10/08 1:15 a.m.•2 views

CVE-2025-61786

3.3CVSS0.00023EPSS

Exploits1References5

CVE•added 2025/10/08 12:49 a.m.•8 views

CVE-2025-61786

CVE-2025-61786 affects the Deno runtime: prior to versions 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync bypass the permission check when --deny-read=./ is used, allowing retrieval of file stats from files the user does not have explicit read access to. The vulne...

3.3CVSS6.2AI score0.00023EPSS

Exploits1References5Affected Software1

OSV•added 2025/10/08 12:49 a.m.•3 views

CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass

3.3CVSS6.3AI score0.00023EPSS

Exploits1References7

AlpineLinux•added 2025/10/08 12:49 a.m.•3 views

CVE-2025-61786

3.3CVSS6.6AI score0.00023EPSS

Exploits1References5

EUVD•added 2025/10/08 12:49 a.m.•2 views

EUVD-2025-33180

3.3CVSS6AI score0.00023EPSS

Exploits1References6

Vulnrichment•added 2025/10/08 12:49 a.m.•1 views

CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass

3.3CVSS6.2AI score0.00023EPSS

Exploits1References5

Cvelist•added 2025/10/08 12:49 a.m.•6 views

CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass

3.3CVSS0.00023EPSS

Exploits1References5

Positive Technologies•added 2025/10/08 12:0 a.m.•4 views

PT-2025-41209

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.5.3 Deno versions prior to 2.2.15 Description Deno is a JavaScript, TypeScript, and WebAssembly runtime. The Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync functions do not enforce the --deny-read=./...

3.3CVSS6.4AI score0.00023EPSS

Exploits1References10

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2024-20950

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00089EPSS

Exploits0References2

SUSE CVE•added 2025/06/06 2:14 a.m.•0 views

SUSE CVE-2025-48888

6.9CVSS6.8AI score0.00258EPSS

Exploits1References3

Github Security Blog•added 2025/06/04 9:13 p.m.•10 views

Deno run with --allow-read and --deny-read flags results in allowed

Summary deno run --allow-read --deny-read main.ts results in allowed, even though 'deny' should be stronger. Same with all global unary permissions given as --allow- --deny-. Details Caused by the fast exit logic in 22894. PoC Run the above command expecting no permissions to be passed. Impact Th...

6.9CVSS6.9AI score0.00258EPSS

Exploits1References8Affected Software2

OSV•added 2025/06/04 9:13 p.m.•2 views

GHSA-XQXC-X6P3-W683 Deno run with --allow-read and --deny-read flags results in allowed

6.9CVSS7.2AI score0.00258EPSS

Exploits1References8

CNNVD•added 2025/06/04 12:0 a.m.•2 views

Deno 安全漏洞

Deno is a simple, modern and secure JavaScript and TypeScript runtime environment from Deno Open Source. A security vulnerability exists in Deno versions prior to 2.1.13, prior to 2.2.13, and prior to 2.3.2, which stems from the deny-read permission not being in effect correctly, which could lead...

6.9CVSS6.3AI score0.00258EPSS

Exploits1References6

Positive Technologies•added 2024/05/07 12:0 a.m.•3 views

PT-2024-25803 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.43 Description: The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may...

8.4CVSS6.6AI score0.00103EPSS

Exploits0References9

Positive Technologies•added 2024/02/06 12:0 a.m.•3 views

PT-2024-19875 · Microsoft · Windows Network Drive Connector

Name of the Vulnerable Software and Affected Versions: Windows Network Drive Connector affected versions not specified Description: An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny...

6.5CVSS6.4AI score0.00089EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by