19 matches found
CVE-2026-44594
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...
CVE-2026-44594
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...
CVE-2026-44594
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...
EUVD-2026-32911
esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...
esm.sh 安全漏洞
esm.sh is an open-source content distribution network developed by esm.sh. Versions of esm.sh 137 and earlier contained a security vulnerability. This vulnerability stemmed from the esbuild plugin’s handling of the browser field in package.json, which allowed attackers to publish npm packages,...
GHSA-RG65-45M7-HQ57 esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files
Summary A Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return arbitrary files from the host filesystem during the build process. Details The vulnerable...
PT-2026-40543
Name of the Vulnerable Software and Affected Versions esm.sh versions 137 and earlier Description A Local File Inclusion LFI issue exists in the esbuild plugin's handling of the browser field within the package.json file. An attacker can publish a malicious npm package that leverages ../ sequence...
org.webjars.npm:cssnano (=5.1.14), org.webjars.npm:cssnano-preset-default (=5.2.13) +2 more potentially affected by CVE-2026-29074 via org.webjars.npm:svgo (=2.8.0)
org.webjars.npm:svgo MAVEN version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:svgo and may be impacted: - org.webjars.npm:cssnano =5.1.14 - org.webjars.npm:cssnano-preset-default =5.2.13 - org.webjars.npm:esbuild-plugin-svg...
EUVD-2025-199159
Malicious code in esbuild-plugin-brotli npm...
Malicious code in esbuild-plugin-brotli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3297dd1fa55908191d232d7ae6e086066d65d1676c5e1d50b624a84ba1083a11 The package esbuild-plugin-brotli was found to contain malicious code. Source: ghsa-malware...
MAL-2025-191087 Malicious code in esbuild-plugin-brotli (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3297dd1fa55908191d232d7ae6e086066d65d1676c5e1d50b624a84ba1083a11 The package esbuild-plugin-brotli was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...
Malicious code in esbuild-plugin-eta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eee6c2c46a6a594f389aa85580f033eb39c879f80478d3cca6d746bd8f8afe21 The package esbuild-plugin-eta was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198837
Malicious code in esbuild-plugin-eta npm...
MAL-2025-190840 Malicious code in esbuild-plugin-eta (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eee6c2c46a6a594f389aa85580f033eb39c879f80478d3cca6d746bd8f8afe21 The package esbuild-plugin-eta was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-198739
Malicious code in esbuild-plugin-httpfile npm...
Malicious code in esbuild-plugin-httpfile (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector efc9c8640b4324e3d5e06e51fa01e3029117ab9121c0baa55b1f81b1b73019a8 The package esbuild-plugin-httpfile was found to contain malicious code. Source: ghsa-malware...
Malicious code in esbuild-plugin-global-externals (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9597 Malicious code in esbuild-plugin-global-externals (npm)
--- -= Per source details. Do not edit below this line.=-...