esm.sh 路径遍历漏洞

esm.sh is a content distribution network open-sourced by esm.sh. A path traversal vulnerability exists in versions prior to esm.sh 136, which stems from path traversal during the decompression of NPM packages, and could lead to arbitrary file writes...

CVE-2025-27424

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS 136...