JLSEC-2026-100 Deno is vulnerable to race condition via interactive permission prompt spoofing

Impact Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the terminal screen after permission prompt was shown and write a generic message li...

JLSEC-2026-114 Deno node:crypto doesn't finalize cipher

Summary The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. PoC js import crypto from "node:crypto"; const key = crypto.randomBytes32; const iv =...

SUSE CVE-2026-32260

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:childprocess polyfill shell: true mode that bypasses the fix for CVE-2026-27190. The two-stage argument sanitization in transformDenoShellCommand...

CVE-2026-27190

Deno prior to 2.6.8 contains a command injection in the node:child_process polyfill when shell: true is used, fixed in 2.6.8 (CVE-2026-27190). Red Hat and other sources corroborate the fix in 2.6.8. A related follow-on (CVE-2026-32260) describes a bypass of the 27190 fix in 2.7.0–2.7.1 due to a p...

CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

Deno 操作系统命令注入漏洞

Deno is a simple, modern, and secure JavaScript and TypeScript runtime environment developed by Deno itself. Versions of Deno prior to 2.6.8 had an operating system command injection vulnerability, which originated from a command injection vulnerability present in Deno’s node:childprocess...

SUSE CVE-2026-22864

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error when a spawned path's extension matched .bat or .cmd. That check performs a case-sensitive comparison against lowercase literals and...

GHSA-5379-F5HF-W38V Deno node:crypto doesn't finalize cipher

Summary The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server secrets. PoC js import crypto from "node:crypto"; const key = crypto.randomBytes32; const iv =...

CVE-2026-22863

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...

CVE-2026-22863 Deno node:crypto doesn't finalize cipher

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability allows an attacker to have infinite encryptions. This can lead to naive attempts at brute forcing, as well as more refined attacks with the goal to learn the server...

Deno is Vulnerable to Command Injection on Windows During Batch File Execution

Summary Deno versions up to 2.5.1 are vulnerable to Command Line Injection attacks on Windows when batch files are executed. Details In Windows, CreateProcess always implicitly spawns cmd.exe if a batch file .bat, .cmd, etc. is being executed even if the application does not specify it via the...

PT-2025-41212

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.5.3 and 2.2.15 Description Deno, a JavaScript, TypeScript, and WebAssembly runtime, is susceptible to Command Line Injection attacks on Windows operating systems when batch files are executed. The Windows operating...

Deno 安全漏洞

Deno is a simple, modern and secure JavaScript and TypeScript runtime environment from Deno Open Source. A security vulnerability exists in Deno versions prior to 2.5.3 and prior to 2.2.15, which stems from insufficient permission model checking and could lead to bypassing the permission model...

EUVD-2023-0976

Malicious code in bioql PyPI...

EUVD-2024-0827

Malicious code in bioql PyPI...

EUVD-2023-1335

Malicious code in bioql PyPI...

EUVD-2024-0803

Malicious code in bioql PyPI...

EUVD-2022-1369

Malicious code in bioql PyPI...

EUVD-2023-1626

Malicious code in bioql PyPI...

EUVD-2024-30286

Malicious code in bioql PyPI...