Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/02/25 3:32 p.m.4 views

CVE-2025-50180 esm.sh is vulnerable to full-response SSRF

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

8.7CVSS5.9AI score0.00381EPSS
Exploits1References6
OSV
OSV
added 2026/02/25 3:32 p.m.8 views

CVE-2025-50180 esm.sh is vulnerable to full-response SSRF

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

8.7CVSS5.5AI score0.00381EPSS
Exploits1References8
OSV
OSV
added 2026/02/25 3:19 p.m.4 views

GHSA-3C9R-837R-QQM4 esm.sh is vulnerable to full-response SSRF

Summary esh.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Details Vulnerable code location: https://github.com/esm-dev/esm.sh/blob/f80ff8c8d58749e77fa964abde468fc61f8bd89e/server/router.goL511 If the intern...

8.7CVSS5.6AI score0.00381EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/11/19 5:32 p.m.4 views

CVE-2025-65025 esm.sh CDN service has arbitrary file write via tarslip

esm.sh is a nobuild content delivery networkCDN for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball extraction. An attacker can craft a malicious NPM package containing specially crafted file paths e.g.,...

8.2CVSS6.6AI score0.00499EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.2 views

PT-2025-38247

Name of the Vulnerable Software and Affected Versions esm.sh versions prior to 136 Description A Local File Inclusion LFI issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the server to read and return files from the host filesystem or other...

9.8CVSS7.4AI score0.02829EPSS
Exploits4References51
Rows per page
Query Builder