@analogjs/platform (>=0.1.0-beta.15 <=0.2.0-beta.13), @analogjs/vite-plugin-nitro (>=0.2.0-beta.2 <=0.2.0-beta.13) +46 more potentially affected by CVE-2026-44372 via nitropack (>=0.2.11 <=2.13.1)

nitropack NPM version =0.2.11, =0.1.0-beta.15, =0.2.0-beta.2, =1.6.0, =0.5.0, =0.6.1, =1.0.0, =5.0.0-rc.108, =0.13.0, =0.7.2, =0.7.3, =0.9.1, =0.13.1, =0.7.2, =0.27.1, =0.8.1, =0.16.0 and more Source cves: CVE-2026-44372 Source advisory: OSV:GHSA-9PHM-9P8F-HW5M...

Open Redirect

Overview nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Open Redirect via the routeRules function. An attacker can redirect users to arbitrary external sites by crafting URLs with double slashes after the route prefix, causing...

Open Redirect

Overview org.webjars.npm:nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Open Redirect via the routeRules function. An attacker can redirect users to arbitrary external sites by crafting URLs with double slashes after the route...

NPM: Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`

NPM: Nitro has a proxy scope bypass via percent-encoded path traversal in routeRules vulnerability discovered by ? in WordPress Npm nitropack versions 2.13.4...

@analogjs/platform (>=0.1.0-beta.15 <=0.2.0-beta.13), @analogjs/vite-plugin-nitro (>=0.2.0-beta.2 <=0.2.0-beta.13) +46 more potentially affected by CVE-2026-44373 via nitropack (>=0.2.11 <=2.13.1)

nitropack NPM version =0.2.11, =0.1.0-beta.15, =0.2.0-beta.2, =1.6.0, =0.5.0, =0.6.1, =1.0.0, =5.0.0-rc.108, =0.13.0, =0.7.2, =0.7.3, =0.9.1, =0.13.1, =0.7.2, =0.27.1, =0.8.1, =0.16.0 and more Source cves: CVE-2026-44373 Source advisory: OSV:GHSA-5W89-W975-HF9Q...

Directory Traversal

Overview org.webjars.npm:nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Directory Traversal via the routeRules function. An attacker can access files or endpoints outside the intended proxy scope by sending specially crafted URLs...

Directory Traversal

Overview nitropack is a Build and Deploy Universal JavaScript Servers Affected versions of this package are vulnerable to Directory Traversal via the routeRules function. An attacker can access files or endpoints outside the intended proxy scope by sending specially crafted URLs containing...

CVE-2026-39669

Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3...

EUVD-2026-20344

Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through = 1.19.3...

CVE-2026-39669

Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3...

CVE-2026-39669

CVE-2026-39669 affects the WordPress NitroPack plugin (NitroPack nitropack) up to version 1.19.3, where a Missing Authorization vulnerability arises from an incorrectly configured access control security level. The issue is described across multiple sources (NVD/Red Hat/EUVD/CVE list) as a broken...

CVE-2026-39669 WordPress NitroPack plugin <= 1.19.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3...

CVE-2026-39669 WordPress NitroPack plugin <= 1.19.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3...

CVE-2026-39669

Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3...

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-31231

CVE-2026-39669 Missing Authorization vulnerability in NitroPack NitroPack nitropack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroP… https://t.co/FlBAHgMTTZ...

WordPress NitroPack plugin <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Transient Update vulnerability discovered by Sean Murphy in WordPress Plugin NitroPack versions = 1.17.0...

EUVD-2024-34380

Malicious code in bioql PyPI...

EUVD-2024-40572

Malicious code in bioql PyPI...

EUVD-2023-56795

Malicious code in bioql PyPI...