EUVD-2026-30364

Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl denylist introduced in [email protected] to remediate GHSA-pqhr-mp3f-hrpp Dmitry Prokhorov / Positive Technologies, March 2026 is incomplete. It has an incomplete IPv6 prefix list and is missing redirect re-validatio...

@aneoconsultingfr/armonik-docs-theme (>=0.6.0 <=0.6.15), @avion-block/usebootstrap (>=4.0.0 <=4.0.3) +83 more potentially affected by CVE-2026-34404 via nuxt-og-image (>=0.4.7 <=5.1.9)

nuxt-og-image NPM version =0.4.7, =0.6.0, =4.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0-29145064.1c5c263, =1.6.0, =21.0.0-beta.12 and more Source cves: CVE-2026-34404 Source advisory: OSV:GHSA-C7XP-Q6Q8-HG76...

EUVD-2026-17668

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a Denial of Service DoS vulnerability. The issue arises because there is no restriction on the width and height...

@cssninja/nuxt-media-viewer (>=0.0.1 <=0.0.15), @enab/uipkg (>=0.0.2-beta.0 <=0.0.2-beta.23) +4 more potentially affected by CVE-2025-54387 via ipx (>=1.0.0-2 <=1.1.0)

ipx NPM version =1.0.0-2, =0.0.1, =0.0.2-beta.0, =0.1.0, =1.0.0-27821548.ab054e4, =0.0.3, =0.0.4-beta-6 Source cves: CVE-2025-54387 Source advisory: SNYK:JS-IPX-11483961...

@brandboostinggmbh/image (=0.6.2), @cssninja/nuxt-media-viewer (>=0.0.1 <=0.0.15) +48 more potentially affected by CVE-2025-54387 via ipx (>=0.3.2 <=1.1.0)

ipx NPM version =0.3.2, =0.0.1, =1.0.0, =1.0.0-27100507.943fa27, =1.0.3, =1.0.3-27133259.82aaae0, =0.0.2-beta.0, =0.2.0, =14.9.23-prev, =0.6.3, =0.6.2, =1.0.0-beta.2, =1.0.0-beta.2, =1.0.18, =1.0.0-beta.4, =1.0.0-beta.12 and more Source cves: CVE-2025-54387 Source advisory: OSV:GHSA-MM3P-J368-7JC...