PT-2026-38623

Name of the Vulnerable Software and Affected Versions nuxt-og-image versions 6.2.5 through 6.4.8 @nuxtjs/og-image versions 6.2.5 through 6.4.8 Description An issue exists in the isBlockedUrl function where the denylist used to prevent Server-Side Request Forgery SSRF is incomplete. This allows...

Allocation of Resources Without Limits or Throttling

Overview nuxt-og-image is an Enlightened OG Image generation for Nuxt. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unbounded width and height parameters in the image generation. An attacker can exhaust server memory and cause...

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

CVE-2026-34404

CVE-2026-34404 affects Nuxt OG Image. The vulnerability is in the image-generation component accessed via /_og/d/ (and older /og-image/), where unbounded width/height parameters allow a Denial of Service. Affected versions prior to 6.2.5 are exploitable; the issue has been patched in version 6.2....

CVE-2026-34404 Nuxt OG Image vulnerable to DoS via image generation

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a Denial of Service DoS vulnerability. The issue arises because there is no restriction on the width and height...

PT-2026-29371

Name of the Vulnerable Software and Affected Versions Nuxt OG Image versions prior to 6.2.5 Description The Nuxt OG Image package contains a flaw in the image-generation component accessible via the API endpoint / og/d/ and /og-image/ in older versions. This issue allows for the injection of...