@cooperco/nuxt-layer-quasar (=1.0.5), @imaginario27/air-ui-utils (>=1.0.4 <=1.0.7) +7 more potentially affected by CVE-2026-45669 via nuxt (>=4.0.0-rc.0 <=4.2.0)

nuxt NPM version =4.0.0-rc.0, =1.0.4, =0.0.1, =1.0.0, =1.1.0, =0.5.0, =0.1.8, =0.1.15 Source cves: CVE-2026-45669 Source advisory: OSV:GHSA-FX6J-W5W5-H468...

@andor83/mother-may-i (>=1.0.1 <=1.0.10), @bloggrify/bento (>=0.9.1 <=1.0.0) +43 more potentially affected by CVE-2025-27415 via nuxt (>=3.0.0 <=3.15.4)

nuxt NPM version =3.0.0, =1.0.1, =0.9.1, =1.1.1, =1.0.1, =1.1.0, =0.3.14, =9.8.3, =1.12.0-rc.5, =0.13.0, =0.7.2, =0.7.3, =0.9.1, =0.13.1, =0.7.2, =0.27.1, =0.30.0 and more Source cves: CVE-2025-27415 Source advisory: OSV:GHSA-JVHM-GJRH-3H93...

PT-2025-5343 · Webpack +2 · Webpack +2

Name of the Vulnerable Software and Affected Versions: Nuxt versions 3.0.0 through 3.15.12 Nuxt versions 3.12.2 through 3.152 Description: Source code may be stolen during development when using the webpack or rspack builder and a victim opens a malicious website. Because the request for classic...

PT-2025-5342 · Vite +1 · Vite +1

Name of the Vulnerable Software and Affected Versions: Nuxt versions 3.8.1 through 3.15.2 Description: The issue arises due to default CORS settings in Nuxt, allowing any website to send requests to the development server and read the response. This can lead to source code theft by malicious...

0xrtest (=1.0.0), @0xr404/0xrtest (=1.0.0) +506 more potentially affected by CVE-2024-34343 via nuxt (>=0.10.7 <=3.12.3)

nuxt NPM version =0.10.7, =0.0.11, =1.1.11, =1.0.1, =0.0.3-dev, =0.1.0, =1.0.0, =0.1.5, =0.0.1, =1.6.24, =0.9.1, =0.9.4 and more Source cves: CVE-2024-34343 Source advisory: OSV:GHSA-VF6R-87Q4-2VJF...