@classement-des-associations/website-theme (=0.1.3), @neon.id/discovery (>=0.15.1 <=0.17.0) +10 more potentially affected by CVE-2026-46342 via nuxt (=3.1.2)

nuxt NPM version =3.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on nuxt and may be impacted: - @classement-des-associations/website-theme =0.1.3 - @neon.id/discovery =0.15.1, =0.13.1, =0.16.0, =0.10.1, =0.16.1, =0.17.0 - @neon.id/interfaces =0.152...

@cooperco/nuxt-layer-quasar (=1.0.5), @imaginario27/air-ui-utils (>=1.0.4 <=1.0.7) +7 more potentially affected by CVE-2026-45669 via nuxt (>=4.0.0-rc.0 <=4.2.0)

nuxt NPM version =4.0.0-rc.0, =1.0.4, =0.0.1, =1.0.0, =1.1.0, =0.5.0, =0.1.8, =0.1.15 Source cves: CVE-2026-45669 Source advisory: OSV:GHSA-FX6J-W5W5-H468...

Denial Of Service (DoS)

Nuxt is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to improper handling of query strings in CDN-cached routes, where crafted requests such as /?/payload.json can cause JSON responses to be cached and served to normal users, allowing attackers to poison the CDN cache and rende...

CVE-2024-34343

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. The function first...

@nova-org/components (>=0.0.1-next.0 <=0.0.1-next.3) potentially affected by unknown CVE via @oku-ui/motion-nuxt (=0.2.1)

@oku-ui/motion-nuxt NPM version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/motion-nuxt and may be impacted: - @nova-org/components =0.0.1-next.0, =0.0.1-next.3 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191261...

EUVD-2025-0132

Malicious code in bioql PyPI...

CVE-2025-59414

Nuxt (Vue.js framework) exposes a client-side path traversal in the Island payload revival during prerendering. The vulnerability occurs in the revive-payload.client.ts flow when serialized __nuxt_island objects trigger Island fetches via /__nuxt_island/${key}.json, with key potentially containin...

CVE-2025-27415

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as...

CVE-2025-27415

CVE-2025-27415 affects Nuxt (Vue.js framework) prior to version 3.16.0. A crafted HTTP request sent to a server behind a CDN can poison the CDN cache under certain conditions, potentially rendering JSON like https://mysite.com/?/_payload.json and causing the cached response to be served to future...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt versions prior to 3.16.0 that originates from a specially crafted HTTP request sent to a server behind a CDN, which may poison the CDN cache in some cases, severely impacting site availability...

Cross-Origin Resource Sharing (CORS) Misconfiguration

Nuxt is vulnerable to Cross-Origin Resource Sharing CORS misconfiguration. The vulnerability is due to default CORS settings in Nuxt, which allowed any website to send requests to the development server and read the responses. It allows an attacker to send requests from a malicious website and...

Script Injection

Nuxt is vulnerable to Script injection. The vulnerability is due to the lack of same-origin policy enforcement for script requests, allows attackers to inject malicious scripts into a victim's site via a script tag, bypassing security measures intended to prevent such cross-origin interactions...

CVE-2025-24360 Opening a malicious website while running a Nuxt dev server could allow read-only access to code

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...

Cross-Site Scripting (XSS)

nuxt is vulnerable to a Cross-site Scripting XSS. nuxt is vulnerable to a Cross-site Scripting XSS. The vulnerability is due to improper handling of the javascript: protocol in the navigateTo function, which fails to correctly parse and block malformed URLs due to improper usage of the unjs/ufo...

CVE-2024-34344 Remote code execution via the browser when running the test locally in nuxt

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...

0xrtest (=1.0.0), @0xr404/0xrtest (=1.0.0) +506 more potentially affected by CVE-2024-34343 via nuxt (>=0.10.7 <=3.12.3)

nuxt NPM version =0.10.7, =0.0.11, =1.1.11, =1.0.1, =0.0.3-dev, =0.1.0, =1.0.0, =0.1.5, =0.0.1, =1.6.24, =0.9.1, =0.9.4 and more Source cves: CVE-2024-34343 Source advisory: OSV:GHSA-VF6R-87Q4-2VJF...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt versions prior to 1.3.9 that stems from a lack of authentication and vulnerability to path traversal attacks...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt versions prior to 1.4.5, which stems from incorrect proxy request path parsing, allowing an attacker to change the requested scheme and host, potentially leading to sensitive data disclosure...

CVE-2023-3224 Code Injection in nuxt/nuxt

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3...