60 matches found
GHSA-6M52-M754-PW2G Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
Summary This is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack / rspack builder if the dev server is bound to a non-loopback address e.g. nuxt dev --host and the developer opens a malicious site on the same network. Details The fix for...
PT-2026-41962
Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...
CVE-2026-41248
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass
Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. This vulnerability is fixed in...
CVE-2024-34344
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrar...
EUVD-2025-178263
Malicious code in joviology-nuxtjs-ursa-lacerta npm...
EUVD-2025-113424
Malicious code in framework-nuxtjs-sedna-build npm...
EUVD-2025-124257
Malicious code in nova-postcss-loader-nuxtjs-duplex npm...
EUVD-2024-2657
Malicious code in bioql PyPI...
EUVD-2024-2564
Malicious code in bioql PyPI...
EUVD-2024-2646
Malicious code in bioql PyPI...
EUVD-2023-12868
Malicious code in bioql PyPI...
EUVD-2022-51758
Malicious code in bioql PyPI...
EUVD-2022-51759
Malicious code in bioql PyPI...
EUVD-2024-2661
Malicious code in bioql PyPI...
CVE-2025-59414 Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival
Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...
CVE-2025-59414 Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival
Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...
Malicious code in fornax-blitz-nuxtjs-spica (npm)
The package fornax-blitz-nuxtjs-spica was found to contain malicious code...
CVE-2025-24360
Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite...
CVE-2023-0878
Cross-site Scripting XSS - Generic in GitHub repository nuxt/framework prior to 3.2.1...