@unhead/angular (>=3.0.0 <=3.0.0-rc.4), @unhead/react (>=3.0.0 <=3.0.0-rc.4) +4 more potentially affected by unknown CVE via unhead (>=3.0.0-beta.5 <=3.0.0)

unhead NPM version =3.0.0-beta.5, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0-rc.4 Source cves: unknown CVE Source advisory: SNYK:JS-UNHEAD-15989796...

org.webjars.npm:solid-js (=1.9.5) potentially affected by CVE-2026-24006 via org.webjars.npm:seroval (=1.2.1)

org.webjars.npm:seroval MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:seroval and may be impacted: - org.webjars.npm:solid-js =1.9.5 Source cves: CVE-2026-24006 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15054528...

org.webjars.npm:solid-js (=1.9.5) potentially affected by CVE-2026-23957 via org.webjars.npm:seroval (=1.2.1)

org.webjars.npm:seroval MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:seroval and may be impacted: - org.webjars.npm:solid-js =1.9.5 Source cves: CVE-2026-23957 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15054526...

org.webjars.npm:solid-js (=1.9.5) potentially affected by CVE-2026-23956 via org.webjars.npm:seroval (=1.2.1)

org.webjars.npm:seroval MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:seroval and may be impacted: - org.webjars.npm:solid-js =1.9.5 Source cves: CVE-2026-23956 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15054521...

org.webjars.npm:solid-js (=1.9.5) potentially affected by CVE-2026-23737 via org.webjars.npm:seroval (=1.2.1)

org.webjars.npm:seroval MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:seroval and may be impacted: - org.webjars.npm:solid-js =1.9.5 Source cves: CVE-2026-23737 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15054507...

EUVD-2025-5079

Malicious code in bioql PyPI...

Cross Site Scripting

solid-js is vulnerable to Cross Site Scripting. The vulnerability is due to improper escaping of user input inside illegal inlined JSX fragments, allowing unescaped input to be rendered as HTML...

@4smart/cm-alerts-lib (>=1.0.1 <=1.0.64), @8btc/finance-assistant-mcp (>=0.0.1 <=0.0.69) +1668 more potentially affected by CVE-2025-27109 via solid-js (>=0.10.11 <=1.9.3)

solid-js NPM version =0.10.11, =1.0.1, =0.0.1, =0.0.1, =0.1.3, =1.2.5, =1.1.2, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.1.2, =0.1.2, =0.1.0, =0.0.1, =0.1.1, =0.1.5 and more Source cves: CVE-2025-27109 Source advisory: OSV:GHSA-3QXH-P7JC-5XH6...

CVE-2025-27109

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

CVE-2025-27109

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

CVE-2025-27109

SolidJS CVE-2025-27109 describes a Cross-Site Scripting (XSS) vulnerability where user input rendered inside illegal inlined JSX fragments could be unescaped. Affected: SolidJS library with problematic JSX fragment handling. Root cause: lack of escaping in JSX fragments that allows user input to ...

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

PT-2025-7634 · Solid-Js · Solid-Js

Name of the Vulnerable Software and Affected Versions: solid-js versions prior to 1.9.4 Description: The issue concerns a lack of escaping in Inserts/JSX expressions inside illegal inlined JSX fragments, allowing user input to be rendered as HTML when put directly inside JSX fragments. This can...