Nuxt Security Vulnerabilities and Issues — Nuxt CVE List

Lucene search

NuxtNuxt

9 matches found

CVE•added 2023/06/13 6:15 p.m.•251 views

CVE-2023-3224

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.

9.8CVSS9.2AI score0.01931EPSS

CVE•added 2024/08/05 9:15 p.m.•94 views

CVE-2024-23657

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker...

8.8CVSS8.8AI score0.00542EPSS

CVE•added 2024/08/05 9:15 p.m.•79 views

CVE-2024-42352

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/_nuxt_icon/[name]. The proxied request path is improperly parsed, allowing an attacker to change the scheme a...

8.6CVSS8.5AI score0.00049EPSS

CVE•added 2025/03/19 7:15 p.m.•77 views

CVE-2025-27415

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://m...

7.5CVSS7.3AI score0.00054EPSS

CVE•added 2024/08/05 9:15 p.m.•62 views

CVE-2024-34343

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. The function first tes...

6.3CVSS6.4AI score0.00099EPSS

CVE•added 2023/02/17 1:15 a.m.•51 views

CVE-2023-0878

Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.

6.1CVSS6AI score0.00087EPSS

CVE•added 2024/08/05 9:15 p.m.•43 views

CVE-2024-34344

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary ...

8.8CVSS9AI score0.00263EPSS

CVE•added 2025/01/25 1:15 a.m.•23 views

CVE-2025-24361

Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script by ...

5.3CVSS5.4AI score0.00056EPSS

CVE•added 2025/01/25 1:15 a.m.•20 views

CVE-2025-24360

Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any websites to send any requests to the development server and read the response due to default CORS settings. Users with the default server.cors option using Vite builde...

5.3CVSS5.5AI score0.00094EPSS