CVE-2023-3224

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.

CVE-2024-23657

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the getTextAssetContent RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocket handler, an attacker...

CVE-2024-42352

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/_nuxt_icon/[name]. The proxied request path is improperly parsed, allowing an attacker to change the scheme a...

CVE-2024-34343

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. The function first tes...

CVE-2023-0878

Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.

CVE-2024-34344

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the path parameter in the NuxtTestComponentWrapper, an attacker can execute arbitrary JavaScript on the server side, which allows them to execute arbitrary ...