Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: javascript Clear
ID Title
CVE-2026-11975 Cross-Site Scripting (XSS) in CVE-2026-11975 (CVE-2026-11975)
cross-site scripting in CVE-2026-11975 (CVE-2026-11975). Risk of unauthorized operations or information disclosure.
CVE-2026-54011 Cross-Site Scripting (XSS) in open-webui (CVE-2026-54011)
cross-site scripting in open-webui (CVE-2026-54011). Confidential information can be exposed externally. Exploitable via ``innerHTML``. Mitigation: upgrade to `0.9.6` or later.
CVE-2026-54325 Vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54325)
vulnerability in @earendil-works/pi-coding-agent (CVE-2026-54325). Risk of unauthorized operations or information disclosure. Exploitable via ``project_trust``. Mitigation: upgrade to `0.79.0` or later.
CVE-2026-48788 Cross-Site Scripting (XSS) in github.com/umputun/remark42 (CVE-2026-48788)
cross-site scripting in github.com/umputun/remark42 (CVE-2026-48788). Confidential information can be exposed externally. Exploitable via ``http.DetectContentType``. Mitigation: upgrade to `1.16.0` or later.
CVE-2026-54309 Vulnerability in n8n (CVE-2026-54309)
vulnerability in n8n (CVE-2026-54309). Confidential information can be exposed externally. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54302 Cross-Site Scripting (XSS) in n8n (CVE-2026-54302)
cross-site scripting in n8n (CVE-2026-54302). Risk of unauthorized operations or information disclosure. Exploitable via ``webhookId``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-12425 Cross-Site Scripting (XSS) in powerschool (CVE-2026-12425)
cross-site scripting in powerschool (CVE-2026-12425). Risk of unauthorized operations or information disclosure.
CVE-2026-53864 OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
CVE-2026-53841 Cross-Site Scripting (XSS) in openclaw (CVE-2026-53841)
cross-site scripting in openclaw (CVE-2026-53841). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.5.12` or later.
CVE-2026-49401 Vulnerability in deno (CVE-2026-49401)
vulnerability in deno (CVE-2026-49401). Data can be tampered with by attackers. Mitigation: upgrade to `2.7.14` or later.
CVE-2026-49406 Path Traversal in deno (CVE-2026-49406)
path traversal in deno (CVE-2026-49406). Confidential information can be exposed externally. Exploitable via ``main``. Mitigation: upgrade to `2.7.12` or later.
CVE-2026-49411 Vulnerability in deno (CVE-2026-49411)
vulnerability in deno (CVE-2026-49411). Confidential information can be exposed externally. Exploitable via ``Host``. Mitigation: upgrade to `2.8.0` or later.
CVE-2026-49440 Vulnerability in deno (CVE-2026-49440)
vulnerability in deno (CVE-2026-49440). Confidential information can be exposed externally. Exploitable via ``options.checks``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-49402 OS Command Injection in deno (CVE-2026-49402)
OS command injection in deno (CVE-2026-49402). Successful exploitation can lead to full system takeover. Exploitable via ``spawn``. Mitigation: upgrade to `2.7.10` or later.
CVE-2026-49983 Authorization Flaw in deno (CVE-2026-49983)
vulnerability in deno (CVE-2026-49983). Risk of unauthorized operations or information disclosure. Exploitable via ``env``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-49860 SSRF (Server-Side Request Forgery) in deno (CVE-2026-49860)
SSRF in deno (CVE-2026-49860). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-49859 Vulnerability in deno (CVE-2026-49859)
vulnerability in deno (CVE-2026-49859). Risk of unauthorized operations or information disclosure. Exploitable via ``localhost``. Mitigation: upgrade to `2.8.1` or later.
CVE-2026-54301 Cross-Site Scripting (XSS) in n8n (CVE-2026-54301)
cross-site scripting in n8n (CVE-2026-54301). Risk of unauthorized operations or information disclosure. Exploitable via ``NODES_EXCLUDE``. Mitigation: upgrade to `2.25.7` or later.
CVE-2026-54288 Vulnerability in hono (CVE-2026-54288)
vulnerability in hono (CVE-2026-54288). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-54289 Vulnerability in hono (CVE-2026-54289)
vulnerability in hono (CVE-2026-54289). Risk of unauthorized operations or information disclosure. Exploitable via ``Headers.set``. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-54290 Vulnerability in hono (CVE-2026-54290)
vulnerability in hono (CVE-2026-54290). Confidential information can be exposed externally. Exploitable via ``origin``. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-54286 Path Traversal in hono (CVE-2026-54286)
path traversal in hono (CVE-2026-54286). Confidential information can be exposed externally. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-54287 Vulnerability in hono (CVE-2026-54287)
vulnerability in hono (CVE-2026-54287). Risk of unauthorized operations or information disclosure. Exploitable via ``Expires``. Mitigation: upgrade to `4.12.25` or later.
CVE-2026-12321 Vulnerability in mozilla (CVE-2026-12321)
vulnerability in mozilla (CVE-2026-12321). Risk of unauthorized operations or information disclosure.
CVE-2026-48723 OS Command Injection in CVE-2026-48723 (CVE-2026-48723)
OS command injection in CVE-2026-48723 (CVE-2026-48723). Successful exploitation can lead to full system takeover.
CVE-2026-48157 Cross-Site Scripting (XSS) in slim/slim (CVE-2026-48157)
cross-site scripting in slim/slim (CVE-2026-48157). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpNotFoundException``. Mitigation: upgrade to `4.15.2` or later.
CVE-2026-48713 Vulnerability in i18next-fs-backend (CVE-2026-48713)
vulnerability in i18next-fs-backend (CVE-2026-48713). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `2.6.4` or later.
CVE-2026-48714 Vulnerability in i18next-http-middleware (CVE-2026-48714)
vulnerability in i18next-http-middleware (CVE-2026-48714). Data can be tampered with by attackers. Exploitable via ``missingKeyHandler``. Mitigation: upgrade to `3.9.7` or later.
CVE-2026-48887 Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.
Unauthenticated Broken Access Control in JS Help Desk <= 3.0.9 versions.
CVE-2026-48886 Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
CVE-2026-54285 Vulnerability in @opentelemetry/core (CVE-2026-54285)
vulnerability in @opentelemetry/core (CVE-2026-54285). Risk of unauthorized operations or information disclosure. Exploitable via ``baggage``. Mitigation: upgrade to `2.8.0` or later.
CVE-2026-54281 Authorization Flaw in @nestjs/platform-fastify (CVE-2026-54281)
vulnerability in @nestjs/platform-fastify (CVE-2026-54281). Risk of unauthorized operations or information disclosure. Exploitable via `GET /resource`. Mitigation: upgrade to `11.1.24` or later.
CVE-2026-54257 Vulnerability in electron (CVE-2026-54257)
vulnerability in electron (CVE-2026-54257). Risk of unauthorized operations or information disclosure. Exploitable via ``Buffer``. Mitigation: upgrade to `42.3.3` or later.
CVE-2026-54271 Code Injection in protobufjs-cli (CVE-2026-54271)
code injection in protobufjs-cli (CVE-2026-54271). Confidential information can be exposed externally. Exploitable via ``pbjs``. Mitigation: upgrade to `2.5.0` or later.
CVE-2026-54270 Vulnerability in protobufjs (CVE-2026-54270)
vulnerability in protobufjs (CVE-2026-54270). Risk of unauthorized operations or information disclosure. Exploitable via ``Reader``. Mitigation: upgrade to `8.5.0` or later.
CVE-2026-49294 Cross-Site Scripting (XSS) in CVE-2026-49294 (CVE-2026-49294)
cross-site scripting in CVE-2026-49294 (CVE-2026-49294). Risk of unauthorized operations or information disclosure.
CVE-2026-48712 Vulnerability in protobufjs (CVE-2026-48712)
vulnerability in protobufjs (CVE-2026-48712). Risk of unauthorized operations or information disclosure. Exploitable via ``google.protobuf.Any``. Mitigation: upgrade to `8.4.1` or later.
CVE-2026-54269 Vulnerability in protobufjs (CVE-2026-54269)
vulnerability in protobufjs (CVE-2026-54269). Risk of unauthorized operations or information disclosure. Exploitable via ``hasOwnProperty``. Mitigation: upgrade to `8.6.0` or later.
CVE-2026-54264 Information Disclosure in @angular/service-worker (CVE-2026-54264)
vulnerability in @angular/service-worker (CVE-2026-54264). Risk of unauthorized operations or information disclosure. Exploitable via ``Authorization``.
CVE-2026-54268 Vulnerability in @angular/common (CVE-2026-54268)
vulnerability in @angular/common (CVE-2026-54268). Risk of unauthorized operations or information disclosure. Exploitable via ``formatDate``.
CVE-2026-54266 Vulnerability in @angular/common (CVE-2026-54266)
vulnerability in @angular/common (CVE-2026-54266). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpTransferCache``.
CVE-2026-54265 Cross-Site Scripting (XSS) in @angular/compiler (CVE-2026-54265)
cross-site scripting in @angular/compiler (CVE-2026-54265). Risk of unauthorized operations or information disclosure. Exploitable via ``innerHTML``.
CVE-2026-50557 Cross-Site Scripting (XSS) in @angular/core (CVE-2026-50557)
cross-site scripting in @angular/core (CVE-2026-50557). Risk of unauthorized operations or information disclosure.
CVE-2026-50556 Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50556)
cross-site scripting in @angular/platform-server (CVE-2026-50556). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
CVE-2026-50555 Cross-Site Scripting (XSS) in @angular/platform-server (CVE-2026-50555)
cross-site scripting in @angular/platform-server (CVE-2026-50555). Risk of unauthorized operations or information disclosure. Exploitable via ``domino``.
CVE-2026-53655 Vulnerability in tar (CVE-2026-53655)
vulnerability in tar (CVE-2026-53655). Data can be tampered with by attackers. Exploitable via ``tar``. Mitigation: upgrade to `7.5.16` or later.
CVE-2026-53632 Vulnerability in launch-editor (CVE-2026-53632)
vulnerability in launch-editor (CVE-2026-53632). Risk of unauthorized operations or information disclosure. Exploitable via ``smbserver.py``. Mitigation: upgrade to `2.14.1` or later.
CVE-2026-53571 Path Traversal in vite (CVE-2026-53571)
path traversal in vite (CVE-2026-53571). Confidential information can be exposed externally. Exploitable via ``server.fs.deny``. Mitigation: upgrade to `6.4.3` or later.
CVE-2026-53550 Vulnerability in js-yaml (CVE-2026-53550)
vulnerability in js-yaml (CVE-2026-53550). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.15.0` or later.
CVE-2026-49356 Path Traversal in @babel/core (CVE-2026-49356)
path traversal in @babel/core (CVE-2026-49356). Risk of unauthorized operations or information disclosure. Exploitable via ``inputSourceMap``. Mitigation: upgrade to `7.29.6` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →