nuxt Summary
Latest vulnerabilities published by nuxt
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL
CVE-2026-53722NuxtNuxt5.1MEDIUMNuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher
CVE-2026-53721NuxtNuxt8.8HIGHNuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`
CVE-2026-47200NuxtNuxt6.3MEDIUM@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)
CVE-2026-49993NuxtNuxt5.9MEDIUMNuxt: Reflected XSS in `navigateTo()` external redirect
CVE-2026-45669NuxtNuxt5.3MEDIUMNuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)
CVE-2026-45670NuxtNuxt5.9MEDIUMNuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
CVE-2026-46342NuxtNuxt2.3LOWIncomplete URL Filtering in Nuxt OG Image by Nuxt Technologies
CVE-2026-44589Nuxt-modulesOg-image3.7LOWHTML Injection Vulnerability in Nuxt OG Image by Nuxt
CVE-2026-34405Nuxt-modulesOg-image6.1MEDIUMDenial of Service Vulnerability in Nuxt OG Image by Nuxt
CVE-2026-34404Nuxt-modulesOg-image6.9MEDIUMClient-Side Path Traversal Vulnerability in Nuxt Framework by Nuxt Technologies
CVE-2025-59414NuxtNuxt3.1LOWRemote Script Inclusion and XSS in @nuxtjs/mdc Affects Nuxt.js Applications
CVE-2025-54075Nuxt-modulesMdc8.3HIGHCache Poisoning Vulnerability in Nuxt Framework by Nuxt Team
CVE-2025-27415NuxtNuxtπΎπ‘π°7.5HIGHArbitrary JavaScript Code Execution in MDC by Nuxt Modules
CVE-2025-24981Nuxt-modulesMdc9.3CRITICALDefault CORS Misconfiguration in Nuxt Framework Exposes Source Code
CVE-2025-24360NuxtNuxt5.3MEDIUMWeb Application Framework Vulnerability in Nuxt by Nuxt.js
CVE-2025-24361NuxtNuxt5.3MEDIUMNuxt Framework Vulnerability Could Lead to Sensitive Data Exposure
CVE-2024-42352NuxtIcon7.5HIGHNuxt Framework Vulnerability Allows Arbitrary Code Execution
CVE-2024-34344NuxtNuxt8.8HIGHVulnerability in Nuxt's `navigateTo` function can allow for JavaScript injection
CVE-2024-34343NuxtNuxt6.1MEDIUMNuxt Devtools Vulnerability Allows Path Traversal and RCE
CVE-2024-23657NuxtNuxt8.8HIGHCode Injection in nuxt/nuxt
CVE-2023-3224NuxtNuxt/nuxt9.8CRITICALCross-site Scripting (XSS) - Generic in nuxt/framework
CVE-2023-0878NuxtNuxt/framework6.1MEDIUMCross-site Scripting (XSS) - DOM in nuxt/framework
CVE-2022-4414NuxtNuxt/framework6.1MEDIUMCross-site Scripting (XSS) - Reflected in nuxt/framework
CVE-2022-4413NuxtNuxt/framework6.1MEDIUM