Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by unjs
CVE-2026-39315 (GCVE-0-2026-39315)
Vulnerability from nvd – Published: 2026-04-09 17:54 – Updated: 2026-04-13 15:38
VLAI
Title
Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()
Summary
Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in <head> safely. Internally, the hasDangerousProtocol() function in packages/unhead/src/plugins/safe.ts decodes HTML entities before checking for blocked URI schemes (javascript:, data:, vbscript:). The decoder uses two regular expressions with fixed-width digit caps. The HTML5 specification imposes no limit on leading zeros in numeric character references. When a padded entity exceeds the regex digit cap, the decoder silently skips it. The undecoded string is then passed to startsWith('javascript:'), which does not match. makeTagSafe() writes the raw value directly into SSR HTML output. The browser's HTML parser decodes the padded entity natively and constructs the blocked URI. This vulnerability is fixed in 2.1.13.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/unjs/unhead/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/unjs/unhead/commit/961ea781e09… | x_refsource_MISC |
| https://github.com/unjs/unhead/releases/tag/v2.1.13 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39315",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T15:28:38.766188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T15:38:52.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-95h2-gj7x-gx9w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "unhead",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt\u0027s own documentation explicitly recommends for rendering user-supplied content in \u003chead\u003e safely. Internally, the hasDangerousProtocol() function in packages/unhead/src/plugins/safe.ts decodes HTML entities before checking for blocked URI schemes (javascript:, data:, vbscript:). The decoder uses two regular expressions with fixed-width digit caps. The HTML5 specification imposes no limit on leading zeros in numeric character references. When a padded entity exceeds the regex digit cap, the decoder silently skips it. The undecoded string is then passed to startsWith(\u0027javascript:\u0027), which does not match. makeTagSafe() writes the raw value directly into SSR HTML output. The browser\u0027s HTML parser decodes the padded entity natively and constructs the blocked URI. This vulnerability is fixed in 2.1.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T17:54:07.488Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/unhead/security/advisories/GHSA-95h2-gj7x-gx9w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-95h2-gj7x-gx9w"
},
{
"name": "https://github.com/unjs/unhead/commit/961ea781e091853812ffe17f8cda17105d2d2299",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/unhead/commit/961ea781e091853812ffe17f8cda17105d2d2299"
},
{
"name": "https://github.com/unjs/unhead/releases/tag/v2.1.13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/unhead/releases/tag/v2.1.13"
}
],
"source": {
"advisory": "GHSA-95h2-gj7x-gx9w",
"discovery": "UNKNOWN"
},
"title": "Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39315",
"datePublished": "2026-04-09T17:54:07.488Z",
"dateReserved": "2026-04-06T19:31:07.266Z",
"dateUpdated": "2026-04-13T15:38:52.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35209 (GCVE-0-2026-35209)
Vulnerability from nvd – Published: 2026-04-06 17:26 – Updated: 2026-04-06 18:49
VLAI
Title
defu: Prototype pollution via `__proto__` key in defaults argument
Summary
defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to `defu()` are vulnerable to prototype pollution. A crafted payload containing a `__proto__` key can override intended default values in the merged resul. The internal `_defu` function used `Object.assign({}, defaults)` to copy the defaults object. `Object.assign` invokes the `__proto__` setter, which replaces the resulting object's `[[Prototype]]` with attacker-controlled values. Properties inherited from the polluted prototype then bypass the existing `__proto__` key guard in the `for...in` loop and land in the final result. Version 6.1.5 replaces `Object.assign({}, defaults)` with object spread (`{ ...defaults }`), which uses `[[DefineOwnProperty]]` and does not invoke the `__proto__` setter.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/unjs/defu/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/unjs/defu/pull/156 | x_refsource_MISC |
| https://github.com/unjs/defu/commit/3942bfbbcaa72… | x_refsource_MISC |
| https://github.com/unjs/defu/releases/tag/v6.1.5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T18:49:21.516737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T18:49:29.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "defu",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to `defu()` are vulnerable to prototype pollution. A crafted payload containing a `__proto__` key can override intended default values in the merged resul. The internal `_defu` function used `Object.assign({}, defaults)` to copy the defaults object. `Object.assign` invokes the `__proto__` setter, which replaces the resulting object\u0027s `[[Prototype]]` with attacker-controlled values. Properties inherited from the polluted prototype then bypass the existing `__proto__` key guard in the `for...in` loop and land in the final result. Version 6.1.5 replaces `Object.assign({}, defaults)` with object spread (`{ ...defaults }`), which uses `[[DefineOwnProperty]]` and does not invoke the `__proto__` setter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T17:26:52.975Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/defu/security/advisories/GHSA-737v-mqg7-c878",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/defu/security/advisories/GHSA-737v-mqg7-c878"
},
{
"name": "https://github.com/unjs/defu/pull/156",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/defu/pull/156"
},
{
"name": "https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29"
},
{
"name": "https://github.com/unjs/defu/releases/tag/v6.1.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/defu/releases/tag/v6.1.5"
}
],
"source": {
"advisory": "GHSA-737v-mqg7-c878",
"discovery": "UNKNOWN"
},
"title": "defu: Prototype pollution via `__proto__` key in defaults argument"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35209",
"datePublished": "2026-04-06T17:26:52.975Z",
"dateReserved": "2026-04-01T18:48:58.937Z",
"dateUpdated": "2026-04-06T18:49:29.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31860 (GCVE-0-2026-31860)
Vulnerability from nvd – Published: 2026-03-12 17:18 – Updated: 2026-03-13 16:26
VLAI
Title
Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Summary
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered <head> tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs function (safe.ts, line 16-20) allows any property key starting with data- through to the final HTML. It only checks the prefix, not whether the key contains spaces or other characters that break HTML attribute parsing. This vulnerability is fixed in 2.1.11.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/unjs/unhead/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31860",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T16:26:47.686961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T16:26:51.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-g5xx-pwrp-g3fv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "unhead",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered \u003chead\u003e tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs function (safe.ts, line 16-20) allows any property key starting with data- through to the final HTML. It only checks the prefix, not whether the key contains spaces or other characters that break HTML attribute parsing. This vulnerability is fixed in 2.1.11."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T17:18:20.452Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/unhead/security/advisories/GHSA-g5xx-pwrp-g3fv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-g5xx-pwrp-g3fv"
}
],
"source": {
"advisory": "GHSA-g5xx-pwrp-g3fv",
"discovery": "UNKNOWN"
},
"title": "Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31860",
"datePublished": "2026-03-12T17:18:20.452Z",
"dateReserved": "2026-03-09T19:02:25.012Z",
"dateUpdated": "2026-03-13T16:26:51.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31873 (GCVE-0-2026-31873)
Vulnerability from nvd – Published: 2026-03-12 17:20 – Updated: 2026-03-12 17:46
VLAI
Title
Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity
Summary
Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes('data:') returns false. An attacker can inject arbitrary CSS for UI redressing or data exfiltration via CSS attribute selectors with background-image callbacks. This vulnerability is fixed in 2.1.11.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/unjs/unhead/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T17:46:23.897133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T17:46:46.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "unhead",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but \u0027DATA:...\u0027.includes(\u0027data:\u0027) returns false. An attacker can inject arbitrary CSS for UI redressing or data exfiltration via CSS attribute selectors with background-image callbacks. This vulnerability is fixed in 2.1.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T17:20:35.660Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/unhead/security/advisories/GHSA-5339-hvwr-7582",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-5339-hvwr-7582"
}
],
"source": {
"advisory": "GHSA-5339-hvwr-7582",
"discovery": "UNKNOWN"
},
"title": "Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31873",
"datePublished": "2026-03-12T17:20:35.660Z",
"dateReserved": "2026-03-09T19:02:25.014Z",
"dateUpdated": "2026-03-12T17:46:46.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69874 (GCVE-0-2025-69874)
Vulnerability from nvd – Published: 2026-02-11 00:00 – Updated: 2026-02-12 14:49
VLAI
Summary
nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-69874",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:48:08.608649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:49:30.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T18:04:52.264Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/unjs/nanotar"
},
{
"url": "https://www.npmjs.com/package/nanotar"
},
{
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69874-nanotar-Path-Traversal.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-69874",
"datePublished": "2026-02-11T00:00:00.000Z",
"dateReserved": "2026-01-09T00:00:00.000Z",
"dateUpdated": "2026-02-12T14:49:30.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54387 (GCVE-0-2025-54387)
Vulnerability from nvd – Published: 2025-08-05 00:10 – Updated: 2025-08-05 14:11
VLAI
Title
IPX is Vulnerable to Path Traversal via Prefix Matching Bypass
Summary
IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/unjs/ipx/security/advisories/G… | x_refsource_CONFIRM |
| https://github.com/unjs/ipx/commit/81693ddbfc062c… | x_refsource_MISC |
| https://github.com/unjs/ipx/releases/tag/v1.3.2 | x_refsource_MISC |
| https://github.com/unjs/ipx/releases/tag/v2.1.1 | x_refsource_MISC |
| https://github.com/unjs/ipx/releases/tag/v3.1.1 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T14:11:56.190437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T14:11:59.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/unjs/ipx/security/advisories/GHSA-mm3p-j368-7jcr"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ipx",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.2"
},
{
"status": "affected",
"version": "\u003e= 2.0.0-0, \u003c 2.1.1"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T00:10:26.442Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/ipx/security/advisories/GHSA-mm3p-j368-7jcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/ipx/security/advisories/GHSA-mm3p-j368-7jcr"
},
{
"name": "https://github.com/unjs/ipx/commit/81693ddbfc062cc922e4e2406e8427ab4e3ad214",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/ipx/commit/81693ddbfc062cc922e4e2406e8427ab4e3ad214"
},
{
"name": "https://github.com/unjs/ipx/releases/tag/v1.3.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/ipx/releases/tag/v1.3.2"
},
{
"name": "https://github.com/unjs/ipx/releases/tag/v2.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/ipx/releases/tag/v2.1.1"
},
{
"name": "https://github.com/unjs/ipx/releases/tag/v3.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/ipx/releases/tag/v3.1.1"
}
],
"source": {
"advisory": "GHSA-mm3p-j368-7jcr",
"discovery": "UNKNOWN"
},
"title": "IPX is Vulnerable to Path Traversal via Prefix Matching Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54387",
"datePublished": "2025-08-05T00:10:26.442Z",
"dateReserved": "2025-07-21T16:12:20.734Z",
"dateUpdated": "2025-08-05T14:11:59.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-39315 (GCVE-0-2026-39315)
Vulnerability from cvelistv5 – Published: 2026-04-09 17:54 – Updated: 2026-04-13 15:38
VLAI
Title
Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()
Summary
Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in <head> safely. Internally, the hasDangerousProtocol() function in packages/unhead/src/plugins/safe.ts decodes HTML entities before checking for blocked URI schemes (javascript:, data:, vbscript:). The decoder uses two regular expressions with fixed-width digit caps. The HTML5 specification imposes no limit on leading zeros in numeric character references. When a padded entity exceeds the regex digit cap, the decoder silently skips it. The undecoded string is then passed to startsWith('javascript:'), which does not match. makeTagSafe() writes the raw value directly into SSR HTML output. The browser's HTML parser decodes the padded entity natively and constructs the blocked URI. This vulnerability is fixed in 2.1.13.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/unjs/unhead/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/unjs/unhead/commit/961ea781e09… | x_refsource_MISC |
| https://github.com/unjs/unhead/releases/tag/v2.1.13 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39315",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-13T15:28:38.766188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T15:38:52.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-95h2-gj7x-gx9w"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "unhead",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt\u0027s own documentation explicitly recommends for rendering user-supplied content in \u003chead\u003e safely. Internally, the hasDangerousProtocol() function in packages/unhead/src/plugins/safe.ts decodes HTML entities before checking for blocked URI schemes (javascript:, data:, vbscript:). The decoder uses two regular expressions with fixed-width digit caps. The HTML5 specification imposes no limit on leading zeros in numeric character references. When a padded entity exceeds the regex digit cap, the decoder silently skips it. The undecoded string is then passed to startsWith(\u0027javascript:\u0027), which does not match. makeTagSafe() writes the raw value directly into SSR HTML output. The browser\u0027s HTML parser decodes the padded entity natively and constructs the blocked URI. This vulnerability is fixed in 2.1.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-09T17:54:07.488Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/unhead/security/advisories/GHSA-95h2-gj7x-gx9w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-95h2-gj7x-gx9w"
},
{
"name": "https://github.com/unjs/unhead/commit/961ea781e091853812ffe17f8cda17105d2d2299",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/unhead/commit/961ea781e091853812ffe17f8cda17105d2d2299"
},
{
"name": "https://github.com/unjs/unhead/releases/tag/v2.1.13",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/unhead/releases/tag/v2.1.13"
}
],
"source": {
"advisory": "GHSA-95h2-gj7x-gx9w",
"discovery": "UNKNOWN"
},
"title": "Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39315",
"datePublished": "2026-04-09T17:54:07.488Z",
"dateReserved": "2026-04-06T19:31:07.266Z",
"dateUpdated": "2026-04-13T15:38:52.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-35209 (GCVE-0-2026-35209)
Vulnerability from cvelistv5 – Published: 2026-04-06 17:26 – Updated: 2026-04-06 18:49
VLAI
Title
defu: Prototype pollution via `__proto__` key in defaults argument
Summary
defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to `defu()` are vulnerable to prototype pollution. A crafted payload containing a `__proto__` key can override intended default values in the merged resul. The internal `_defu` function used `Object.assign({}, defaults)` to copy the defaults object. `Object.assign` invokes the `__proto__` setter, which replaces the resulting object's `[[Prototype]]` with attacker-controlled values. Properties inherited from the polluted prototype then bypass the existing `__proto__` key guard in the `for...in` loop and land in the final result. Version 6.1.5 replaces `Object.assign({}, defaults)` with object spread (`{ ...defaults }`), which uses `[[DefineOwnProperty]]` and does not invoke the `__proto__` setter.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/unjs/defu/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/unjs/defu/pull/156 | x_refsource_MISC |
| https://github.com/unjs/defu/commit/3942bfbbcaa72… | x_refsource_MISC |
| https://github.com/unjs/defu/releases/tag/v6.1.5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T18:49:21.516737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T18:49:29.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "defu",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or config files from untrusted sources) as the first argument to `defu()` are vulnerable to prototype pollution. A crafted payload containing a `__proto__` key can override intended default values in the merged resul. The internal `_defu` function used `Object.assign({}, defaults)` to copy the defaults object. `Object.assign` invokes the `__proto__` setter, which replaces the resulting object\u0027s `[[Prototype]]` with attacker-controlled values. Properties inherited from the polluted prototype then bypass the existing `__proto__` key guard in the `for...in` loop and land in the final result. Version 6.1.5 replaces `Object.assign({}, defaults)` with object spread (`{ ...defaults }`), which uses `[[DefineOwnProperty]]` and does not invoke the `__proto__` setter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T17:26:52.975Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/defu/security/advisories/GHSA-737v-mqg7-c878",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/defu/security/advisories/GHSA-737v-mqg7-c878"
},
{
"name": "https://github.com/unjs/defu/pull/156",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/defu/pull/156"
},
{
"name": "https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/defu/commit/3942bfbbcaa72084bd4284846c83bd61ed7c8b29"
},
{
"name": "https://github.com/unjs/defu/releases/tag/v6.1.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/defu/releases/tag/v6.1.5"
}
],
"source": {
"advisory": "GHSA-737v-mqg7-c878",
"discovery": "UNKNOWN"
},
"title": "defu: Prototype pollution via `__proto__` key in defaults argument"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-35209",
"datePublished": "2026-04-06T17:26:52.975Z",
"dateReserved": "2026-04-01T18:48:58.937Z",
"dateUpdated": "2026-04-06T18:49:29.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31873 (GCVE-0-2026-31873)
Vulnerability from cvelistv5 – Published: 2026-03-12 17:20 – Updated: 2026-03-12 17:46
VLAI
Title
Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity
Summary
Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes('data:') returns false. An attacker can inject arbitrary CSS for UI redressing or data exfiltration via CSS attribute selectors with background-image callbacks. This vulnerability is fixed in 2.1.11.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/unjs/unhead/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T17:46:23.897133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T17:46:46.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "unhead",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but \u0027DATA:...\u0027.includes(\u0027data:\u0027) returns false. An attacker can inject arbitrary CSS for UI redressing or data exfiltration via CSS attribute selectors with background-image callbacks. This vulnerability is fixed in 2.1.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T17:20:35.660Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/unhead/security/advisories/GHSA-5339-hvwr-7582",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-5339-hvwr-7582"
}
],
"source": {
"advisory": "GHSA-5339-hvwr-7582",
"discovery": "UNKNOWN"
},
"title": "Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31873",
"datePublished": "2026-03-12T17:20:35.660Z",
"dateReserved": "2026-03-09T19:02:25.014Z",
"dateUpdated": "2026-03-12T17:46:46.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31860 (GCVE-0-2026-31860)
Vulnerability from cvelistv5 – Published: 2026-03-12 17:18 – Updated: 2026-03-13 16:26
VLAI
Title
Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Summary
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered <head> tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs function (safe.ts, line 16-20) allows any property key starting with data- through to the final HTML. It only checks the prefix, not whether the key contains spaces or other characters that break HTML attribute parsing. This vulnerability is fixed in 2.1.11.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/unjs/unhead/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31860",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T16:26:47.686961Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T16:26:51.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-g5xx-pwrp-g3fv"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "unhead",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered \u003chead\u003e tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs function (safe.ts, line 16-20) allows any property key starting with data- through to the final HTML. It only checks the prefix, not whether the key contains spaces or other characters that break HTML attribute parsing. This vulnerability is fixed in 2.1.11."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T17:18:20.452Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/unhead/security/advisories/GHSA-g5xx-pwrp-g3fv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/unhead/security/advisories/GHSA-g5xx-pwrp-g3fv"
}
],
"source": {
"advisory": "GHSA-g5xx-pwrp-g3fv",
"discovery": "UNKNOWN"
},
"title": "Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31860",
"datePublished": "2026-03-12T17:18:20.452Z",
"dateReserved": "2026-03-09T19:02:25.012Z",
"dateUpdated": "2026-03-13T16:26:51.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-69874 (GCVE-0-2025-69874)
Vulnerability from cvelistv5 – Published: 2026-02-11 00:00 – Updated: 2026-02-12 14:49
VLAI
Summary
nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-69874",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T14:48:08.608649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T14:49:30.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T18:04:52.264Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/unjs/nanotar"
},
{
"url": "https://www.npmjs.com/package/nanotar"
},
{
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69874-nanotar-Path-Traversal.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-69874",
"datePublished": "2026-02-11T00:00:00.000Z",
"dateReserved": "2026-01-09T00:00:00.000Z",
"dateUpdated": "2026-02-12T14:49:30.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54387 (GCVE-0-2025-54387)
Vulnerability from cvelistv5 – Published: 2025-08-05 00:10 – Updated: 2025-08-05 14:11
VLAI
Title
IPX is Vulnerable to Path Traversal via Prefix Matching Bypass
Summary
IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://github.com/unjs/ipx/security/advisories/G… | x_refsource_CONFIRM |
| https://github.com/unjs/ipx/commit/81693ddbfc062c… | x_refsource_MISC |
| https://github.com/unjs/ipx/releases/tag/v1.3.2 | x_refsource_MISC |
| https://github.com/unjs/ipx/releases/tag/v2.1.1 | x_refsource_MISC |
| https://github.com/unjs/ipx/releases/tag/v3.1.1 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-05T14:11:56.190437Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T14:11:59.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/unjs/ipx/security/advisories/GHSA-mm3p-j368-7jcr"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ipx",
"vendor": "unjs",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.2"
},
{
"status": "affected",
"version": "\u003e= 2.0.0-0, \u003c 2.1.1"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path separator. This occurs because the check relies on a raw string prefix comparison. This is fixed in versions 1.3.2, 2.1.1 and 3.1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-05T00:10:26.442Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/unjs/ipx/security/advisories/GHSA-mm3p-j368-7jcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/unjs/ipx/security/advisories/GHSA-mm3p-j368-7jcr"
},
{
"name": "https://github.com/unjs/ipx/commit/81693ddbfc062cc922e4e2406e8427ab4e3ad214",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/ipx/commit/81693ddbfc062cc922e4e2406e8427ab4e3ad214"
},
{
"name": "https://github.com/unjs/ipx/releases/tag/v1.3.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/ipx/releases/tag/v1.3.2"
},
{
"name": "https://github.com/unjs/ipx/releases/tag/v2.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/ipx/releases/tag/v2.1.1"
},
{
"name": "https://github.com/unjs/ipx/releases/tag/v3.1.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/unjs/ipx/releases/tag/v3.1.1"
}
],
"source": {
"advisory": "GHSA-mm3p-j368-7jcr",
"discovery": "UNKNOWN"
},
"title": "IPX is Vulnerable to Path Traversal via Prefix Matching Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54387",
"datePublished": "2025-08-05T00:10:26.442Z",
"dateReserved": "2025-07-21T16:12:20.734Z",
"dateUpdated": "2025-08-05T14:11:59.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}