Vulnerabilities in nuxt
24 resultsCVE-2023-3224HIGHCode Injection in nuxt/nuxtEPSS 58.6%CVE-2024-23657HIGHPath Traversal: '../filedir' in Nuxt DevtoolsEPSS 1.1%CVE-2024-34344HIGHRemote code execution via the browser when running the test locally in nuxtEPSS 0.8%CVE-2024-42352HIGHServer-Side Request Forgery (SSRF) in nuxt-iconEPSS 0.6%CVE-2025-24360MEDIUMOpening a malicious website while running a Nuxt dev server could allow read-only access to codeEPSS 0.5%CVE-2023-0878MEDIUMCross-site Scripting (XSS) - Generic in nuxt/frameworkEPSS 0.5%CVE-2022-4413MEDIUMCross-site Scripting (XSS) - Reflected in nuxt/frameworkEPSS 0.5%CVE-2022-4414MEDIUMCross-site Scripting (XSS) - DOM in nuxt/frameworkEPSS 0.4%CVE-2024-34343MEDIUMCross-site Scripting (XSS) in navigateTo if used after SSR in nuxtEPSS 0.4%CVE-2025-27415HIGHNuxt allows DOS via cache poisoning with payload rendering responseEPSS 0.4%CVE-2025-59414LOWNuxt Client-Side Path Traversal in Nuxt Island Payload RevivalEPSS 0.3%CVE-2025-24361MEDIUMOpening a malicious website while running a Nuxt dev server could allow read-only access to codeEPSS 0.3%CVE-2026-53721HIGHNuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcherEPSS 0.3%CVE-2026-49993MEDIUM@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)EPSS 0.3%CVE-2026-47200MEDIUMNuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`EPSS 0.2%CVE-2026-56698MEDIUMNuxt - Cross-Site Scripting via navigateTo open OptionEPSS 0.2%CVE-2026-56317LOWNuxt - Cross-Site Scripting via NoScript Component Slot ContentEPSS 0.2%CVE-2026-45670MEDIUMNuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)EPSS 0.2%CVE-2026-53722MEDIUMNuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URLEPSS 0.2%CVE-2026-56326MEDIUMNuxt - Server-Side Open Redirect via Path-Normalization Bypass in navigateToEPSS 0.2%