Vue — CVE history (npm)

Vue

2 CVEs affect the Vue npm package (highest CVSS 4.8). Latest disclosed: 2024-10-15. Full CVE history sourced from NVD.

Summary

Package
Vue (npm)
Total CVEs
2
Actively exploited (CISA KEV)
0
Highest CVSS
4.8
Latest disclosed
2024-10-15

Recent CVEs (top 2)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-9506Low3.72024-10-15Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
CVE-2024-6783Medium4.82024-07-23A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution.

All-time worst (top 2 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-6783Medium4.82024-07-23A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution.
CVE-2024-9506Low3.72024-10-15Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.