Vue — CVE history (npm)
Vue
2 CVEs affect the Vue npm package (highest CVSS 4.8). Latest disclosed: 2024-10-15. Full CVE history sourced from NVD.
Summary
- Package
Vue(npm)- Total CVEs
2- Actively exploited (CISA KEV)
- 0
- Highest CVSS
4.8- Latest disclosed
- 2024-10-15
Recent CVEs (top 2)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-9506 | Low | 3.7 | — | 2024-10-15 | Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. |
CVE-2024-6783 | Medium | 4.8 | — | 2024-07-23 | A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. |
All-time worst (top 2 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2024-6783 | Medium | 4.8 | — | 2024-07-23 | A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. |
CVE-2024-9506 | Low | 3.7 | — | 2024-10-15 | Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. |