webpack — CVE history (npm)
webpack
4 CVEs affect the webpack npm package (highest CVSS 9.8). Latest disclosed: 2026-02-05. Full CVE history sourced from NVD.
Summary
- Package
webpack(npm)- Total CVEs
4- Actively exploited (CISA KEV)
- 0
- Highest CVSS
9.8- Latest disclosed
- 2026-02-05
Recent CVEs (top 4)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2025-68458 | Low | 3.7 | — | 2026-02-05 | Webpack is a module bundler. |
CVE-2025-68157 | Low | 3.7 | — | 2026-02-05 | Webpack is a module bundler. |
CVE-2024-43788 | Medium | 6.4 | — | 2024-08-27 | Webpack is a module bundler. |
CVE-2023-28154 | Critical | 9.8 | — | 2023-03-13 | Webpack 5 before 5.76.0 does not avoid cross-realm object access. |
All-time worst (top 4 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2023-28154 | Critical | 9.8 | — | 2023-03-13 | Webpack 5 before 5.76.0 does not avoid cross-realm object access. |
CVE-2024-43788 | Medium | 6.4 | — | 2024-08-27 | Webpack is a module bundler. |
CVE-2025-68458 | Low | 3.7 | — | 2026-02-05 | Webpack is a module bundler. |
CVE-2025-68157 | Low | 3.7 | — | 2026-02-05 | Webpack is a module bundler. |