webpack — CVE history (npm)

webpack

4 CVEs affect the webpack npm package (highest CVSS 9.8). Latest disclosed: 2026-02-05. Full CVE history sourced from NVD.

Summary

Package
webpack (npm)
Total CVEs
4
Actively exploited (CISA KEV)
0
Highest CVSS
9.8
Latest disclosed
2026-02-05

Recent CVEs (top 4)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-68458Low3.72026-02-05Webpack is a module bundler.
CVE-2025-68157Low3.72026-02-05Webpack is a module bundler.
CVE-2024-43788Medium6.42024-08-27Webpack is a module bundler.
CVE-2023-28154Critical9.82023-03-13Webpack 5 before 5.76.0 does not avoid cross-realm object access.

All-time worst (top 4 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2023-28154Critical9.82023-03-13Webpack 5 before 5.76.0 does not avoid cross-realm object access.
CVE-2024-43788Medium6.42024-08-27Webpack is a module bundler.
CVE-2025-68458Low3.72026-02-05Webpack is a module bundler.
CVE-2025-68157Low3.72026-02-05Webpack is a module bundler.