webpack-dev-server — CVE history (npm)
webpack-dev-server
5 CVEs affect the webpack-dev-server npm package (highest CVSS 7.5). Latest disclosed: 2026-06-15. Full CVE history sourced from NVD.
Summary
- Package
webpack-dev-server(npm)- Total CVEs
5- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.5- Latest disclosed
- 2026-06-15
Recent CVEs (top 5)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2026-9595 | Medium | 5.3 | — | 2026-06-15 | Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. |
CVE-2026-6402 | Medium | 5.3 | — | 2026-05-12 | webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. |
CVE-2025-30360 | Medium | 6.5 | — | 2025-06-03 | webpack-dev-server allows users to use webpack with a development server that provides live reloading. |
CVE-2025-30359 | Medium | 5.3 | — | 2025-06-03 | webpack-dev-server allows users to use webpack with a development server that provides live reloading. |
CVE-2018-14732 | High | 7.5 | — | 2018-09-21 | An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. |
All-time worst (top 5 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2018-14732 | High | 7.5 | — | 2018-09-21 | An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. |
CVE-2025-30360 | Medium | 6.5 | — | 2025-06-03 | webpack-dev-server allows users to use webpack with a development server that provides live reloading. |
CVE-2026-9595 | Medium | 5.3 | — | 2026-06-15 | Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. |
CVE-2026-6402 | Medium | 5.3 | — | 2026-05-12 | webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. |
CVE-2025-30359 | Medium | 5.3 | — | 2025-06-03 | webpack-dev-server allows users to use webpack with a development server that provides live reloading. |