Bun Bun
1 CVEs affecting Bun Bun. Latest disclosed: 2026-01-27. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-24910 | Medium | 5.9 | 2026-01-27 | In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file… |