Denoland Deno
28 CVEs affecting Denoland Deno. Latest disclosed: 2026-03-12. Critical: 3, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-28445 | Critical | 10.0 | 2023-03-23 | Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk duri… |
CVE-2022-24783 | Critical | 10.0 | 2022-03-25 | Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicio… |
CVE-2021-32619 | Critical | 9.8 | 2021-05-28 | Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported thro… |
CVE-2024-27936 | High | 8.8 | 2024-03-06 | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, mal… |
CVE-2023-28446 | High | 8.8 | 2023-03-24 | Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering… |
CVE-2023-33966 | High | 8.6 | 2023-05-31 | Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:h… |
CVE-2024-34346 | High | 8.5 | 2024-05-07 | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write acces… |
CVE-2024-27934 | High | 8.4 | 2024-03-06 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and… |
CVE-2024-27933 | High | 8.3 | 2024-03-06 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of a… |
CVE-2026-32260 | High | 8.1 | 2026-03-12 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill… |
CVE-2026-27190 | High | 8.1 | 2026-02-20 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation… |
CVE-2026-22864 | High | 8.1 | 2026-01-15 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell files by returning an error… |
CVE-2025-61787 | High | 8.1 | 2025-10-08 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when… |
CVE-2024-32477 | High | 7.7 | 2024-04-18 | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between `libc::tcflush(0, libc::TCIFL… |
CVE-2024-37150 | High | 7.6 | 2024-06-06 | An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provid… |
CVE-2025-21620 | High | 7.5 | 2025-01-06 | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the re… |
CVE-2023-22499 | High | 7.5 | 2023-01-17 | Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by… |
CVE-2024-27935 | High | 7.2 | 2024-03-06 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibil… |
CVE-2024-27931 | Medium | 5.8 | 2024-03-05 | Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for… |
CVE-2024-32468 | Medium | 5.4 | 2024-11-25 | Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Sel… |