Esm-dev Esm.sh
9 CVEs affecting Esm-dev Esm.sh. Latest disclosed: 2026-05-28. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-27730 | High | 8.6 | 2026-02-25 | esm.sh is a no-build content delivery network (CDN) for web development. Versions up to and including 137 have an SSRF vulnerability (CWE-918) in esm.sh’s `/ht… |
CVE-2025-65025 | High | 8.2 | 2025-11-19 | esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal duri… |
CVE-2026-44594 | High | 7.5 | 2026-05-28 | esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, a Local File Inclusion (LFI) vulnerability exists in the esbuild p… |
CVE-2025-65026 | Medium | 6.1 | 2025-11-19 | esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injectio… |
CVE-2026-44593 | | 2026-05-28 | esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, pa… | |
CVE-2025-50180 | | 2026-02-25 | esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to… | |
CVE-2026-23644 | | 2026-01-18 | esm.sh is a no-build content delivery network (CDN) for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path… | |
CVE-2025-59342 | | 2025-09-17 | esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP h… | |
CVE-2025-59341 | | 2025-09-17 | esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a Local File Inclusion (LFI) issue was identified in the esm… |