Unjs Unhead
3 CVEs affecting Unjs Unhead. Latest disclosed: 2026-04-09. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-39315 | Medium | 6.1 | 2026-04-09 | Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for render… |
CVE-2026-31873 | Unrated | | 2026-03-12 | Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe (safe.ts) uses String.includes(), which is case-sensitive… |
CVE-2026-31860 | | 2026-03-12 | Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe() can be bypassed to inject arbitrary HTML attributes, including event handlers, i… |