Vercel Turborepo
3 CVEs affecting Vercel Turborepo. Latest disclosed: 2026-05-15. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45772 | Critical | 9.8 | 2026-05-15 | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary cod… |
CVE-2026-46508 | High | 7.8 | 2026-05-15 | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute she… |
CVE-2026-45773 | Medium | 6.5 | 2026-05-15 | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did… |