Webpack.js Webpack
4 CVEs affecting Webpack.js Webpack. Latest disclosed: 2026-02-05. Critical: 1, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-28154 | Critical | 9.8 | 2023-03-13 | Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a proper… |
CVE-2024-43788 | Medium | 6.4 | 2024-08-27 | Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packag… |
CVE-2025-68458 | Low | 3.7 | 2026-02-05 | Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be by… |
CVE-2025-68157 | Low | 3.7 | 2026-02-05 | Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces… |