Webpack.js Webpack

4 CVEs affecting Webpack.js Webpack. Latest disclosed: 2026-02-05. Critical: 1, High: 0.

Top CVEs affecting Webpack.js Webpack
CVESeverityScorePublishedSummary
CVE-2023-28154Critical9.82023-03-13Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a proper…
CVE-2024-43788Medium6.42024-08-27Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packag…
CVE-2025-68458Low3.72026-02-05Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be by…
CVE-2025-68157Low3.72026-02-05Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces…