MEDIUM npm
GHSA-fx6j-w5w5-h468 · CVE-2026-45669 Nuxt: Reflected XSS in `navigateTo()` external redirect
Modified: 6/12/2026
package
npm / nuxt
pkg:npm/nuxt
LOW npm
GHSA-g8wj-3cr3-6w7v · CVE-2026-46342 Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
Modified: 6/12/2026
HIGH 8.1 npm
GHSA-gc34-5v43-h7v8 · CVE-2023-3224 nuxt Code Injection vulnerability
Modified: 11/18/2024
MEDIUM npm
GHSA-hg3f-28rg-4jxj · CVE-2026-47200 Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`
Modified: 6/12/2026
HIGH 7.5 npm
GHSA-jvhm-gjrh-3h93 · CVE-2025-27415 Nuxt allows DOS via cache poisoning with payload rendering response
Modified: 3/20/2025
LOW 3.1 npm
GHSA-p6jq-8vc4-79f6 · CVE-2025-59414 Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival
Modified: 9/18/2025
LOW npm
GHSA-rq7w-g337-39qq Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`
Modified: 6/15/2026
HIGH 8.8 npm
GHSA-v784-fjjh-f8r4 · CVE-2024-34344 Nuxt vulnerable to remote code execution via the browser when running the test locally
Modified: 11/18/2024
MEDIUM 6.3 npm
GHSA-vf6r-87q4-2vjf · CVE-2024-34343 nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Modified: 5/15/2025