pkg:npm/happy-dom

All known vulnerabilities

• HIGH8.8CVE-2026-33943Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
  >= 15.10.0, < 20.8.8
• HIGH7.5CVE-2026-34226Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies
  from 0, < 20.8.9
• —CVE-2025-62410happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript
  >= 19.0.0, < 20.0.2
• —CVE-2025-61927Happy DOM: VM Context Escape can lead to Remote Code Execution
  from 0, < 20.0.0
• —happy-dom allows for server side code to be executed by a <script> tag
  from 0, < 15.10.2