pkg:npm/nuxt

8 total CVEsHIGH3MEDIUM1LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2024-34344Nuxt vulnerable to remote code execution via the browser when running the test locally
    >= 3.4.0, < 3.12.4
  • HIGH8.1CVE-2023-3224nuxt Code Injection vulnerability
    >= 3.4.0, < 3.4.3
  • HIGH7.5CVE-2025-27415Nuxt allows DOS via cache poisoning with payload rendering response
    >= 3.0.0, < 3.16.0
  • MEDIUM6.3CVE-2024-34343nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
    from 0, < 3.12.4
  • LOW3.1CVE-2025-59414Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival
    >= 3.6.0, < 3.19.0
  • CVE-2026-47200Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`
    >= 3.11.0, < 3.21.6
  • CVE-2026-46342Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
    >= 3.1.0, < 3.21.6
  • CVE-2026-45669Nuxt: Reflected XSS in `navigateTo()` external redirect
    >= 3.4.3, < 3.21.6