pkg:npm/unhead
3 total CVEsMEDIUM1
✅ Check your installed version
All known vulnerabilities
MEDIUM6.1CVE-2026-39315Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe() from 0, < 2.1.13
NONE0.0CVE-2026-31873Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity from 0, < 2.1.11
—CVE-2026-31860Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check from 0, < 2.1.11