nuxt
OSS Librariesoss-project
Latest CVEs
The 15 most recently published vulnerabilities affecting nuxt.
- CVE-2026-56697Nuxt - Open Redirect via Protocol-Relative Paths in reloadNuxtApp6.1
- CVE-2026-56698Nuxt - Cross-Site Scripting via navigateTo open Option6.1
- CVE-2026-56326Nuxt - Server-Side Open Redirect via Path-Normalization Bypass in navigateTo6.1
- CVE-2026-53722Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL5.4
- CVE-2026-53721Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher8.2
- CVE-2026-47200Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`5.3
- CVE-2026-49993@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)5.7
- CVE-2026-45669Nuxt: Reflected XSS in `navigateTo()` external redirect5.4
- CVE-2026-45670Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)5.4
- CVE-2026-46342Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning5.4
- CVE-2026-34405Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes6.1
- CVE-2026-34404Nuxt OG Image vulnerable to DoS via image generation7.5
- CVE-2025-52662A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgra...6.9
- CVE-2025-59414Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival3.1
- CVE-2025-27415Nuxt allows DOS via cache poisoning with payload rendering response7.5