deno

Top products

The 15 most recently published vulnerabilities affecting deno.

• CVE-2026-32260Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)8.1Mar 12, 2026
• CVE-2026-27190Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process8.1Feb 20, 2026
• CVE-2026-22864Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass8.1Jan 15, 2026
• CVE-2026-22863Deno node:crypto doesn't finalize cipher7.5Jan 15, 2026
• CVE-2025-61787Deno is Vulnerable to Command Injection on Windows During Batch File Execution8.1Oct 8, 2025
• CVE-2025-61786Deno's --deny-read check does not prevent permission bypass3.3Oct 8, 2025
• CVE-2025-61785Deno's --deny-write check does not prevent permission bypass3.3Oct 8, 2025
• CVE-2025-48935Deno has --allow-read / --allow-write permission bypass in `node:sqlite`9.1Jun 4, 2025
• CVE-2025-48934Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables5.3Jun 4, 2025
• CVE-2025-48888Deno run with --allow-read and --deny-read flags results in allowed5.3Jun 4, 2025
• CVE-2025-24015Deno's AES GCM authentication tags are not verified5.3Jun 3, 2025
• CVE-2024-37150Private npm registry support used scope auth token for downloading tarballs7.6Jun 6, 2024
• CVE-2024-34346Deno contains a permission escalation via open of privileged files with missing `--deny` flag8.4May 7, 2024
• CVE-2024-32477Race condition when flushing input stream leads to permission prompt bypass7.7Apr 18, 2024
• CVE-2024-27936Deno interactive permission prompt spoofing via improper ANSI stripping8.8Mar 6, 2024