denoland

Top products

The 15 most recently published vulnerabilities affecting denoland.

• CVE-2026-32260Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)8.1Mar 12, 2026
• CVE-2026-27190Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process8.1Feb 20, 2026
• CVE-2026-22864Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass8.1Jan 15, 2026
• CVE-2026-22863Deno node:crypto doesn't finalize cipher7.5Jan 15, 2026
• CVE-2025-61787Deno is Vulnerable to Command Injection on Windows During Batch File Execution8.1Oct 8, 2025
• CVE-2025-61786Deno's --deny-read check does not prevent permission bypass3.3Oct 8, 2025
• CVE-2025-61785Deno's --deny-write check does not prevent permission bypass3.3Oct 8, 2025
• CVE-2025-55195@std/toml Prototype Pollution in Node.js and Browser7.3Aug 14, 2025
• CVE-2025-48935Deno has --allow-read / --allow-write permission bypass in `node:sqlite`9.1Jun 4, 2025
• CVE-2025-48934Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables5.3Jun 4, 2025
• CVE-2025-48888Deno run with --allow-read and --deny-read flags results in allowed5.3Jun 4, 2025
• CVE-2025-24015Deno's AES GCM authentication tags are not verified5.3Jun 3, 2025
• CVE-2025-21620Deno's authorization headers not dropped when redirecting cross-origin7.5Jan 6, 2025
• CVE-2024-32468Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator5.4Nov 25, 2024
• CVE-2024-37150Private npm registry support used scope auth token for downloading tarballs7.6Jun 6, 2024