@haxtheweb/haxcms-nodejs
This hub aggregates every CVE we track for @haxtheweb/haxcms-nodejs, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
1
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM4CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
2
6
0
0
0
0
0
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting @haxtheweb/haxcms-nodejs.
- CVE-2026-22704HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover8.0
- CVE-2025-54378HAX CMS Backend Lacks Comprehensive Authorization Checks8.3
- CVE-2025-54139HAX CMS' application pages are vulnerable to clickjacking4.3
- CVE-2025-54137NodeJS version of the HAX CMS application is distributed with Default Secrets7.3
- CVE-2025-54134HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service6.5
- CVE-2025-54128HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting6.1
- CVE-2025-54127HAXcms's Insecure Default Configuration Leads to Unauthenticated Access9.8
- CVE-2025-49141HaxCMS-PHP Command Injection Vulnerability8.5
- CVE-2025-49139@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability5.3
Product normalization is registry-driven with AI assist and human review. How it works