@nuxt/webpack-builder
This hub aggregates every CVE we track for @nuxt/webpack-builder, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
3
CVEs tracked
0
Critical
0
High
0
In CISA KEV
Severity distribution
MEDIUM3
Monthly trend
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
2024-072026-06
Latest CVEs
The 3 most recently published vulnerabilities affecting @nuxt/webpack-builder.
- CVE-2026-49993@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)5.7
- CVE-2026-45670Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)5.4
- CVE-2025-24361Opening a malicious website while running a Nuxt dev server could allow read-only access to code5.3
Product normalization is registry-driven with AI assist and human review. How it works