Nuxt
This hub aggregates every CVE we track for Nuxt, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
23
CVEs tracked
3
Critical
6
High
0
In CISA KEV
Severity distribution
MEDIUM13HIGH6CRITICAL3LOW1
Monthly trend
0
4
0
0
0
0
2
0
1
0
0
0
0
0
1
0
0
0
0
0
0
1
1
10
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Nuxt.
- CVE-2026-56698Nuxt - Cross-Site Scripting via navigateTo open Option6.1
- CVE-2026-56697Nuxt - Open Redirect via Protocol-Relative Paths in reloadNuxtApp6.1
- CVE-2026-56326Nuxt - Server-Side Open Redirect via Path-Normalization Bypass in navigateTo6.1
- CVE-2026-53722Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL5.4
- CVE-2026-53721Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher8.2
- CVE-2026-47200Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`5.3
- CVE-2026-49993@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)5.7
- CVE-2026-45669Nuxt: Reflected XSS in `navigateTo()` external redirect5.4
- CVE-2026-45670Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)5.4
- CVE-2026-46342Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning5.4
- CVE-2026-42349Clerk: Authorization bypass when combining organization, billing, or reverification checks8.1
- CVE-2026-41248Official Clerk JavaScript SDKs: Middleware-based route protection bypass9.1
- CVE-2025-59414Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival3.1
- CVE-2025-27415Nuxt allows DOS via cache poisoning with payload rendering response7.5
- CVE-2025-24361Opening a malicious website while running a Nuxt dev server could allow read-only access to code5.3
Product normalization is registry-driven with AI assist and human review. How it works