crates.io package
deno_node
pkg:cargo/deno_node
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-48935 | — | >= 0.129.0, < 0.134.0 | 0.134.0 | Jun 4, 2025 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue. | ||
| CVE-2025-24015 | — | >= 0.102.0, < 0.125.0 | 0.125.0 | Jun 3, 2025 | Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, |
- CVE-2025-48935Jun 4, 2025affected >= 0.129.0, < 0.134.0fixed 0.134.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue.
- CVE-2025-24015Jun 3, 2025affected >= 0.102.0, < 0.125.0fixed 0.125.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected,