VYPR

Maven package

com.vaadin/flow-project

pkg:maven/com.vaadin/flow-project

Vulnerabilities (1)

  • CVE-2026-2741MedMar 10, 2026
    affected >= 14.2.0, < 14.14.1fixed 14.14.1

    Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 15.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0 through 25.0.2. Vaadin’s build process can automatically download and ex