VYPR

npm package

@nuxt/devtools

pkg:npm/%40nuxt/devtools

Vulnerabilities (2)

  • CVE-2025-52662Nov 7, 2025
    affected < 2.6.4fixed 2.6.4

    A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtoo

  • CVE-2024-23657Aug 5, 2024
    affected < 1.3.9fixed 1.3.9

    Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing authentication on the `getTextAssetContent` RPC function which is vulnerable to path traversal. Combined with a lack of Origin checks on the WebSocke