npm package
cyberchef
pkg:npm/cyberchef
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-42615 | Hig | 7.2 | < 11.0.0 | 11.0.0 | Apr 29, 2026 | GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring. | |
| CVE-2019-15532 | — | < 8.31.3 | 8.31.3 | Aug 26, 2019 | CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. |
- affected < 11.0.0fixed 11.0.0
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /#recipe=Show_Base64_offsets('%3Cscript substring.
- CVE-2019-15532Aug 26, 2019affected < 8.31.3fixed 8.31.3
CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.