VYPR

Rollup

by Rollup

npm: rollup

Source repositories

CVEs (2)

  • CVE-2026-27606Feb 25, 2026
    risk 0.00cvss epss 0.01

    Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine…

  • CVE-2024-47068Sep 23, 2024
    risk 0.00cvss epss 0.01

    Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`iife` format. The DOM Clobbering gadget…