VYPR

Webpack Dev Server

by Webpack

Source repositories

CVEs (4)

  • CVE-2026-9595MedJun 15, 2026
    risk 0.27cvss 5.3epss 0.00

    Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This leaks the browser's cookies and Origin header to the backend, bypasses the dev…

  • CVE-2026-6402MedMay 12, 2026
    risk 0.27cvss 5.3epss 0.00

    webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers…

  • CVE-2025-30360Jun 3, 2025
    risk 0.00cvss epss 0.00

    webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a malicious web site with non-Chromium based browser. The `Origin` header is checked…

  • CVE-2025-30359Jun 3, 2025
    risk 0.00cvss epss 0.00

    webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not…