Bun
by Oven Sh
Source repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24910 | Med | 0.38 | 5.9 | 0.00 | Jan 27, 2026 | In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github). | |
| CVE-2025-8022 | 0.00 | — | — | Jul 23, 2025 |
- risk 0.38cvss 5.9epss 0.00
In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github).
- CVE-2025-8022Jul 23, 2025risk 0.00cvss —epss —