VYPR
Vendor

Vue.js

Products
4
CVEs
4
Across products
4
Status
Private

Products

4

Recent CVEs

4
  • CVE-2024-6783MedJul 23, 2024
    risk 0.31cvss 4.8epss 0.01

    A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript…

  • CVE-2024-9506LowOct 15, 2024
    risk 0.24cvss 3.7epss 0.01

    Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.

  • CVE-2025-5897Jun 9, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient…

  • CVE-2023-5718Oct 23, 2023
    risk 0.00cvss epss 0.00

    The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and…