Vue.js
Products
4- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6783 | Med | 0.31 | 4.8 | 0.01 | Jul 23, 2024 | A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript… | ||
| CVE-2024-9506 | Low | 0.24 | 3.7 | 0.01 | Oct 15, 2024 | Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. | ||
| CVE-2025-5897 | 0.00 | — | 0.01 | Jun 9, 2025 | A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient… | |||
| CVE-2023-5718 | 0.00 | — | 0.00 | Oct 23, 2023 | The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and… |
- risk 0.31cvss 4.8epss 0.01
A vulnerability has been discovered in Vue, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as `Object.prototype.staticClass` or `Object.prototype.staticStyle` to execute arbitrary JavaScript…
- risk 0.24cvss 3.7epss 0.01
Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability.
- CVE-2025-5897Jun 9, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in vuejs vue-cli up to 5.0.8. It has been rated as problematic. This issue affects the function HtmlPwaPlugin of the file packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js of the component Markdown Code Handler. The manipulation leads to inefficient…
- CVE-2023-5718Oct 23, 2023risk 0.00cvss —epss 0.00
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e. a locally accessible file or sensitive website), and…