Nuxt
This hub aggregates every CVE we track for Nuxt, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
25
CVEs tracked
3
Critical
6
High
0
In CISA KEV
Severity distribution
MEDIUM15HIGH6CRITICAL3LOW1
Monthly trend
4
0
0
0
0
2
0
1
0
0
0
0
0
1
0
0
0
0
0
0
1
1
12
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Nuxt.
- CVE-2026-56301Nuxt - Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux5.5
- CVE-2026-56698Nuxt - Cross-Site Scripting via navigateTo open Option6.1
- CVE-2026-56697Nuxt - Open Redirect via Protocol-Relative Paths in reloadNuxtApp6.1
- CVE-2026-56326Nuxt - Server-Side Open Redirect via Path-Normalization Bypass in navigateTo6.1
- CVE-2026-56317Nuxt - Cross-Site Scripting via NoScript Component Slot Content6.1
- CVE-2026-53722Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL5.4
- CVE-2026-53721Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher8.2
- CVE-2026-47200Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`5.3
- CVE-2026-49993@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)5.7
- CVE-2026-45669Nuxt: Reflected XSS in `navigateTo()` external redirect5.4
- CVE-2026-45670Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)5.4
- CVE-2026-46342Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning5.4
- CVE-2026-42349Clerk: Authorization bypass when combining organization, billing, or reverification checks8.1
- CVE-2026-41248Official Clerk JavaScript SDKs: Middleware-based route protection bypass9.1
- CVE-2025-59414Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival3.1
Product normalization is registry-driven with AI assist and human review. How it works