浏览 30+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32260 | Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix) | denoland | deno | High | 8.1 | 2026-03-12 19:41:18 | Deep Dive |
| CVE-2026-27190 | Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process | denoland | deno | High | 8.1 | 2026-02-20 20:52:11 | Deep Dive |
| CVE-2026-22864 | Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass | denoland | deno | High | 8.1 | 2026-01-15 22:58:52 | Deep Dive |
| CVE-2026-22863 | Deno node:crypto doesn't finalize cipher | denoland | deno | 高危 | - | 2026-01-15 22:53:15 | Deep Dive |
| CVE-2025-61787 | Deno is Vulnerable to Command Injection on Windows During Batch File Execution | denoland | deno | High | 8.1 | 2025-10-08 00:59:17 | Deep Dive |
| CVE-2025-61786 | Deno's --deny-read check does not prevent permission bypass | denoland | deno | Low | 3.3 | 2025-10-08 00:49:43 | Deep Dive |
| CVE-2025-61785 | Deno's --deny-write check does not prevent permission bypass | denoland | deno | - | - | 2025-10-08 00:37:02 | Deep Dive |
| CVE-2025-55195 | @std/toml Prototype Pollution in Node.js and Browser | denoland | std | High | 7.3 | 2025-08-14 16:39:28 | Deep Dive |
| CVE-2025-48935 | Deno has --allow-read / --allow-write permission bypass in `node:sqlite` | denoland | deno | - | - | 2025-06-04 19:31:27 | Deep Dive |
| CVE-2025-48934 | Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables | denoland | deno | - | - | 2025-06-04 19:21:18 | Deep Dive |
| CVE-2025-48888 | Deno run with --allow-read and --deny-read flags results in allowed | denoland | deno | - | - | 2025-06-04 19:15:55 | Deep Dive |
| CVE-2025-24015 | Deno's AES GCM authentication tags are not verified | denoland | deno | - | - | 2025-06-03 22:48:53 | Deep Dive |
| CVE-2025-21620 | Deno's authorization headers not dropped when redirecting cross-origin | denoland | deno | High | 7.5 | 2025-01-06 22:26:41 | Deep Dive |
| CVE-2024-32468 | Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator | denoland | deno | Medium | 5.4 | 2024-11-25 18:44:28 | Deep Dive |
| CVE-2024-52793 | XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems | denoland | std | 中危 | - | 2024-11-22 15:37:11 | Deep Dive |
| CVE-2024-37150 | Private npm registry support used scope auth token for downloading tarballs | denoland | deno | High | 7.6 | 2024-06-06 15:28:14 | Deep Dive |
| CVE-2024-34346 | Deno contains a permission escalation via open of privileged files with missing `--deny` flag | denoland | deno | High | 8.4 | 2024-05-07 21:02:17 | Deep Dive |
| CVE-2024-32477 | Race condition when flushing input stream leads to permission prompt bypass | denoland | deno | High | 7.7 | 2024-04-18 19:58:26 | Deep Dive |
| CVE-2024-27936 | Deno interactive permission prompt spoofing via improper ANSI stripping | denoland | deno | High | 8.8 | 2024-03-06 21:05:59 | Deep Dive |
| CVE-2024-27935 | Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination | denoland | deno | High | 7.2 | 2024-03-06 21:02:14 | Deep Dive |