Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

deno — Vulnerabilities & Security Advisories 29

All 29 CVE vulnerabilities found in deno, with AI-generated Chinese analysis, references, and POCs.

Vendor: denoland

CVE IDTitleCVSSSeverityPublished
CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix) CWE-78 8.1 High2026-03-12
CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process CWE-78 8.1 High2026-02-20
CVE-2026-22864 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass CWE-77 8.1 High2026-01-15
CVE-2026-22863 Deno node:crypto doesn't finalize cipher CWE-325 7.5 -2026-01-15
CVE-2025-61787 Deno is Vulnerable to Command Injection on Windows During Batch File Execution CWE-77 8.1 High2025-10-08
CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass CWE-269 3.3 Low2025-10-08
CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass CWE-266 5.3AIMediumAI2025-10-08
CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite` CWE-863 8.1AIHighAI2025-06-04
CVE-2025-48934 Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables CWE-201 7.5AIHighAI2025-06-04
CVE-2025-48888 Deno run with --allow-read and --deny-read flags results in allowed CWE-863 7.1AIHighAI2025-06-04
CVE-2025-24015 Deno's AES GCM authentication tags are not verified CWE-347 9.8AICriticalAI2025-06-03
CVE-2025-21620 Deno's authorization headers not dropped when redirecting cross-origin CWE-200 7.5 High2025-01-06
CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator CWE-79 5.4 Medium2024-11-25
CVE-2024-37150 Private npm registry support used scope auth token for downloading tarballs CWE-200 7.6 High2024-06-06
CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag CWE-863 8.5 High2024-05-07
CVE-2024-32477 Race condition when flushing input stream leads to permission prompt bypass CWE-78 7.7 High2024-04-18
CVE-2024-27936 Deno interactive permission prompt spoofing via improper ANSI stripping CWE-150 8.8 High2024-03-06
CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination CWE-488 7.2 High2024-03-06
CVE-2024-27934 *const c_void / ExternalPointer unsoundness leading to use-after-free CWE-416 8.4 High2024-03-06
CVE-2024-27933 Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass CWE-863 8.3 High2024-03-06
CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS CWE-20 4.6 Medium2024-03-06
CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs CWE-20 5.8 Medium2024-03-05
CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules CWE-269 8.6 High2023-05-31
CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization CWE-150 8.8 High2023-03-24
CVE-2023-28445 Deno improperly handles resizable ArrayBuffer CWE-125 10.0 Critical2023-03-23
CVE-2023-26103 Deno 安全漏洞 CWE-1333 5.3 Medium2023-02-25
CVE-2023-22499 Interactive permission prompt spoofing in Deno CWE-362 7.5 High2023-01-17
CVE-2022-24783 Sandbox bypass leading to arbitrary code execution in Deno CWE-269 10.0 Critical2022-03-25
CVE-2021-32619 Static imports inside dynamically imported modules do not adhere to permission checks CWE-285 9.8 Critical2021-05-28

All 29 known CVE vulnerabilities affecting deno with full Chinese analysis, references, and POCs where available.