All 5 CVE vulnerabilities found in happy-dom, with AI-generated Chinese analysis, references, and POCs.
Vendor: capricorn86
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34226 | Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies CWE-201 | 7.5 | High | 2026-03-27 |
| CVE-2026-33943 | Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code CWE-94 | 8.8 | High | 2026-03-27 |
| CVE-2025-62410 | --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom CWE-1321 | 10.0 | - | 2025-10-15 |
| CVE-2025-61927 | Happy-DOM has VM Context Escape CWE-94 | 9.0AI | CriticalAI | 2025-10-10 |
| CVE-2024-51757 | Fixes security vulnerability that allowed for server side code to be executed by a <script> tag CWE-94 | 6.1AI | MediumAI | 2024-11-06 |
All 5 known CVE vulnerabilities affecting happy-dom with full Chinese analysis, references, and POCs where available.