Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

leaf-kit — Vulnerabilities & Security Advisories 3

All 3 CVE vulnerabilities found in leaf-kit, with AI-generated Chinese analysis, references, and POCs.

Vendor: vapor

CVE IDTitleCVSSSeverityPublished
CVE-2026-28499 LeafKit's HTML escaping may be skipped for Collection values, enabling XSS CWE-79 6.1 -2026-03-18
CVE-2026-27120 Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster CWE-75 6.1 Medium2026-02-20
CVE-2021-37634 LeafKit allows XSS with untrusted user input CWE-79 7.4 High2021-08-09

All 3 known CVE vulnerabilities affecting leaf-kit with full Chinese analysis, references, and POCs where available.