All 3 CVE vulnerabilities found in unhead, with AI-generated Chinese analysis, references, and POCs.
Vendor: unjs
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39315 | Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe() CWE-184 | 6.1 | Medium | 2026-04-09 |
| CVE-2026-31873 | Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity CWE-79 | - | - | 2026-03-12 |
| CVE-2026-31860 | Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check CWE-79 | 7.2AI | HighAI | 2026-03-12 |
All 3 known CVE vulnerabilities affecting unhead with full Chinese analysis, references, and POCs where available.