Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

denoland — Vulnerabilities & Security Advisories 30

Browse all 30 CVE security advisories affecting denoland. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by denoland:denostd
CVE IDTitleCVSSSeverityPublished
CVE-2026-32260 Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix) — denoCWE-78 8.1 High2026-03-12
CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process — denoCWE-78 8.1 High2026-02-20
CVE-2026-22864 Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass — denoCWE-77 8.1 High2026-01-15
CVE-2026-22863 Deno node:crypto doesn't finalize cipher — denoCWE-325 7.5 -2026-01-15
CVE-2025-61787 Deno is Vulnerable to Command Injection on Windows During Batch File Execution — denoCWE-77 8.1 High2025-10-08
CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass — denoCWE-269 3.3 Low2025-10-08
CVE-2025-61785 Deno's --deny-write check does not prevent permission bypass — denoCWE-266 5.3AIMediumAI2025-10-08
CVE-2025-55195 @std/toml Prototype Pollution in Node.js and Browser — stdCWE-1321 7.3 High2025-08-14
CVE-2025-48935 Deno has --allow-read / --allow-write permission bypass in `node:sqlite` — denoCWE-863 8.1AIHighAI2025-06-04
CVE-2025-48934 Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables — denoCWE-201 7.5AIHighAI2025-06-04
CVE-2025-48888 Deno run with --allow-read and --deny-read flags results in allowed — denoCWE-863 7.1AIHighAI2025-06-04
CVE-2025-24015 Deno's AES GCM authentication tags are not verified — denoCWE-347 9.8AICriticalAI2025-06-03
CVE-2025-21620 Deno's authorization headers not dropped when redirecting cross-origin — denoCWE-200 7.5 High2025-01-06
CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator — denoCWE-79 5.4 Medium2024-11-25
CVE-2024-52793 XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems — stdCWE-79 5.4 -2024-11-22
CVE-2024-37150 Private npm registry support used scope auth token for downloading tarballs — denoCWE-200 7.6 High2024-06-06
CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag — denoCWE-863 8.5 High2024-05-07
CVE-2024-32477 Race condition when flushing input stream leads to permission prompt bypass — denoCWE-78 7.7 High2024-04-18
CVE-2024-27936 Deno interactive permission prompt spoofing via improper ANSI stripping — denoCWE-150 8.8 High2024-03-06
CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination — denoCWE-488 7.2 High2024-03-06
CVE-2024-27934 *const c_void / ExternalPointer unsoundness leading to use-after-free — denoCWE-416 8.4 High2024-03-06
CVE-2024-27933 Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass — denoCWE-863 8.3 High2024-03-06
CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS — denoCWE-20 4.6 Medium2024-03-06
CVE-2024-27931 Insufficient permission checking in `Deno.makeTemp*` APIs — denoCWE-20 5.8 Medium2024-03-05
CVE-2023-33966 Deno missing "--allow-net" permission check for built-in Node modules — denoCWE-269 8.6 High2023-05-31
CVE-2023-28446 Deno is vulnerable to interactive `run` permission prompt spoofing via improper ANSI neutralization — denoCWE-150 8.8 High2023-03-24
CVE-2023-28445 Deno improperly handles resizable ArrayBuffer — denoCWE-125 10.0 Critical2023-03-23
CVE-2023-22499 Interactive permission prompt spoofing in Deno — denoCWE-362 7.5 High2023-01-17
CVE-2022-24783 Sandbox bypass leading to arbitrary code execution in Deno — denoCWE-269 10.0 Critical2022-03-25
CVE-2021-32619 Static imports inside dynamically imported modules do not adhere to permission checks — denoCWE-285 9.8 Critical2021-05-28

This page lists every published CVE security advisory associated with denoland. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.