Browse all 5 CVE security advisories affecting unjs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39315 | Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe() — unheadCWE-184 | 6.1 | Medium | 2026-04-09 |
| CVE-2026-35209 | defu: Prototype pollution via `__proto__` key in defaults argument — defuCWE-1321 | 7.5 | High | 2026-04-06 |
| CVE-2026-31873 | Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity — unheadCWE-79 | - | - | 2026-03-12 |
| CVE-2026-31860 | Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check — unheadCWE-79 | 7.2AI | HighAI | 2026-03-12 |
| CVE-2025-54387 | IPX is Vulnerable to Path Traversal via Prefix Matching Bypass — ipxCWE-22 | 6.8AI | MediumAI | 2025-08-05 |
This page lists every published CVE security advisory associated with unjs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.