Browse all 6 CVE security advisories affecting webpack. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68157 | webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects — webpackCWE-918 | 3.7 | Low | 2026-02-05 |
| CVE-2025-68458 | webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior — webpackCWE-918 | 3.7 | Low | 2026-02-05 |
| CVE-2025-30360 | webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser — webpack-dev-serverCWE-346 | 6.5 | Medium | 2025-06-03 |
| CVE-2025-30359 | webpack-dev-server users' source code may be stolen when they access a malicious web site — webpack-dev-serverCWE-749 | 5.3 | Medium | 2025-06-03 |
| CVE-2024-43788 | DOM Clobbering Gadget found in Webpack's AutoPublicPathRuntimeModule that leads to Cross-site Scripting (XSS) — webpackCWE-79 | 6.4 | Medium | 2024-08-27 |
| CVE-2024-29180 | webpack-dev-middleware Path Traversal vulnerability — webpack-dev-middlewareCWE-22 | 7.4 | High | 2024-03-21 |
This page lists every published CVE security advisory associated with webpack. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.