Vulnerabilities > Deno

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-37150 Use of Incorrectly-Resolved Name or Reference vulnerability in Deno 1.44.0
An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain.
network
low complexity
deno CWE-706
6.5
2023-05-31 CVE-2023-33966 Incorrect Default Permissions vulnerability in Deno and Deno Runtime
Deno is a runtime for JavaScript and TypeScript.
network
low complexity
deno CWE-276
critical
9.8
2023-03-24 CVE-2023-28446 Unspecified vulnerability in Deno
Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust.
network
low complexity
deno
8.8
2023-03-24 CVE-2023-28445 Unspecified vulnerability in Deno Deno, Deno Runtime and Serde V8
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust.
network
low complexity
deno
critical
9.8
2023-02-25 CVE-2023-26103 Unspecified vulnerability in Deno
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header.
network
low complexity
deno
7.5
2023-01-17 CVE-2023-22499 Unspecified vulnerability in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust.
network
high complexity
deno
7.5
2022-06-12 CVE-2021-41641 Link Following vulnerability in Deno
Deno <=1.14.0 file sandbox does not handle symbolic links correctly.
local
low complexity
deno CWE-59
8.4
2022-03-25 CVE-2022-24783 Incorrect Authorization vulnerability in Deno
Deno is a runtime for JavaScript and TypeScript.
network
low complexity
deno CWE-863
critical
10.0
2021-10-11 CVE-2021-42139 Code Injection vulnerability in Deno Standard Modules
Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations.
network
low complexity
deno CWE-94
critical
9.8
2021-05-28 CVE-2021-32619 Incorrect Authorization vulnerability in Deno
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust.
network
low complexity
deno CWE-863
critical
9.8