Vulnerabilities > Deno
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-37150 | Use of Incorrectly-Resolved Name or Reference vulnerability in Deno 1.44.0 An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. | 6.5 |
| 2023-05-31 | CVE-2023-33966 | Incorrect Default Permissions vulnerability in Deno and Deno Runtime Deno is a runtime for JavaScript and TypeScript. | 9.8 |
| 2023-03-24 | CVE-2023-28446 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Deno Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. | 8.8 |
| 2023-02-25 | CVE-2023-26103 | Unspecified vulnerability in Deno Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. | 7.5 |
| 2023-01-17 | CVE-2023-22499 | Race Condition vulnerability in Deno Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. | 7.5 |
| 2022-06-12 | CVE-2021-41641 | Link Following vulnerability in Deno Deno <=1.14.0 file sandbox does not handle symbolic links correctly. | 3.6 |
| 2022-03-25 | CVE-2022-24783 | Incorrect Authorization vulnerability in Deno Deno is a runtime for JavaScript and TypeScript. | 10.0 |
| 2021-10-11 | CVE-2021-42139 | Code Injection vulnerability in Deno Standard Modules Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations. | 6.8 |
| 2021-05-28 | CVE-2021-32619 | Incorrect Authorization vulnerability in Deno Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. | 7.5 |