VulnerableCode Package Details - pkg:npm/%40theia/mini-browser@1.9.0-next.16ad46a0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/%40theia/mini-browser@1.9.0-next.16ad46a0

purl	pkg:npm/%40theia/mini-browser@1.9.0-next.16ad46a0

Next non-vulnerable version	1.18.0
Latest non-vulnerable version	1.18.0
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-2n6t-ag3d-sbct Aliases: CVE-2021-41038 GHSA-w6v7-w58j-pg5r	Improper Verification of Communication Channel in @theia/plugin-ext In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage().	1.18.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-j5bu-gjkp-ube8	Remote code execution in Eclipse Theia In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.	CVE-2021-34435 GHSA-v9w2-v7j9-rjpr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T04:54:22.116279+00:00	GitLab Importer	Affected by	VCID-2n6t-ag3d-sbct	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@theia/mini-browser/CVE-2021-41038.yml	38.6.0
2026-05-30T04:50:16.141673+00:00	GitLab Importer	Fixing	VCID-j5bu-gjkp-ube8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@theia/mini-browser/CVE-2021-34435.yml	38.6.0