Search for packages
| purl | pkg:npm/nuxt@3.14.159 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jctz-ddrp-g7gf
Aliases: CVE-2025-27415 GHSA-jvhm-gjrh-3h93 |
Nuxt allows DOS via cache poisoning with payload rendering response By sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as `https://mysite.com/?/_payload.json` which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. |
Affected by 1 other vulnerability. |
|
VCID-m6hz-c5kh-dycw
Aliases: CVE-2025-59414 GHSA-p6jq-8vc4-79f6 |
Nuxt has Client-Side Path Traversal in Nuxt Island Payload Revival A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T06:08:55.424234+00:00 | GitLab Importer | Affected by | VCID-m6hz-c5kh-dycw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nuxt/CVE-2025-59414.yml | 38.6.0 |
| 2026-06-06T05:42:37.130284+00:00 | GitLab Importer | Affected by | VCID-jctz-ddrp-g7gf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nuxt/CVE-2025-27415.yml | 38.6.0 |