VulnerableCode Package Details - pkg:npm/nuxt@3.14.1592

Search for packages

Vulnerability	Summary	Fixed by
VCID-j9jf-az23-sqas Aliases: CVE-2025-27415 GHSA-jvhm-gjrh-3h93	Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. An attacker can perform this attack to a vulnerable site in order to make a site unavailable indefinitely. It is also possible in the case where the cache will be reset to make a small script to send a request each X seconds (=caching duration) so that the cache is permanently poisoned making the site completely unavailable. This vulnerability is fixed in 3.16.0.	3.16.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-jk5c-2139-6bdk Aliases: CVE-2025-59414 GHSA-p6jq-8vc4-79f6	Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. The vulnerability occurs in the client-side payload revival process (revive-payload.client.ts) where Nuxt Islands are automatically fetched when encountering serialized __nuxt_island objects. During prerendering, if an API endpoint returns user-controlled data containing a crafted __nuxt_island object, he data gets serialized with devalue.stringify and stored in the prerendered page. When a client navigates to the prerendered page, devalue.parse deserializes the payload. The Island reviver attempts to fetch /__nuxt_island/${key}.json where key could contain path traversal sequences. Update to Nuxt 3.19.0+ or 4.1.0+.	3.19.0 Affected by 0 other vulnerabilities. 4.1.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-j9jf-az23-sqas
Aliases:
CVE-2025-27415
GHSA-jvhm-gjrh-3h93

Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN, it is possible in some circumstances to poison the CDN cache and highly impacts the availability of a site. It is possible to craft a request, such as https://mysite.com/?/_payload.json which will be rendered as JSON. If the CDN in front of a Nuxt site ignores the query string when determining whether to cache a route, then this JSON response could be served to future visitors to the site. An attacker can perform this attack to a vulnerable site in order to make a site unavailable indefinitely. It is also possible in the case where the cache will be reset to make a small script to send a request each X seconds (=caching duration) so that the cache is permanently poisoned making the site completely unavailable. This vulnerability is fixed in 3.16.0.

3.16.0
Affected by 1 other vulnerability.

VCID-jk5c-2139-6bdk
Aliases:
CVE-2025-59414
GHSA-p6jq-8vc4-79f6

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specific prerendering conditions are met. The vulnerability occurs in the client-side payload revival process (revive-payload.client.ts) where Nuxt Islands are automatically fetched when encountering serialized __nuxt_island objects. During prerendering, if an API endpoint returns user-controlled data containing a crafted __nuxt_island object, he data gets serialized with devalue.stringify and stored in the prerendered page. When a client navigates to the prerendered page, devalue.parse deserializes the payload. The Island reviver attempts to fetch /__nuxt_island/${key}.json where key could contain path traversal sequences. Update to Nuxt 3.19.0+ or 4.1.0+.

3.19.0
Affected by 0 other vulnerabilities.

4.1.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T20:19:39.464844+00:00	GitLab Importer	Affected by	VCID-jk5c-2139-6bdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nuxt/CVE-2025-59414.yml	38.6.0
2026-06-12T19:55:11.096428+00:00	GitLab Importer	Affected by	VCID-j9jf-az23-sqas	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nuxt/CVE-2025-27415.yml	38.6.0

2026-06-12T20:19:39.464844+00:00

GitLab Importer

Affected by

VCID-jk5c-2139-6bdk

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nuxt/CVE-2025-59414.yml

38.6.0

2026-06-12T19:55:11.096428+00:00

GitLab Importer

Affected by

VCID-j9jf-az23-sqas

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/nuxt/CVE-2025-27415.yml

38.6.0

Next non-vulnerable version	3.19.0
Latest non-vulnerable version	4.4.6
Risk	4.0