Search for packages
| purl | pkg:npm/webpack-dev-server@5.2.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-anh4-k59z-k7bf | webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser Source code may be stolen when you access a malicious web site with non-Chromium based browser. |
CVE-2025-30360
GHSA-9jgg-88mc-972h |
| VCID-warh-bga4-wuhs | webpack-dev-server users' source code may be stolen when they access a malicious web site Source code may be stolen when you access a malicious web site. Source code may be stolen when you use [`output.iife: false`](https://webpack.js.org/configuration/output/#outputiife) and access a malicious web site. |
CVE-2025-30359
GHSA-4v9v-hfq4-rm2v |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T17:13:36.197780+00:00 | GithubOSV Importer | Fixing | VCID-anh4-k59z-k7bf | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-9jgg-88mc-972h/GHSA-9jgg-88mc-972h.json | 38.6.0 |
| 2026-06-04T17:13:33.039352+00:00 | GithubOSV Importer | Fixing | VCID-warh-bga4-wuhs | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-4v9v-hfq4-rm2v/GHSA-4v9v-hfq4-rm2v.json | 38.6.0 |
| 2026-06-04T16:24:06.942106+00:00 | GitLab Importer | Fixing | VCID-anh4-k59z-k7bf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/webpack-dev-server/CVE-2025-30360.yml | 38.6.0 |
| 2026-06-04T16:24:06.799083+00:00 | GitLab Importer | Fixing | VCID-warh-bga4-wuhs | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/webpack-dev-server/CVE-2025-30359.yml | 38.6.0 |