CVE-2025-59341
EPSS 0.90%esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh
Published: 9/17/2025Modified: 3/3/2026
Description
esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh
Affected packages (2)
- Go/github.com/esm-dev/esm.shfrom 0, <= 136
- Go/github.com/esm-dev/esm.shfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-59341
- PATCHhttps://github.com/esm-dev/esm.sh
- WEBhttps://github.com/esm-dev/esm.sh/blob/c62f191d32639314ff0525d1c3c0e19ea2b16143/server/router.go#L1168
- WEBhttps://github.com/esm-dev/esm.sh/commit/492de92850dd4d350c8b299af541f87541e58a45
- WEBhttps://github.com/esm-dev/esm.sh/security/advisories/GHSA-49pv-gwxp-532r
- WEBhttps://pkg.go.dev/vuln/GO-2025-3962