pkg:Go/github.com/esm-dev/esm.sh
16 total CVEsHIGH6MEDIUM2
✅ Check your installed version
All known vulnerabilities
- from 0, < 0.0.0-20260508100112-1960055e1d53
- HIGH8.6CVE-2026-27730esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route in github.com/esm-dev/esm.shfrom 0, < 0.0.0-20250616164159-0593516c4cfa
- HIGH8.6CVE-2026-27730esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route in github.com/esm-dev/esm.shfrom 0, < 0.0.0-20250616164159-0593516c4cfa
- HIGH8.2CVE-2025-65025esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.shfrom 0, < 0.0.0-20251117232647-9d77b88c3207
- HIGH8.2CVE-2025-65025esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.shfrom 0, < 0.0.0-20251117232647-9d77b88c3207
- HIGH7.5CVE-2026-44594esm.sh: Path Traversal via package.json browser field allows reading arbitrary server filesfrom 0, < 0.0.0-20250616164159-0593516c4cfa
- MEDIUM6.1CVE-2025-65026esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.shfrom 0, < 0.0.0-20251118065157-87d2f6497574
- MEDIUM6.1CVE-2025-65026esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.shfrom 0, < 0.0.0-20251118065157-87d2f6497574
- from 0, < 0.0.0-20250616164159-0593516c4cfa
- from 0, < 0.0.0-20250616164159-0593516c4cfa
- —CVE-2026-23644esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packagesfrom 0, < 0.0.0-20260116051925-c62ab83c589e
- —CVE-2026-23644esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages>= 0.0.1, <= 136
- —CVE-2025-59342esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header in github.com/esm-dev/esm.shfrom 0
- —CVE-2025-59342esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header in github.com/esm-dev/esm.shfrom 0, < 136.1
- from 0
- from 0, <= 136