pkg:npm/happy-dom

5 total CVEsHIGH2

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2026-33943Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code
    >= 15.10.0, < 20.8.8
  • HIGH7.5CVE-2026-34226Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies
    from 0, < 20.8.9
  • CVE-2025-62410happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript
    >= 19.0.0, < 20.0.2
  • CVE-2025-61927Happy DOM: VM Context Escape can lead to Remote Code Execution
    from 0, < 20.0.0
  • CVE-2024-51757happy-dom allows for server side code to be executed by a <script> tag
    from 0, < 15.10.2