pkg:npm/webpack

All known vulnerabilities

• CRITICAL9.8CVE-2023-28154Cross-realm object access in Webpack 5
  >= 5.0.0, < 5.76.0
• MEDIUM6.4CVE-2024-43788Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
  >= 5.0.0-alpha.0, < 5.94.0
• LOW3.7CVE-2025-68458webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior
  >= 5.49.0, < 5.104.1
• LOW3.7CVE-2025-68157webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence
  >= 5.49.0, < 5.104.0