pkg:crates.io/deno

共 29 筆 CVECRITICAL4HIGH15MEDIUM6LOW2

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL10.0CVE-2022-24783Sandbox bypass leading to arbitrary code execution in Deno
    >= 1.18.0, < 1.20.3
  • CRITICAL9.8CVE-2021-32619Deno's static imports inside dynamically imported modules do not adhere to permission checks
    >= 1.5.0, < 1.10.2
  • CRITICAL9.1CVE-2025-48935Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
    >= 2.2.0, < 2.2.5
  • CRITICAL9.1CVE-2025-48935Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
    >= 2.2.0, < 2.2.5
  • HIGH8.8CVE-2024-27936Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
    >= 1.32.1, < 1.41.0
  • HIGH8.8CVE-2023-28446Interactive `run` permission prompt spoofing via improper ANSI neutralization
    >= 1.8.0, < 1.31.2
  • HIGH8.8CVE-2023-22499Deno is vulnerable to race condition via interactive permission prompt spoofing
    >= 1.9.0, < 1.29.3
  • HIGH8.6CVE-2023-33966Missing "--allow-net" permission check for built-in Node modules
    >= 1.34.0, < 1.34.1
  • HIGH8.4CVE-2024-34346Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
    from 0, < 1.43.1
  • HIGH8.4CVE-2024-27934*const c_void / ExternalPointer unsoundness leading to use-after-free
    >= 1.36.2, < 1.40.3
  • HIGH8.4CVE-2021-41641Link Following in Deno
    from 0, < 1.16.0
  • HIGH8.2CVE-2024-27933Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
    >= 1.39.0, < 1.39.1
  • HIGH8.1CVE-2026-32260Deno vulnerable to command Injection via incomplete shell metacharacter blocklist in node:child_process
    >= 2.7.0, < 2.7.2
  • HIGH8.1CVE-2026-27190Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
    from 0, < 2.6.8
  • HIGH8.1CVE-2026-22864Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass
    from 0, < 2.5.6
  • HIGH8.1CVE-2025-61787Deno is Vulnerable to Command Injection on Windows During Batch File Execution
    from 0, < 2.5.2
  • HIGH7.5CVE-2025-21620fetch: Authorization headers not dropped when redirecting cross-origin
    from 0, <= 1.46.3
  • HIGH7.4CVE-2026-44726Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
    >= 2.0.0, < 2.7.8
  • HIGH7.2CVE-2024-27935Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
    >= 1.35.1, < 1.36.3
  • MEDIUM5.8CVE-2024-27931Insufficient permission checking in `Deno.makeTemp*` APIs
    from 0, < 1.41.1
  • MEDIUM5.3CVE-2024-21486Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
    from 0, < 2.0.0
  • MEDIUM5.3CVE-2025-48934Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables
    from 0, < 2.1.13
  • MEDIUM5.3CVE-2025-48888Deno run with --allow-read and --deny-read flags results in allowed
    >= 1.41.3, < 2.1.13
  • MEDIUM5.3CVE-2023-26103Regular Expression Denial of Service in Deno.upgradeWebSocket API
    >= 1.12.0, < 1.31.0
  • MEDIUM4.6CVE-2024-27932Deno's improper suffix match testing for DENO_AUTH_TOKENS
    >= 1.8.0, < 1.40.4
  • LOW3.3CVE-2025-61786Deno's --deny-read check does not prevent permission bypass
    from 0, < 2.5.3
  • LOW3.3CVE-2025-61785Deno's --deny-write check does not prevent permission bypass
    from 0, < 2.5.3
  • CVE-2026-22863Deno node:crypto doesn't finalize cipher
    from 0, < 2.6.0
  • CVE-2025-24015Deno's AES GCM authentication tags are not verified
    >= 1.46.0, < 2.1.7