Home/Product/deno
Product

deno

29 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-32260
>= 2.7.0 and < 2.7.2
Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno'
8.1HIGH
 CVE-2026-27190
< 2.6.8
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node
8.1HIGH
 CVE-2026-22864
< 2.5.6
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.5.6, a prior patch aimed to block spawning Windows batch/shell
8.1HIGH
 CVE-2026-22863
< 2.6.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Before 2.6.0, node:crypto doesn't finalize cipher. The vulnerability al
7.5HIGH
 CVE-2025-61787
<= 2.2.15
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injec
8.1HIGH
 CVE-2025-61786
<= 2.2.15
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and
3.3LOW
 CVE-2025-61785
<= 2.2.15
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.utime an
3.3LOW
 CVE-2025-48935
>= 2.2.0 and < 2.2.5
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible t
9.1CRITICAL
 CVE-2025-48934
< 2.1.13
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ign
5.3MEDIUM
 CVE-2025-48888
>= 1.41.3 and < 2.1.13
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.
5.3MEDIUM
 CVE-2025-24015
>= 1.46.0 and < 2.1.7
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM an
5.3MEDIUM
 CVE-2024-37150
all versions
An issue in .npmrc support in Deno 1.44.0 was discovered where Deno would send .npmrc credentials for the scope to the tarball
7.6HIGH
 CVE-2024-34346
< 1.43.1
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by a
8.4HIGH
 CVE-2024-32477
< 1.42.2
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between
7.7HIGH
 CVE-2024-27936
>= 1.32.1 and < 1.41.0
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.
8.8HIGH
 CVE-2024-27935
>= 1.35.1 and < 1.36.3
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability
7.2HIGH
 CVE-2024-27934
>= 1.36.2 and < 1.40.3
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherent
8.4HIGH
 CVE-2024-27933
all versions
Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in op_node_ipc_pipe()
8.2HIGH
 CVE-2024-27932
>= 1.8.0 and < 1.40.4
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly
4.6MEDIUM
 CVE-2024-27931
< 1.41.1
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.mak
5.8MEDIUM
 CVE-2023-33966
all versions
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the bu
8.6HIGH
 CVE-2023-28446
< 1.31.2
Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program nam
8.8HIGH
 CVE-2023-28445
all versions
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous f
9.9CRITICAL
 CVE-2023-26103
< 1.31.0
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSoc
5.3MEDIUM
 CVE-2023-22499
>= 1.9.0 and < 1.29.3
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof inte
7.5HIGH
 CVE-2021-41641
>= 1.10.3 and <= 1.14.0
Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlin
8.4HIGH
 CVE-2022-24783
>= 1.18.0 and < 1.20.3
Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable
10.0CRITICAL
 CVE-2021-42139
< 0.107.0
Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain configurations.
9.8CRITICAL
 CVE-2021-32619
>= 1.5.0 and < 1.10.2
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that
9.8CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin