Home/Product/nuxt
Product

nuxt

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-34405
< 6.2.5
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI:
6.1MEDIUM
 CVE-2026-34404
< 6.2.5
Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI:
7.5HIGH
 CVE-2025-52662
< 2.6.4
A vulnerability in Nuxt DevTools has been fixed in version 2.6.4*. This issue may have allowed Nuxt auth token extraction via
6.9MEDIUM
 CVE-2025-59414
>= 3.6.0 and < 3.19.0
Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability
3.1LOW
 CVE-2025-27415
>= 3.0.0 and < 3.16.0
Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind
7.5HIGH
 CVE-2024-42352
< 1.4.5
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an A
8.6HIGH
 CVE-2024-34344
>= 3.4.0 and < 3.12.4
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient v
8.8HIGH
 CVE-2024-34343
< 3.12.4
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function
6.3MEDIUM
 CVE-2024-23657
< 1.3.9
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Nuxt Devtools is missing
8.8HIGH
 CVE-2023-3224
>= 3.4.0 and < 3.4.3
Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.
9.8CRITICAL
 CVE-2023-2138
< 1.6.2
Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2.
9.8CRITICAL
 CVE-2023-0878
> 3.0.0 and < 3.2.1
Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.
6.1MEDIUM
 CVE-2022-4414
all versions
Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework prior to v3.0.0-rc.13.
6.1MEDIUM
 CVE-2022-4413
all versions
Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/framework prior to v3.0.0-rc.13.
6.1MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Detection coverage workspace
Saved stacks
SIEM query builder
Detection rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Ransomware groups
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Detection coverage Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Privacy policy Terms of service
threatengine.sh