-
Notifications
You must be signed in to change notification settings - Fork 5.5k
Security: denoland/deno
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
fetch: Authorization headers not dropped when redirecting cross-originGHSA-f27p-cmv8-xhm6 published
Jan 6, 2025 by bartlomiejuHigh -
Private npm registry support used scope auth token for downloading tarballsGHSA-rfc6-h225-3vxv published
Jun 6, 2024 by bartlomiejuHigh -
Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generatorGHSA-qqwr-j9mm-fhw6 published
Nov 25, 2024 by bartlomiejuModerate -
Race condition when flushing input stream leads to permission prompt bypassGHSA-95cj-3hr2-7j5j published
Apr 18, 2024 by mmastracHigh -
Permission escalation via open of privileged files with missing `--deny` flagGHSA-23rx-c3g5-hv9w published
May 7, 2024 by mmastracHigh -
Insufficient permission checking in `Deno.makeTemp*` APIsGHSA-hrqr-jv8w-v9jh published
Mar 5, 2024 by mmastracModerate -
Improper suffix match testing for DENO_AUTH_TOKENSGHSA-5frw-4rwq-xhcr published
Mar 5, 2024 by mmastracModerate -
Arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypassGHSA-6q4w-9x56-rmwq published
Mar 5, 2024 by mmastracHigh -
*const c_void / ExternalPointer unsoundness leading to use-after-freeGHSA-3j27-563v-28wf published
Mar 5, 2024 by mmastracModerate -
Cross-Session Data Contamination in Deno's Node.js Compatibility RuntimeGHSA-wrqv-pf6j-mqjp published
Mar 5, 2024 by mmastracHigh