HIGH8.7CVE-2026-44593esm.sh: Legacy Route Path Traversal Can Lead to RCE from 0, < 0.0.0-20260508100112-1960055e1d53
HIGH8.6CVE-2026-27730esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route in github.com/esm-dev/esm.sh from 0, < 0.0.0-20250616164159-0593516c4cfa
HIGH8.6CVE-2026-27730esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route in github.com/esm-dev/esm.sh from 0, < 0.0.0-20250616164159-0593516c4cfa
HIGH8.2esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh
from 0, < 0.0.0-20251117232647-9d77b88c3207
HIGH8.2esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh
from 0, < 0.0.0-20251117232647-9d77b88c3207
HIGH7.5esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files
from 0, < 0.0.0-20250616164159-0593516c4cfa
MEDIUM6.1esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh
from 0, < 0.0.0-20251118065157-87d2f6497574
MEDIUM6.1esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh
from 0, < 0.0.0-20251118065157-87d2f6497574
—esm.sh is vulnerable to full-response SSRF in github.com/esm-dev/esm.sh
from 0, < 0.0.0-20250616164159-0593516c4cfa
—esm.sh is vulnerable to full-response SSRF in github.com/esm-dev/esm.sh
from 0, < 0.0.0-20250616164159-0593516c4cfa
—esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages
from 0, < 0.0.0-20260116051925-c62ab83c589e
—esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages
>= 0.0.1, <= 136
—esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header in github.com/esm-dev/esm.sh
from 0
—esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header in github.com/esm-dev/esm.sh
from 0, < 136.1
—esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh
from 0
—esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh
from 0, <= 136