pkg:npm/9router

All known vulnerabilities

• CRITICAL10.0CVE-2026-463399router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
  >= 0.4.30, < 0.4.37
• HIGH7.3CVE-2026-5842decolua 9router vulnerable to authorization bypass
  from 0, < 0.3.75