pkg:npm/opencode-ai
2 total CVEsHIGH1
✅ Check your installed version
All known vulnerabilities
HIGH8.8CVE-2026-22812OpenCode's Unauthenticated HTTP Server Allows Arbitrary Command Execution from 0, < 1.0.216
—CVE-2026-22813Malicious website can execute commands on the local system through XSS in the OpenCode web UI from 0, < 1.1.10