Security
Headlines

Headlines Latest CVEs

Headline

GHSA-xmq3-q5pm-rp26: Nuxt DevTools vulnerable to cross-site scripting (XSS)

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4*. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade.

16 hours ago

#xss #vulnerability #nodejs #git #intel #auth

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewDiscover and integrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-52662

Nuxt DevTools vulnerable to cross-site scripting (XSS)

Moderate severity GitHub Reviewed Published Nov 7, 2025 to the GitHub Advisory Database • Updated Nov 7, 2025

Package

npm @nuxt/devtools (npm)

Affected versions

< 2.6.4

Description

Published to the GitHub Advisory Database

Nov 7, 2025

EPSS score

ghsa: Latest News

GHSA-46xp-26xh-hpqh: KubeVirt Vulnerable to Arbitrary Host File Read and Write

1 hour ago

GHSA-cm35-v4vp-5xvx: Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events

2 hours ago

GHSA-w7xj-8fx7-wfch: Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE

4 hours ago

GHSA-rwvc-j5jr-mgvh: Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files

16 hours ago

GHSA-xmq3-q5pm-rp26: Nuxt DevTools vulnerable to cross-site scripting (XSS)

16 hours ago