📦 Deno

This vulnerability allows attackers to bypass Deno's permission system for database read/write operations using the ATTACH DATABASE SQL statement. It affects Deno runtime users running versions 2.2.0 ...

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks and execute arbitrary shell commands with full system privileges. It affects all users running Deno ve...

This vulnerability allows Deno modules imported dynamically via import() or new Worker to bypass network and file system permission checks when statically importing other modules. It affects Deno vers...

This CVE describes a command injection vulnerability in Deno's node:child_process implementation that allows attackers to execute arbitrary commands on the host system. It affects Deno applications us...

Deno's node:crypto module before version 2.6.0 fails to properly finalize cipher operations, allowing attackers to perform infinite encryption attempts. This enables brute-force attacks and potential ...

This vulnerability allows attackers to bypass Deno's security restrictions on Windows by using case variations in file extensions (.BAT, .Bat instead of .bat). Attackers could execute arbitrary batch ...

This CVE describes a command injection vulnerability in Deno on Windows systems. When Deno executes batch files (.bat, .cmd) on Windows, the underlying CreateProcess() function implicitly spawns cmd.e...

Deno 1.44.0 incorrectly sends .npmrc authentication credentials to tarball URLs on different domains when a private registry provides cross-domain tarball links. This exposes private registry credenti...

This CVE describes a sandbox escape vulnerability in Deno where granting file read/write permissions could unintentionally provide broader system access. By accessing privileged files like /proc/self/...

This vulnerability allows attackers to bypass Deno's permission prompts by injecting ANSI escape sequences into standard input during a race condition. It affects all Deno users who run untrusted code...

This vulnerability in Deno runtime version 1.39.0 allows arbitrary file descriptor manipulation, enabling attackers to bypass permission prompts and achieve arbitrary code execution on the host machin...

This vulnerability in Deno's Node.js compatibility layer allows cross-session data contamination during simultaneous asynchronous reads from Node.js streams. Data intended for one session can be recei...

This vulnerability in Deno's file sandbox allows attackers to bypass directory restrictions via symbolic links. When Deno is run with write permissions, the Deno.symlink method can be exploited to acc...

This CVE describes a permission precedence vulnerability in Deno where 'deny' flags don't properly override 'allow' flags when both are specified for the same permission type. This affects Deno users ...

This vulnerability in Deno runtime versions 1.46.0 through 2.1.6 fails to validate AES-GCM authentication tags, allowing tampered ciphertexts to go undetected. This breaks cryptographic integrity guar...