📦 Esm.sh

Name: Esm.sh
Author: Esm

by Esm

🔍 What is Esm.sh?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2026-27730

HIGH CVSS 7.5 Feb 25, 2026

CVE-2026-27730 is a Server-Side Request Forgery (SSRF) vulnerability in esm.sh's fetch route that allows attackers to bypass hostname-based validation using DNS alias domains. This enables external re...

CVE-2026-23644

HIGH CVSS 7.5 Jan 18, 2026

A path traversal vulnerability in esm.sh CDN allows attackers to write arbitrary files outside intended directories by exploiting absolute paths in malicious tar archives. This affects all users of es...

CVE-2025-65025

HIGH CVSS 8.2 Nov 19, 2025

CVE-2025-65025 is a path traversal vulnerability in esm.sh CDN service that allows attackers to write files to arbitrary server locations during NPM package extraction. This affects all users of esm.s...

CVE-2025-65026

MEDIUM CVSS 6.1 Nov 19, 2025

CVE-2025-65026 is a template literal injection vulnerability in esm.sh's CSS-to-JavaScript conversion feature that allows attackers to inject malicious JavaScript code via CSS files. When exploited, t...