Browse all 30 CVE security advisories affecting denoland. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Denoland operates as a technology company specializing in the Deno runtime, a modern JavaScript and TypeScript execution environment designed for server-side and command-line applications. While the runtime itself is robust, its ecosystem and associated tools have historically been subject to various security flaws. Recorded vulnerabilities frequently involve remote code execution, cross-site scripting, and privilege escalation issues, often stemming from improper input validation or insecure default configurations within third-party modules or bundled utilities. These weaknesses can allow attackers to execute arbitrary commands or bypass security controls in affected deployments. Although Deno emphasizes security by default, the complexity of its module registry and the rapid pace of development have led to a notable number of Common Vulnerabilities and Exposures. Organizations utilizing Deno must prioritize regular dependency updates and strict security auditing to mitigate these risks effectively.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-55195 | @std/toml Prototype Pollution in Node.js and Browser — stdCWE-1321 | 7.3 | High | 2025-08-14 |
| CVE-2024-52793 | XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems — stdCWE-79 | 5.4 | - | 2024-11-22 |
This page lists every published CVE security advisory associated with denoland. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.