Browse all 4 CVE security advisories affecting elysiajs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ElysiaJS is a web framework for building server-side applications with TypeScript support. Historically, it has been associated with remote code execution vulnerabilities due to unsafe input handling in routing and middleware components. Cross-site scripting (XSS) vulnerabilities have also been common, stemming from improper output encoding. The framework has experienced privilege escalation issues in versions prior to 0.7.0, where improper access controls allowed unauthorized users to perform administrative actions. While no major public security incidents have been documented, the four CVEs recorded highlight recurring patterns in input validation and access control implementations that require careful mitigation by developers using the framework.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-31865 | Elysia Cookie Value Prototype Pollution — elysiaCWE-1321 | 6.5 | Medium | 2026-03-18 |
| CVE-2026-30837 | Elysia has a string URL format redos — elysiaCWE-1333 | 7.5 | High | 2026-03-10 |
| CVE-2025-66457 | Elysia affected by arbitrary code injection through cookie config — elysiaCWE-94 | 8.8AI | HighAI | 2025-12-09 |
| CVE-2025-66456 | Elysia vulnerable to prototype pollution with multiple standalone schema validation — elysiaCWE-1321 | 9.8AI | CriticalAI | 2025-12-09 |
This page lists every published CVE security advisory associated with elysiajs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.