Browse all 5 CVE security advisories affecting unshiftio. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Unshiftio develops JavaScript libraries for web application development, with its core use case centered around providing utility functions for frontend and backend JavaScript environments. Historically, the project has been associated with multiple cross-site scripting (XSS) vulnerabilities and remote code execution (RCE) flaws, often stemming from improper input validation and insecure deserialization. The project maintains five CVE records, with notable security characteristics including insufficient sanitization in data processing functions and inadequate access controls in certain modules. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests a need for enhanced security testing and input validation practices in the development lifecycle.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-0691 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parseCWE-639 | 9.1 | - | 2022-02-21 |
| CVE-2022-0686 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parseCWE-639 | 9.1 | - | 2022-02-20 |
| CVE-2022-0639 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parseCWE-639 | 9.1 | - | 2022-02-17 |
| CVE-2022-0512 | Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parseCWE-639 | 9.1 | - | 2022-02-14 |
| CVE-2021-3664 | Open Redirect in unshiftio/url-parse — unshiftio/url-parseCWE-601 | 6.1 | - | 2021-07-26 |
This page lists every published CVE security advisory associated with unshiftio. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.