Version 3.5.13

vue

πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

Install Instructions

npm install vue
Current Version Release Date November 15, 2024
Language JavaScript/TypeScript
Package URL (purl) pkg:npm/vue@3.5.13

Find vue vulnerabilities in your supply chain.

Scan for Free

vue Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2024-9506 Low 3.7 CWE-1333 0.00043 0.11433
  • 2.0.0–2.7.16-beta.2
CVE-2018-6341 Medium 6.1 CWE-79 0.00085 0.3844
  • 2.0.0–2.5.17-beta.0
  • 1.0.0–1.0.28-csp
  • 0.0.0–0.12.16-csp

vue Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-9506 Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. 2.7.2, 2.7.1, 2.7.8, 2.7.0, 2.7.14, 2.7.13, 2.7.5, 2.7.9 (Show all) Major β†’ 3.0.0-alpha.0
CVE-2018-6341 React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. 2.5.3, 2.0.5, 0.12.0-beta4, 0.12.1, 0.12.6-csp, 0.12.3, 0.12.6, 0.12.8-csp (Show all) Major β†’ 3.0.0-alpha.0

Instantly see if these vue vulnerabilities affect your code.

Scan for Free