npm
unhead
4 known vulnerabilities · 0 critical · 0 high
Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Published Mar 12, 2026
GHSA-95h2-gj7x-gx9w
Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()
Published Apr 9, 2026
GHSA-x7mm-9vvv-64w8
unhead: Streaming SSR `streamKey` injected into inline script without identifier validation
Published Apr 10, 2026
Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity
Published Mar 12, 2026
Check your entire dependency tree at onceRun dependency scan →