webpack
73 known vulnerabilities · 2 critical · 2 high
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence
webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior
webpack-dev-server users' source code may be stolen when they access a malicious web site
webpack-dev-server users' source code may be stolen when they access a malicious web site with non-Chromium based browser
Malicious code in bender-webpack (npm)
Malicious code in erserwebpackplugin (npm)
Malicious code in @bynder-private/persistgraphql-webpack-plugin (npm)
Malicious code in copywebpackplugxin (npm)
Malicious code in mitui-util-webpack (npm)
Malicious code in ug-lifjjs-webpack-plugin (npm)
Malicious code in deps-json-webpack-plugin (npm)
Malicious code in webpack-support-multi-domain-plugin (npm)
Malicious code in webpack-svg-spirit-import (npm)
Malicious code in webpack-3undle-analyr (npm)
Malicious code in ynf-dx-webpack-plugins (npm)
Malicious code in webpack-next (npm)
Malicious code in webpack-compilejsx (npm)
Malicious code in alchemy-web3-webpack-example (npm)
Malicious code in webpack-cli.legacy (npm)
Malicious code in ad-shield-webpack (npm)
Malicious code in bootstrap-npm-webpack (npm)
Malicious code in @playgami/portal-webpack (npm)
Malicious code in webpack-extensive-lodash-replacement-plugin (npm)
Malicious code in fork-ts-checker-webpack-lugin-alt (npm)
Malicious code in webpack-css-load-branch (npm)
Malicious code in webpack-cil (npm)
Malicious code in webpack-dev-fixture (npm)
Malicious code in vr-webpack (npm)
Malicious code in webpack-loadcss (npm)
Malicious code in simple-line-icons-webpack (npm)
Malicious code in theme-webpack (npm)
Malicious code in optimiecssassetswebpackplugin (npm)
Malicious code in html-webpack-plugin-v4 (npm)
Malicious code in @amber-team/webpack-config (npm)
Malicious code in @bugbounty-automation/deps-json-webpack-plugin (npm)
Malicious code in 7np-webpack-pugin (npm)
Malicious code in webpack-vue-config (npm)
Malicious code in webpack.js.org (npm)
Malicious code in xo-webpack-config (npm)
Malicious code in airslate-dep-webpack (npm)
Malicious code in @shop-cicd/webpack-package-artifact (npm)
Malicious code in progressbr-webpack-plugin (npm)
Malicious code in webpack-old (npm)
Malicious code in feiendlyerrorswebpackplugin (npm)
Malicious code in webpack-dev-server.legacy (npm)
Malicious code in polaris-example-webpack (npm)
Malicious code in webpack-i18n-tools (npm)
Malicious code in webpack4types (npm)
Malicious code in webpack-insert-sentry-plugin (npm)
Malicious code in text-unicode-webpack (npm)
Malicious code in shared-library-webpack-plugin (npm)
Malicious code in webpack-cli-v4 (npm)
Malicious code in core-webpack (npm)
Malicious code in html-webpack-plugin-v5 (npm)
Malicious code in braze-webpack-sample (npm)
Malicious code in webpack-cli-4 (npm)
Malicious code in casesensitijepathswebpackplugin (npm)
Malicious code in cleanwebpackmplugin (npm)
Malicious code in webpack-inline-constant-exports-plugin (npm)
Malicious code in webpack-dev-serve-middleware (npm)
Malicious code in webpack-loader-httpfile (npm)
Malicious code in webpack-loader-css-branch (npm)
Malicious code in webpack-vite (npm)
Malicious code in webpack-css-branch-loader (npm)
Malicious code in webpack-load-css-branch (npm)
Malicious code in react-server-dom-webpack-experimental (npm)
Malicious code in minimal-ts-webpack (npm)