Количество 3
Количество 3
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github).
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list (aka trust ...
GHSA-xp39-vp6q-phvj
In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github).
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-24910 In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github). | CVSS3: 5.9 | 0% Низкий | 12 дней назад |
| CVE-2026-24910 In Bun before 1.3.5, the default trusted dependencies list (aka trust ... | CVSS3: 5.9 | 0% Низкий | 12 дней назад |
| GHSA-xp39-vp6q-phvj In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github). | CVSS3: 5.9 | 0% Низкий | 12 дней назад |
Уязвимостей на страницу