@steipete/summarize (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @steipete/summarize, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2026-45245 — CVSS 7.4 (high): Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover…
CVE-2026-45242 — CVSS 7.1 (high): Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to…
CVE-2026-45222 — CVSS 6.1 (medium): Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem…
CVE-2026-45243 — CVSS 6.1 (medium): Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows…
CVE-2026-45244 — CVSS 5.4 (medium): Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions…