Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package nuxt, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2024-34344 — CVSS 8.8 (high): Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation…
CVE-2026-53721 — CVSS 8.2 (high): Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a…
CVE-2025-27415 — CVSS 7.5 (high): Nuxt is an open-source web development framework for Vue.js. Prior to 3.16.0, by sending a crafted HTTP request to a server behind an CDN…
CVE-2024-34343 — CVSS 6.3 (medium): Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts…
CVE-2026-56326 — CVSS 6.1 (medium): Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to…
CVE-2026-46342 — CVSS 5.4 (medium): Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and…
CVE-2026-45669 — CVSS 5.4 (medium): Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6…
CVE-2026-53722 — CVSS 5.4 (medium): Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, <NuxtLink> did not validate the URL scheme…
CVE-2026-47200 — CVSS 5.3 (medium): Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and…
CVE-2025-59414 — CVSS 3.1 (low): Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in…