Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package rollup, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2026-27606 — CVSS 9.8 (critical): Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and…
CVE-2024-47068 — CVSS 6.1 (medium): Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability…