webpack-dev-server (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package webpack-dev-server, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2018-14732 — CVSS 7.5 (high): An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the…
CVE-2025-30360 — CVSS 6.5 (medium): webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1…
CVE-2025-30359 — CVSS 5.3 (medium): webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1…
CVE-2026-6402 — CVSS 5.3 (medium): webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a…
CVE-2026-9595 — CVSS 5.3 (medium): Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's…