Every CVE whose affected-product data names Webpack.js Webpack, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2023-28154 — CVSS 9.8 (critical): Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker…
CVE-2024-43788 — CVSS 6.4 (medium): Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming…
CVE-2025-68157 — CVSS 3.7 (low): Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver…
CVE-2025-68458 — CVSS 3.7 (low): Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver…