-
Notifications
You must be signed in to change notification settings - Fork 5.4k
Security: denoland/deno
Security Navigation
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Private npm registry support used scope auth token for downloading tarballsGHSA-rfc6-h225-3vxv published
Jun 6, 2024 by bartlomiejuHigh -
Race condition when flushing input stream leads to permission prompt bypassGHSA-95cj-3hr2-7j5j published
Apr 18, 2024 by mmastracHigh -
Permission escalation via open of privileged files with missing `--deny` flagGHSA-23rx-c3g5-hv9w published
May 7, 2024 by mmastracHigh -
Insufficient permission checking in `Deno.makeTemp*` APIsGHSA-hrqr-jv8w-v9jh published
Mar 5, 2024 by mmastracModerate -
Improper suffix match testing for DENO_AUTH_TOKENSGHSA-5frw-4rwq-xhcr published
Mar 5, 2024 by mmastracModerate -
Arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypassGHSA-6q4w-9x56-rmwq published
Mar 5, 2024 by mmastracHigh -
*const c_void / ExternalPointer unsoundness leading to use-after-freeGHSA-3j27-563v-28wf published
Mar 5, 2024 by mmastracModerate -
Cross-Session Data Contamination in Deno's Node.js Compatibility RuntimeGHSA-wrqv-pf6j-mqjp published
Mar 5, 2024 by mmastracHigh -
Missing "--allow-net" permission check for built-in Node modulesGHSA-vc52-gwm3-8v2f published
May 30, 2023 by bartlomiejuHigh -
Interactive permission prompt spoofing via improper ANSI strippingGHSA-m4pq-fv2w-6hrw published
Mar 5, 2024 by mmastracHigh