Launch Week Day 1: Announcing Security Design Review
Start for Free
go

github.com/esm-dev/esm.sh

View on go registry
16 Total advisories
16 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
Go

CVE-2026-44593

esm.sh: Legacy Route Path Traversal Can Lead to RCE
HIGH 7.5
Go

CVE-2026-44594

esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files
UNKNOWN
Go

CVE-2026-27730

esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route in github.com/esm-dev/esm.sh
HIGH 8.6
Go

CVE-2026-27730

esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route
UNKNOWN
Go

CVE-2025-65026

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript in github.com/esm-dev/esm.sh
UNKNOWN
Go

CVE-2025-65025

esm.sh CDN service has arbitrary file write via tarslip in github.com/esm-dev/esm.sh
UNKNOWN
Go

CVE-2025-59341

esm.sh has File Inclusion issue in github.com/esm-dev/esm.sh
UNKNOWN
Go

CVE-2025-59342

esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header in github.com/esm-dev/esm.sh
UNKNOWN
Go

CVE-2025-50180

esm.sh is vulnerable to full-response SSRF
UNKNOWN
Go

CVE-2026-23644

esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages
UNKNOWN
Go

CVE-2026-23644

esm.sh has a path traversal in extractPackageTarball enables file writes from malicious packages
UNKNOWN
Go

CVE-2025-50180

esm.sh is vulnerable to full-response SSRF in github.com/esm-dev/esm.sh
UNKNOWN
Go

CVE-2025-59342

esm.sh has arbitrary file write via path traversal in `X-Zone-Id` header
MEDIUM 6.1
Go

CVE-2025-65026

esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
HIGH 8.2
Go

CVE-2025-65025

esm.sh CDN service has arbitrary file write via tarslip
UNKNOWN
Go

CVE-2025-59341

esm.sh has File Inclusion issue

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes