| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2025-48934 |
unknown |
— |
— |
1y ago |
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables |
|
| CVE-2025-48888 |
unknown |
— |
— |
1y ago |
Deno run with --allow-read and --deny-read flags results in allowed |
|
| CVE-2024-27936 |
unknown |
— |
— |
2y ago |
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping |
|
| CVE-2023-33966 |
unknown |
— |
— |
3y ago |
Missing "--allow-net" permission check for built-in Node modules |
|
| CVE-2023-28446 |
unknown |
— |
— |
3y ago |
Interactive `run` permission prompt spoofing via improper ANSI neutralization |
|
| CVE-2023-28445 |
unknown |
— |
— |
3y ago |
Deno improperly handles resizable ArrayBuffer |
|