Package impact
npm / @steipete/summarize
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45245 | high | 7.4 | 7.4 | 12d ago | Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links | |||
| CVE-2026-45242 | high | 7.1 | 7.1 | 12d ago | Summarize contains a path traversal vulnerability | |||
| CVE-2026-45243 | medium | 6.1 | 6.1 | 12d ago | Summarize contains a missing authorization vulnerability | |||
| CVE-2026-45222 | medium | 6.1 | 6.1 | 19d ago | @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json | |||
| CVE-2026-45244 | medium | 5.4 | 5.4 | 12d ago | Summarize contains a missing authorization vulnerability |