VIR Vulnerability Intelligence Relay

Package impact

npm npm / unhead

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-39315 unknown 2mo ago Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe()
CVE-2026-31873 unknown 3mo ago Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity
CVE-2026-31860 unknown 3mo ago Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check