Eslint CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-54313	5 Alexghr, Homarr, Microsoft and 2 more	8 Got-fetch, Homarr, Windows and 5 more	2026-01-23	7.5 High
eslint-config-prettier 8.10.1, 9.1.1, 10.1.6, and 10.1.7 has embedded malicious code for a supply chain compromise. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows.
CVE-2020-1481	1 Microsoft	1 Eslint	2025-08-20	8.8 High
A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'.
CVE-2021-27081	1 Microsoft	2 Eslint, Visual Studio Code Eslint Extension	2025-08-20	7.8 High
Visual Studio Code ESLint Extension Remote Code Execution Vulnerability

Page 1 of 1.