# npm audit report
@nuxt/nitro-server >=3.20.0
Severity: moderate
Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning - https://github.com/advisories/GHSA-g8wj-3cr3-6w7v
Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*` - https://github.com/advisories/GHSA-hg3f-28rg-4jxj
Depends on vulnerable versions of nitropack
fix available via `npm audit fix --force`
Will install nuxt@3.21.7, which is outside the stated dependency range
node_modules/@nuxt/nitro-server
nuxt 3.1.0 - 3.21.5
Depends on vulnerable versions of @nuxt/nitro-server
Depends on vulnerable versions of @nuxt/vite-builder
node_modules/nuxt
@nuxt/vite-builder 3.20.0 - 3.21.5
Depends on vulnerable versions of nuxt
node_modules/@nuxt/vite-builder
serialize-javascript 5.0.0 - 7.0.4
Severity: moderate
Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects - https://github.com/advisories/GHSA-qj8w-gfj5-8c6v
fix available via `npm audit fix --force`
Will install nuxt@3.21.7, which is outside the stated dependency range
node_modules/serialize-javascript
@rollup/plugin-terser 0.2.0 - 0.4.4
Depends on vulnerable versions of serialize-javascript
node_modules/@rollup/plugin-terser
nitropack >=2.0.0-rc.0
Depends on vulnerable versions of @rollup/plugin-terser
node_modules/nitropack
unhead <2.1.13
Severity: moderate
Unhead has a hasDangerousProtocol() bypass via leading-zero padded HTML entities in useHeadSafe() - https://github.com/advisories/GHSA-95h2-gj7x-gx9w
fix available via `npm audit fix`
node_modules/unhead
@unhead/vue <=0.6.3 || 1.0.22 - 2.1.12
Depends on vulnerable versions of unhead
node_modules/@unhead/vue
ws 8.0.0 - 8.20.0
Severity: moderate
ws: Uninitialized memory disclosure - https://github.com/advisories/GHSA-58qx-3vcg-4xpx
No fix available
node_modules/viem/node_modules/ws
viem <=0.0.0-wagmiv2-20230628182101 || 0.2.2 - 2.49.3
Depends on vulnerable versions of ws
node_modules/viem
@eulerxyz/euler-v2-sdk *
Depends on vulnerable versions of viem
node_modules/@eulerxyz/euler-v2-sdk
11 moderate severity vulnerabilities
To address issues that do not require attention, run:
npm audit fix
To address all issues possible, run:
npm audit fix --force
Some issues need review, and may require choosing
a different dependency.
npm audit results
Run
npm auditlocally for details. Useoverridesin package.json to patch transitive dependencies.