Security Overview · esm-dev/esm.sh · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

JS Template Literal Injection in CSS-to-JavaScript
GHSA-hcpf-qv9m-vfgp published Nov 19, 2025 by ije

Moderate
Arbitrary file write via tarslip
GHSA-h3mw-4f23-gwpw published Nov 19, 2025 by ije

High
Arbitrary file write via path traversal in `X-Zone-Id` header
GHSA-g2h5-cvvr-7gmw published Sep 17, 2025 by ije

Moderate
Local File Inclusion in esm.sh
GHSA-49pv-gwxp-532r published Sep 17, 2025 by ije

High

Learn more about advisories related to esm-dev/esm.sh in the GitHub Advisory Database