Back to search
CVE-2025-50180
Published: Feb 25, 2026
Modified: Feb 27, 2026
PUBLISHED
Description
esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability.
| Vendor | Product | Versions |
|---|---|---|
esm-dev | esm.sh | affected = 136 |
Weaknesses (CWE)
References
https://github.com/esm-dev/esm.sh/security/advisories/GHSA-3c9r-837r-qqm4
x_refsource_CONFIRM
https://github.com/esm-dev/esm.sh/pull/1149
x_refsource_MISC
https://github.com/esm-dev/esm.sh/releases/tag/v137
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now