denoland deno Vulnerabilities: CVEs, CISA KEV & Security Advisories

Severity and exploitation

How the CVSS severity of denoland deno's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical4

High16

Medium7

Low2

1 additional CVE has no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

None of denoland deno's CVEs are currently listed in CISA's KEV catalog.

Public exploits

16 of denoland deno's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every denoland deno version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

v1.10.321 CVEs
v1.11.021 CVEs
v1.11.121 CVEs
v1.11.221 CVEs
v1.12.021 CVEs
v1.12.121 CVEs
v1.12.221 CVEs
v1.13.021 CVEs
v1.13.121 CVEs
v1.13.221 CVEs
v1.14.021 CVEs
v1.18.021 CVEs
v1.19.021 CVEs
v1.20.021 CVEs
v1.20.121 CVEs
v1.10.020 CVEs
v1.10.120 CVEs
v1.14.120 CVEs
v1.14.220 CVEs
v1.15.020 CVEs
v1.15.120 CVEs
v1.15.220 CVEs
v1.15.320 CVEs
v1.16.020 CVEs
v1.16.120 CVEs
v1.16.220 CVEs
v1.17.020 CVEs
v1.21.020 CVEs
v1.22.020 CVEs
v1.23.020 CVEs
v1.24.020 CVEs
v1.25.020 CVEs
v1.26.020 CVEs
v1.27.020 CVEs
v1.28.020 CVEs
v1.29.020 CVEs
v1.9.020 CVEs
v1.9.120 CVEs
v1.9.220 CVEs
v1.30.019 CVEs
v1.8.019 CVEs
v1.8.119 CVEs
v1.8.219 CVEs
v1.31.018 CVEs
std/0.34.017 CVEs
std/0.35.017 CVEs
std/0.36.017 CVEs
std/0.37.017 CVEs
std/0.38.017 CVEs
std/0.39.017 CVEs
std/0.40.017 CVEs
std/0.41.017 CVEs
std/0.42.017 CVEs
std/0.50.017 CVEs
std/0.51.017 CVEs
std/0.52.017 CVEs
std/0.53.017 CVEs
std/0.54.017 CVEs
std/0.55.017 CVEs
std/0.56.017 CVEs
std/0.57.017 CVEs
std/0.58.017 CVEs
std/0.59.017 CVEs
std/0.60.017 CVEs
std/0.61.017 CVEs
std/0.62.017 CVEs
std/0.63.017 CVEs
std/0.64.017 CVEs
std/0.65.017 CVEs
std/0.66.017 CVEs
std/0.67.017 CVEs
std/0.68.017 CVEs
std/0.69.017 CVEs
std/0.70.017 CVEs
std/0.71.017 CVEs
std/0.72.017 CVEs
std/0.73.017 CVEs
std/0.74.017 CVEs
std/0.75.017 CVEs
std/0.76.017 CVEs
std/0.77.017 CVEs
std/0.78.017 CVEs
std/0.79.017 CVEs
std/0.80.017 CVEs
std/0.81.017 CVEs
std/0.82.017 CVEs
std/0.83.017 CVEs
std/0.84.017 CVEs
std/0.85.017 CVEs
v0.0.117 CVEs
v0.0.317 CVEs
v0.1.017 CVEs
v0.1.117 CVEs
v0.1.1017 CVEs
v0.1.1117 CVEs
v0.1.1217 CVEs
v0.1.217 CVEs
v0.1.317 CVEs
v0.1.417 CVEs
v0.1.517 CVEs
v0.1.617 CVEs
v0.1.717 CVEs
v0.1.817 CVEs
v0.1.917 CVEs
v0.10.017 CVEs
v0.11.017 CVEs
v0.12.017 CVEs
v0.13.017 CVEs
v0.14.017 CVEs
v0.15.017 CVEs
v0.16.017 CVEs
v0.17.017 CVEs
v0.18.017 CVEs
v0.19.017 CVEs
v0.2.017 CVEs
v0.2.117 CVEs
v0.2.1017 CVEs
v0.2.1117 CVEs
v0.2.217 CVEs
v0.2.317 CVEs
v0.2.417 CVEs
v0.2.517 CVEs
v0.2.617 CVEs
v0.2.717 CVEs
v0.2.817 CVEs
v0.2.917 CVEs
v0.20.017 CVEs
v0.21.017 CVEs
v0.22.017 CVEs
v0.23.017 CVEs
v0.24.017 CVEs
v0.25.017 CVEs
v0.26.017 CVEs
v0.27.017 CVEs
v0.28.017 CVEs
v0.28.117 CVEs
v0.29.017 CVEs
v0.3.017 CVEs
v0.3.117 CVEs
v0.3.1017 CVEs
v0.3.1117 CVEs
v0.3.217 CVEs
v0.3.317 CVEs
v0.3.417 CVEs
v0.3.517 CVEs
v0.3.617 CVEs
v0.3.717 CVEs
v0.3.817 CVEs
v0.3.917 CVEs
v0.30.017 CVEs
v0.30.117 CVEs
v0.31.017 CVEs
v0.32.017 CVEs
v0.33.017 CVEs
v0.34.017 CVEs
v0.35.017 CVEs
v0.36.017 CVEs
v0.37.017 CVEs
v0.37.117 CVEs
v0.38.017 CVEs
v0.39.017 CVEs
v0.4.017 CVEs
v0.40.017 CVEs
v0.41.017 CVEs
v0.42.017 CVEs
v0.5.017 CVEs
v0.6.017 CVEs
v0.7.017 CVEs
v0.8.017 CVEs
v0.9.017 CVEs
v1.0.017 CVEs
v1.0.0-rc117 CVEs
v1.0.0-rc217 CVEs
v1.0.0-rc317 CVEs
v1.0.117 CVEs
v1.0.217 CVEs
v1.0.317 CVEs
v1.0.417 CVEs
v1.0.517 CVEs
v1.1.017 CVEs
v1.1.117 CVEs
v1.1.217 CVEs
v1.1.317 CVEs
v1.2.017 CVEs
v1.2.117 CVEs
v1.2.217 CVEs
v1.2.317 CVEs
v1.3.017 CVEs
v1.3.117 CVEs
v1.3.217 CVEs
v1.3.317 CVEs
v1.32.017 CVEs
v1.4.017 CVEs
v1.4.117 CVEs
v1.4.217 CVEs
v1.4.317 CVEs
v1.4.417 CVEs
v1.4.517 CVEs
v1.4.617 CVEs
v1.5.017 CVEs
v1.5.117 CVEs
v1.5.217 CVEs
v1.5.317 CVEs
v1.5.417 CVEs
v1.6.017 CVEs
v1.6.117 CVEs
v1.6.217 CVEs
v1.6.317 CVEs
v1.7.017 CVEs
v1.7.117 CVEs
v1.7.217 CVEs
v1.7.317 CVEs
v1.7.417 CVEs
v1.33.016 CVEs
v1.34.016 CVEs
v1.35.015 CVEs
v1.36.015 CVEs
v1.37.015 CVEs
v1.38.015 CVEs
v1.39.014 CVEs
v1.40.014 CVEs
v1.41.013 CVEs
v1.42.012 CVEs
v1.43.09 CVEs
v1.43.19 CVEs
v1.44.09 CVEs
v1.46.09 CVEs
v2.0.09 CVEs
v2.1.09 CVEs
v2.2.09 CVEs
v1.45.08 CVEs
v2.3.07 CVEs
v2.3.17 CVEs
v2.2.16 CVEs
v2.2.26 CVEs
v2.2.36 CVEs
v2.2.46 CVEs
v2.3.26 CVEs
v2.3.36 CVEs
v2.3.46 CVEs
v2.3.56 CVEs
v2.3.66 CVEs
v2.3.76 CVEs
v2.4.06 CVEs
v2.4.16 CVEs
v2.4.26 CVEs
v2.4.36 CVEs
v2.4.46 CVEs
v2.4.56 CVEs
v2.5.06 CVEs
v2.5.16 CVEs
v2.5.26 CVEs
v2.2.105 CVEs
v2.2.115 CVEs
v2.2.125 CVEs
v2.2.55 CVEs
v2.2.65 CVEs
v2.2.75 CVEs
v2.2.85 CVEs
v2.2.95 CVEs
< 2.2.153 CVEs
>= 2.3.0, < 2.5.33 CVEs
v2.1.13 CVEs
v2.2.133 CVEs
v2.2.143 CVEs
v2.5.33 CVEs
v2.5.43 CVEs
v2.5.53 CVEs
>= 2.2.0, < 2.2.132 CVEs
v2.1.22 CVEs
v2.1.32 CVEs
v2.1.42 CVEs
v2.1.52 CVEs
v2.1.62 CVEs
v2.5.62 CVEs
< 2.1.131 CVE
>= 1.41.3, < 2.1.131 CVE
>= 2.3.0, < 2.3.21 CVE
deno = 1.34.01 CVE
deno_doc: < 0.119.01 CVE
deno_runtime = 0.114.01 CVE
deno: < 1.42.01 CVE
v1.20.21 CVE
v1.29.11 CVE
v1.29.21 CVE
v1.31.11 CVE
v1.40.11 CVE
v1.40.21 CVE
v1.40.31 CVE
v1.42.11 CVE
v2.1.101 CVE
v2.1.111 CVE
v2.1.121 CVE
v2.1.71 CVE
v2.1.81 CVE
v2.1.91 CVE
v2.6.01 CVE
v2.6.21 CVE
v2.6.31 CVE
v2.6.41 CVE
v2.6.51 CVE
v2.6.61 CVE
v2.6.71 CVE
v2.7.01 CVE
v2.7.11 CVE

Fixed in

1c3d04cfaf50a4a0db7a1925c0a73af5ea89bc693 CVEs
5f6b1329dfd377ff03a389fb32faf73bb966e81d3 CVEs
0117f27aef98e1bf9a8689fe5ab6b03b5a1453f72 CVEs
5b85bdaf88e36a1fcae3e442d96f026e4e1f9b922 CVEs
> 1.36.31 CVE
04c0a4cbf7c00811d3ace3184c1cb8597a0e88f11 CVE
1.40.41 CVE
118445103b019fbeb50eadc8d09d450fa8c33eee1 CVE
1b5f3112af364a3327b26f720746819c4f20f20d1 CVE
2039abe8d2bc82fa800f4118707a48ac6f5e02ae1 CVE
232ec7798c5ee38e645c2aea31aea3e9a81e17f31 CVE

Find a version

30 CVEs

Sort

Command Injection via incomplete shell metacharacter blocklist in node:child_process (bypass of CVE-2026-27190 fix)
CVE-2026-32260
Patch
CWE-78
High · CVSS 8.1
EPSS 0.1% (30th pct)2026-03-12
Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
CVE-2026-27190
Patch
CWE-78
High · CVSS 8.1
EPSS 0.9% (76th pct)2026-02-20
Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass
CVE-2026-22864
Patch
CWE-77
High · CVSS 8.1
EPSS 0.0% (11th pct)2026-01-15
Deno node:crypto doesn't finalize cipher
CVE-2026-22863
Patch
CWE-325
Critical · CVSS 9.2
EPSS 0.0% (1th pct)2026-01-15
Deno is Vulnerable to Command Injection on Windows During Batch File Execution
CVE-2025-61787
Public exploit
Patch
CWE-77
High · CVSS 8.1
EPSS 0.2% (38th pct)2025-10-08
Deno's --deny-read check does not prevent permission bypass
CVE-2025-61786
Patch
CWE-269
Low · CVSS 3.3
EPSS 0.0% (7th pct)2025-10-08
Deno's --deny-write check does not prevent permission bypass
CVE-2025-61785
Public exploit
Patch
CWE-266
Low · CVSS 3.3
EPSS 0.0% (5th pct)2025-10-08
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
CVE-2025-48935
Public exploit
Patch
CWE-863
Medium · CVSS 5.5
EPSS 0.3% (58th pct)2025-06-04
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables
CVE-2025-48934
Public exploit
Patch
CWE-201
Medium · CVSS 5.5
EPSS 0.4% (58th pct)2025-06-04
Deno run with --allow-read and --deny-read flags results in allowed
CVE-2025-48888
Public exploit
Patch
CWE-863
Medium · CVSS 5.5
EPSS 0.3% (49th pct)2025-06-04
Deno's AES GCM authentication tags are not verified
CVE-2025-24015
Public exploit
Patch
CWE-347
High · CVSS 7.7
EPSS 0.2% (39th pct)2025-06-03
Deno's authorization headers not dropped when redirecting cross-origin
CVE-2025-21620
Public exploit
Patch
CWE-200
High · CVSS 7.5
EPSS 0.3% (50th pct)2025-01-06
Medium vulnerability · 2024-11-25
CVE-2024-32468
Patch
CWE-79
Medium · CVSS 5.4
EPSS 0.1% (26th pct)2024-11-25
High vulnerability · 2024-06-06
CVE-2024-37150
Patch
CWE-200
High · CVSS 7.6
EPSS 0.4% (64th pct)2024-06-06
High vulnerability · 2024-05-07
CVE-2024-34346
Patch
CWE-863
High · CVSS 8.5
EPSS 0.1% (28th pct)2024-05-07
High vulnerability · 2024-04-18
CVE-2024-32477
Public exploit
Patch
CWE-362
High · CVSS 7.7
EPSS 0.2% (36th pct)2024-04-18
High vulnerability · 2024-03-06
CVE-2024-27936
Public exploit
Patch
CWE-150
High · CVSS 8.8
EPSS 0.8% (74th pct)2024-03-06
High vulnerability · 2024-03-06
CVE-2024-27935
Public exploit
Patch
CWE-488
High · CVSS 7.2
EPSS 0.4% (61th pct)2024-03-06
High vulnerability · 2024-03-06
CVE-2024-27934
Public exploit
Patch
CWE-416
High · CVSS 8.4
EPSS 0.3% (53th pct)2024-03-06
High vulnerability · 2024-03-06
CVE-2024-27933
Public exploit
Patch
CWE-863
High · CVSS 8.3
EPSS 0.0% (6th pct)2024-03-06
Medium vulnerability · 2024-03-06
CVE-2024-27932
Public exploit
Patch
CWE-20
Medium · CVSS 4.6
EPSS 0.5% (65th pct)2024-03-06
Insufficient permission checking in `Deno.makeTemp*` APIs
CVE-2024-27931
Patch
CWE-20
Medium · CVSS 5.8
EPSS 0.2% (45th pct)2024-03-05
High vulnerability · 2023-05-31
CVE-2023-33966
Patch
CWE-269
High · CVSS 8.6
EPSS 0.3% (56th pct)2023-05-31
High vulnerability · 2023-03-24
CVE-2023-28446
Public exploit
Patch
CWE-150
High · CVSS 8.8
EPSS 0.5% (65th pct)2023-03-24
Deno improperly handles resizable ArrayBuffer
CVE-2023-28445
Patch
CWE-125
Critical · CVSS 10.0
EPSS 0.8% (74th pct)2023-03-23
Medium vulnerability · 2023-02-25
CVE-2023-26103
Public exploit
Patch
CWE-1333
Medium · CVSS 5.3
EPSS 0.7% (72th pct)2023-02-25
High vulnerability · 2023-01-17
CVE-2023-22499
Public exploit
Patch
CWE-362
High · CVSS 7.5
EPSS 0.3% (57th pct)2023-01-17
Vulnerability · 2022-06-12
CVE-2021-41641
Patch
Unscored
EPSS 0.1% (32th pct)2022-06-12
Sandbox bypass leading to arbitrary code execution in Deno
CVE-2022-24783
Patch
CWE-269
Critical · CVSS 10.0
EPSS 0.4% (59th pct)2022-03-25
Critical vulnerability · 2021-05-28
CVE-2021-32619
Patch
CWE-285
Critical · CVSS 9.8
EPSS 0.4% (59th pct)2021-05-28

Severity and exploitation

denoland deno Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other denoland products

Frequently asked questions

How many CVEs does denoland deno have?

How many denoland deno CVEs are in CISA KEV?

Are there public exploits for denoland deno vulnerabilities?

Which versions of denoland deno are affected?

What are the most common weakness types in denoland deno CVEs?

How many critical denoland deno vulnerabilities are there?

What is the average severity of denoland deno CVEs?

References

Track denoland deno vulnerabilities