@steipete/summarize
npm5 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting @steipete/summarizepage 1 of 1
- CVE-2026-45222MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.15.02026-05-11
Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer to…
- CVE-2026-45242HIGHCVSS 7.1EG 7.1✓ Fixed in 0.15.02026-05-18
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute path or directory traversal sequence …
- CVE-2026-45243MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.15.02026-05-18
Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can simulate runtime…
- CVE-2026-45244MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.15.02026-05-18
Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence t…
- CVE-2026-45245HIGHCVSS 7.4EG 7.4✓ Fixed in 0.15.12026-05-18
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests …
Check whether @steipete/summarize is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for @steipete/summarize CVEs against the assets you own.
Start Free Scan →