rollup
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting rolluppage 1 of 1
- CVE-2024-47068MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.79.22024-09-23
Rollup is a module bundler for JavaScript. Versions prior to 2.79.2, 3.29.5, and 4.22.4 are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` (e.g., `import.meta.url`) in `cjs`/`umd`/`ii…
- CVE-2026-27606CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.80.02026-02-25
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure fi…
Check whether rollup is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for rollup CVEs against the assets you own.
Start Free Scan →