webpack-dev-server

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting webpack-dev-serverpage 1 of 1

CVE-2018-14732HIGHCVSS 7.5✓ Fixed in 3.1.11
2018-09-21
An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement)…
CVE-2026-6402MEDIUMCVSS 5.3EG 5.3✓ Fixed in 5.2.4
2026-05-12
webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetc…

Check whether webpack-dev-server is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for webpack-dev-server CVEs against the assets you own.

Start Free Scan →