Skip to main content

Og Image

2 CVEs product

Monthly

CVE-2026-34405 npm MEDIUM PATCH GHSA This Month

Nuxt OG Image versions prior to 6.2.5 allow cross-site scripting (XSS) attacks via arbitrary HTML attribute injection in the image-generation endpoint at /_og/d/, affecting any unauthenticated remote user who can craft a malicious URI. An attacker can inject attributes into the HTML page body to execute JavaScript in the context of users' browsers, compromising confidentiality and integrity without service disruption. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS Og Image
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-34404 npm MEDIUM PATCH GHSA This Month

Nuxt OG Image versions prior to 6.2.5 are vulnerable to denial of service through unbounded image dimension parameters in the /_og/d/ endpoint. Attackers can specify arbitrarily large width and height values, causing the image-generation component to consume excessive CPU and memory resources, resulting in application unavailability. No authentication is required to exploit this vulnerability.

Denial Of Service Og Image
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Nuxt OG Image versions prior to 6.2.5 allow cross-site scripting (XSS) attacks via arbitrary HTML attribute injection in the image-generation endpoint at /_og/d/, affecting any unauthenticated remote user who can craft a malicious URI. An attacker can inject attributes into the HTML page body to execute JavaScript in the context of users' browsers, compromising confidentiality and integrity without service disruption. No public exploit code or active exploitation has been confirmed at the time of analysis.

XSS Og Image
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Nuxt OG Image versions prior to 6.2.5 are vulnerable to denial of service through unbounded image dimension parameters in the /_og/d/ endpoint. Attackers can specify arbitrarily large width and height values, causing the image-generation component to consume excessive CPU and memory resources, resulting in application unavailability. No authentication is required to exploit this vulnerability.

Denial Of Service Og Image
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy