VDB
CVE-2025-65026
CVE-2025-65026
PUBLISHED
CVSS 6.099999904632568 MEDIUM
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
EPSS 0.02% · 6.8th percentile
Risk Scores
CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.02%
6.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | esm-dev/esm.sh | 0 |
| esm | esm.sh | 0 |
| esm-dev | esm.sh | * |
Timeline
- Nov 19, 2025 CVE Published
- Nov 20, 2025 EPSS Score
- Nov 25, 2025 EPSS Score
- Nov 27, 2025 CVE Updated
- Nov 30, 2025 EPSS Score
- Dec 5, 2025 EPSS Score
- Dec 9, 2025 EPSS Score
- Dec 14, 2025 EPSS Score
- Dec 19, 2025 EPSS Score
- Dec 24, 2025 EPSS Score
- Dec 29, 2025 EPSS Score
- Jan 3, 2026 EPSS Score