Vulnerability Report: GO-2026-4545
- CVE-2025-50180, GHSA-3c9r-837r-qqm4
- Affects: github.com/esm-dev/esm.sh
- Published: Feb 25, 2026
esm.sh is vulnerable to full-response SSRF in github.com/esm-dev/esm.sh
For detailed information about this vulnerability, visit https://github.com/esm-dev/esm.sh/security/advisories/GHSA-3c9r-837r-qqm4.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/esm-dev/esm.sh/security/advisories/GHSA-3c9r-837r-qqm4
- https://github.com/esm-dev/esm.sh/commit/0593516c4cfab49ad3b4900416a8432ff2e23eb0
- https://github.com/esm-dev/esm.sh/pull/1149
- https://github.com/esm-dev/esm.sh/releases/tag/v137
- https://vuln.go.dev/ID/GO-2026-4545.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.