Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2026-24910
CVE-2026-24910
In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github).
Published Jan 28, 2026
https://bun.com/blog/bun-v1.3.5
CVSS Score
Medium
5.9
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
npm
@oven/bun-darwin-aarch64
0.1.6
npm
@oven/bun-darwin-aarch64
0.1.7
npm
@oven/bun-darwin-aarch64
0.5.0
npm
@oven/bun-darwin-aarch64
0.5.1-canary.20230124.1
npm
@oven/bun-darwin-aarch64
0.5.1-canary.20230125.1
npm
@oven/bun-darwin-aarch64
0.5.1-canary.ff6fb58
npm
@oven/bun-darwin-aarch64
0.5.1-canary
npm
@oven/bun-darwin-aarch64
0.5.10-canary.20230407.1
npm
@oven/bun-darwin-aarch64
0.5.10-canary.20230407.2
npm
@oven/bun-darwin-aarch64
0.5.1
npm
@oven/bun-darwin-aarch64
0.5.2-canary.20230126.1
npm
@oven/bun-darwin-aarch64
0.5.2-canary.20230128.1
npm
@oven/bun-darwin-aarch64
0.5.2-canary.20230128.2
npm
@oven/bun-darwin-aarch64
0.5.2-canary.20230130.1
npm
@oven/bun-darwin-aarch64
0.5.2-canary.20230201.1
npm
@oven/bun-darwin-aarch64
0.5.2-canary.20230201.2
npm
@oven/bun-darwin-aarch64
0.5.2
npm
@oven/bun-darwin-aarch64
0.5.3
npm
@oven/bun-darwin-aarch64
0.5.4
npm
@oven/bun-darwin-aarch64
0.5.5-canary.20230202.1
npm
@oven/bun-darwin-aarch64
0.5.5-canary.20230203.1
npm
@oven/bun-darwin-aarch64
0.5.5-canary.20230204.1
npm
@oven/bun-darwin-aarch64
0.5.5-canary.20230205.1
npm
@oven/bun-darwin-aarch64
0.5.5-canary.20230206.1
npm
@oven/bun-darwin-aarch64
0.5.5-canary.20230207.1
npm
@oven/bun-darwin-aarch64
0.5.5-canary.20230207.2
npm
@oven/bun-darwin-aarch64
0.5.5-canary.20230208.1
npm
@oven/bun-darwin-aarch64
0.5.5-canary.20230209.1
npm
@oven/bun-darwin-aarch64
0.5.5
npm
@oven/bun-darwin-aarch64
0.5.6
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230210.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230211.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230212.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230213.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230214.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230215.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230216.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230217.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230218.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230219.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230220.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230221.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230222.1
npm
@oven/bun-darwin-aarch64
0.5.7-canary.20230223.1
npm
@oven/bun-darwin-aarch64
0.5.7
npm
@oven/bun-darwin-aarch64
0.5.8-canary.20230224.1
npm
@oven/bun-darwin-aarch64
0.5.8-canary.20230225.1
npm
@oven/bun-darwin-aarch64
0.5.8-canary.20230226.1
npm
@oven/bun-darwin-aarch64
0.5.8-canary.20230227.1
npm
@oven/bun-darwin-aarch64
0.5.8-canary.20230228.1
1-50 of 9,854
CVE-2026-24910 | Components Impacted | Sonatype Guide | Sonatype Guide
