CVE-2026-25155

Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0.

Published Feb 4, 2026

https://github.com/advisories/GHSA-vm6g-8r4h-22x8

CVSS ScoreHigh

7.1

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2026-25155

Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue has been patched in version 1.12.0.

Published Feb 4, 2026

https://github.com/advisories/GHSA-vm6g-8r4h-22x8

CVSS ScoreHigh

7.1


npm	@7x7cl/qwik-city	1.1.5-dev20230608174334
npm	@builder.io/qwik-city	1.1.2
npm	@builder.io/qwik-city	1.1.3
npm	@builder.io/qwik-city	1.1.4
npm	@builder.io/qwik-city	1.1.5-dev20230613130741
npm	@builder.io/qwik-city	1.1.5-dev20230614203751
npm	@builder.io/qwik-city	1.1.5-dev20230616144423
npm	@builder.io/qwik-city	1.1.5-dev20230616153210
npm	@builder.io/qwik-city	1.1.5-dev20230621170837
npm	@builder.io/qwik-city	1.1.5-dev20230622201058
npm	@builder.io/qwik-city	1.1.5-dev20230624194124
npm	@builder.io/qwik-city	1.1.5-dev20230625145153
npm	@builder.io/qwik-city	1.1.5-dev20230625184243
npm	@builder.io/qwik-city	1.1.5
npm	@builder.io/qwik-city	1.10.0
npm	@builder.io/qwik-city	1.11.0
npm	@builder.io/qwik-city	1.2.0
npm	@builder.io/qwik-city	1.2.10
npm	@builder.io/qwik-city	1.2.11
npm	@builder.io/qwik-city	1.2.12
npm	@builder.io/qwik-city	1.2.13
npm	@builder.io/qwik-city	1.2.14
npm	@builder.io/qwik-city	1.2.15
npm	@builder.io/qwik-city	1.2.16
npm	@builder.io/qwik-city	1.2.17
npm	@builder.io/qwik-city	1.2.18
npm	@builder.io/qwik-city	1.2.19
npm	@builder.io/qwik-city	1.2.1
npm	@builder.io/qwik-city	1.2.2
npm	@builder.io/qwik-city	1.2.3
npm	@builder.io/qwik-city	1.2.4
npm	@builder.io/qwik-city	1.2.5
npm	@builder.io/qwik-city	1.2.6
npm	@builder.io/qwik-city	1.2.7
npm	@builder.io/qwik-city	1.2.8
npm	@builder.io/qwik-city	1.2.9
npm	@builder.io/qwik-city	1.3.0
npm	@builder.io/qwik-city	1.3.1
npm	@builder.io/qwik-city	1.3.2
npm	@builder.io/qwik-city	1.3.3
npm	@builder.io/qwik-city	1.3.4
npm	@builder.io/qwik-city	1.3.5-dev20240115120240
npm	@builder.io/qwik-city	1.3.5-dev20240116193719
npm	@builder.io/qwik-city	1.3.5-dev20240116223932
npm	@builder.io/qwik-city	1.3.5-dev20240117132718
npm	@builder.io/qwik-city	1.3.5-dev20240117164556
npm	@builder.io/qwik-city	1.3.5-dev20240118082237
npm	@builder.io/qwik-city	1.3.5
npm	@builder.io/qwik-city	1.4.0-dev20240121214221
npm	@builder.io/qwik-city	1.4.0-dev20240125130426

Ecosystem	Package	Version


npm	@7x7cl/qwik-city	1.1.5-dev20230608174334
npm	@builder.io/qwik-city	1.1.2
npm	@builder.io/qwik-city	1.1.3
npm	@builder.io/qwik-city	1.1.4
npm	@builder.io/qwik-city	1.1.5-dev20230613130741
npm	@builder.io/qwik-city	1.1.5-dev20230614203751
npm	@builder.io/qwik-city	1.1.5-dev20230616144423
npm	@builder.io/qwik-city	1.1.5-dev20230616153210
npm	@builder.io/qwik-city	1.1.5-dev20230621170837
npm	@builder.io/qwik-city	1.1.5-dev20230622201058
npm	@builder.io/qwik-city	1.1.5-dev20230624194124
npm	@builder.io/qwik-city	1.1.5-dev20230625145153
npm	@builder.io/qwik-city	1.1.5-dev20230625184243
npm	@builder.io/qwik-city	1.1.5
npm	@builder.io/qwik-city	1.10.0
npm	@builder.io/qwik-city	1.11.0
npm	@builder.io/qwik-city	1.2.0
npm	@builder.io/qwik-city	1.2.10
npm	@builder.io/qwik-city	1.2.11
npm	@builder.io/qwik-city	1.2.12
npm	@builder.io/qwik-city	1.2.13
npm	@builder.io/qwik-city	1.2.14
npm	@builder.io/qwik-city	1.2.15
npm	@builder.io/qwik-city	1.2.16
npm	@builder.io/qwik-city	1.2.17
npm	@builder.io/qwik-city	1.2.18
npm	@builder.io/qwik-city	1.2.19
npm	@builder.io/qwik-city	1.2.1
npm	@builder.io/qwik-city	1.2.2
npm	@builder.io/qwik-city	1.2.3
npm	@builder.io/qwik-city	1.2.4
npm	@builder.io/qwik-city	1.2.5
npm	@builder.io/qwik-city	1.2.6
npm	@builder.io/qwik-city	1.2.7
npm	@builder.io/qwik-city	1.2.8
npm	@builder.io/qwik-city	1.2.9
npm	@builder.io/qwik-city	1.3.0
npm	@builder.io/qwik-city	1.3.1
npm	@builder.io/qwik-city	1.3.2
npm	@builder.io/qwik-city	1.3.3
npm	@builder.io/qwik-city	1.3.4
npm	@builder.io/qwik-city	1.3.5-dev20240115120240
npm	@builder.io/qwik-city	1.3.5-dev20240116193719
npm	@builder.io/qwik-city	1.3.5-dev20240116223932
npm	@builder.io/qwik-city	1.3.5-dev20240117132718
npm	@builder.io/qwik-city	1.3.5-dev20240117164556
npm	@builder.io/qwik-city	1.3.5-dev20240118082237
npm	@builder.io/qwik-city	1.3.5
npm	@builder.io/qwik-city	1.4.0-dev20240121214221
npm	@builder.io/qwik-city	1.4.0-dev20240125130426

Find vulnerabilities. Fix fast with AI.

CVE-2026-25155

CVE-2026-25155