Capricorn86 Happy Dom vulnerabilities
2 known vulnerabilities affecting capricorn86/happy_dom.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-33943P2CRITICALCVSS 9.8≥ 15.10.0, < 20.8.82026-03-27
CVE-2026-33943 [CRITICAL] CWE-94 CVE-2026-33943: Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In v
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. In versions 15.10.0 through 20.8.7, a code injection vulnerability in `ECMAScriptModuleCompiler` allows an attacker to achieve Remote Code Execution (RCE) by injecting arbitrary JavaScript expressions inside `export { }` declarations in ES module scripts
nvd
CVE-2026-34226P3HIGHCVSS 7.5fixed in 20.8.92026-03-27
CVE-2026-34226 [HIGH] CWE-201 CVE-2026-34226: Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Vers
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { credentials: "include" })` is used. This can leak cookies from origin A to destination B. Version 20.8.9 fixes
nvd