Effect Project Effect vulnerabilities
2 known vulnerabilities affecting effect_project/effect.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-7624P2CRITICALCVSS 9.8≤ 1.0.4vAll versions including 1.0.42020-04-02
CVE-2020-7624 [CRITICAL] CWE-78 CVE-2020-7624: effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command vi
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument.
ghsanvdosv
CVE-2026-32887P3HIGH≥ 0, < 3.20.02026-03-20
CVE-2026-32887 [HIGH] CWE-362 Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC
Effect `AsyncLocalStorage` context lost/contaminated inside Effect fibers under concurrent load with RPC
## Versions
- `effect`: 3.19.15
- `@effect/rpc`: 0.72.1
- `@effect/platform`: 0.94.2
- Node.js: v22.20.0
- Vercel runtime with Fluid compute
- Next.js: 16 (App Router)
- `@clerk/nextjs`: 6.x
## Root cause
Effect's `MixedScheduler` batches fiber continuatio
ghsaosv