汇总 usebruno 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本与开放重定向 相关,可能在 软件部署与生产负载 场景中带来 会话劫持 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-34841 | Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan (RAT). Users of @usebruno/cli who ran npm install between 00:21 UTC and ~03:30 UTC on March 31, 2026 may have been impacted. Upgrade to 3.2.1 | [email protected] | 9.8 | 0.23% | 2026-04-06 | 2026-06-17 |
| CVE-2025-30354 | Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This vulnerability's attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user—specifically, downlo | [email protected] | 8.7 | 0.36% | 2025-04-01 | 2026-06-17 |
| CVE-2025-30210 | Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content (in this case the Environment name) as raw HTML which then gets injected into DOM on hover. This, combined with loose Content Security Policy restrictions, allowed any valid HTML text containing inline script to get executed on hovering over the respective Environment's name. This vulnerability's attack surface is limited strictly | [email protected] | 8.7 | 0.26% | 2025-04-01 | 2026-06-17 |
| CVE-2024-48463 | Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer. | [email protected] | 6.5 | 0.62% | 2024-11-04 | 2026-06-17 |