Nuxt security posture
Review linked rules in the directory and use Composer to export guardrails for your IDE. Detailed posture metrics will appear here as the catalog grows.
2 linked rules in the directory.
Top risks for this stack
00 critical02 high
Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`MEDIUM
May 2026
Rule coverage exists — verify in Composer export.
Nuxt: Reflected XSS in `navigateTo()` external redirectMEDIUM
May 2026
Rule coverage exists — verify in Composer export.
Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route RulesMEDIUM
May 2026
Rule coverage exists — verify in Composer export.
Nitro has a proxy scope bypass via percent-encoded path traversal in `routeRules`MEDIUM
May 2026
Rule coverage exists — verify in Composer export.
H3: Unbounded Chunked Cookie Count in Session Cleanup Loop may Lead to Denial of ServiceMEDIUM
Mar 2026
Rule coverage exists — verify in Composer export.
h3 has a middleware bypass with one gadgetHIGH
Mar 2026
Rule coverage exists — verify in Composer export.
h3 has an observable timing discrepancy in basic auth utilsMEDIUM
Mar 2026
Rule coverage exists — verify in Composer export.
h3 has a Server-Sent Events Injection via Unsanitized Newlines in Event Stream FieldsHIGH
Mar 2026
Rule coverage exists — verify in Composer export.