Full-stack <head> manager built for any framework.
99%
Total Score
100
94
100
100
100
| Title | Versions | Severity |
|---|---|---|
AIKIDO-2026-463850 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. unhead is vulnerable to Cross-Site Scripting (XSS) in versions 3.0.0 - 3.1.6. | 3.0.0 - 3.1.6 | Medium |
CVE-2026-39315 unhead is vulnerable to Incomplete List of Disallowed Inputs in versions 0.0.0 - 2.1.13. | 0.0.0 - 2.1.13 | Medium |
AIKIDO-2026-10361 Pre-CVE Found by Aikido Intel before public disclosure or CVE publication. unhead is vulnerable to Prototype Pollution in versions 0.0.1 - 2.1.11. | 0.0.1 - 2.1.11 | Medium |
AIKIDO-2026-10348 unhead is vulnerable to Cross-Site Scripting in versions 0.0.1 - 2.1.10. | 0.0.1 - 2.1.10 | High |
CVE-2026-31873 unhead is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in versions 0.0.0 - 2.1.10. | 0.0.0 - 2.1.10 | Low |
| Dependency | Last Release | Score |
|---|---|---|
hookable Version ^6.1.1 | — | — |
unplugin Version ^3.3.0 | — | — |
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant