Webpack Support & Health

Health Metrics

Project Health at a Glance

Live data from GitHub and npm, updated daily.

⭐

65.8K

GitHub Stars

📦

v5.106.2

Latest Release · 1 months ago

🔄

13d

Avg. Release Cadence

🐛

202

Open Issues

📅

Today

Last Commit

⬇️

47.8M

Weekly Downloads

🔒

Active CVEs

Data last fetched: 2026-05-15

Security

Known Vulnerabilities

4 active CVEs reported via OSV.dev

GHSA-38r7-794h-5758 CVSS_V3

webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects → SSRF + cache persistence

Published: 2026-02-05 Fixed in: 5.104.0

GHSA-4vvj-4cpr-p986 CVSS_V3

Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS

Published: 2024-08-27 Fixed in: 5.94.0

GHSA-8fgc-7cc6-rx7x CVSS_V3

webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior

Published: 2026-02-05 Fixed in: 5.104.1

GHSA-hc6q-2mpp-qw7j CVSS_V3

Cross-realm object access in Webpack 5

Published: 2023-03-13 Fixed in: 5.76.0

Ecosystem

Alternatives to Webpack

Other Build Tool projects in the Node.js ecosystem worth evaluating.

vite → parcel → rollup →

Get Help

Support Options for Webpack

Enterprise Support via DepKeep

Get SLA-backed support, security patches, and direct access to senior engineers for Webpack — without relying on volunteer maintainers.

Talk to an Expert →

Community Channels

GitHub Discussions →Stack Overflow →