Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

h3

Ecosystem:
npm
Package URL:
pkg:npm/h3
Total PRs:
3,411 Dependabot PRs
Latest PR:
6 days ago
Unique Repositories:
1,631 repositories
Unique Repos (30 days):
42 repositories
Security Advisories
h3: Double Decoding in `serveStatic` Bypasses `resolveDotSegments` Path Traversal Protection via `%252e%252e`
GHSA-72gr-qfp7-vwhw MODERATE published 3 months ago • updated about 1 month ago
## Summary The `serveStatic` utility in h3 applies a redundant `decodeURI()` call to the request pathname after `H3Event` has already performed pe...
h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes
GHSA-2j6q-whv2-gh6w CVE-2026-33490 LOW published 3 months ago • updated 5 days ago
## Summary The `mount()` method in h3 uses a simple `startsWith()` check to determine whether incoming requests fall under a mounted sub-applicati...
h3: SSE Event Injection via Unsanitized Carriage Return (`\r`) in EventStream Data and Comment Fields (Bypass of CVE Fix)
GHSA-4hxc-9384-m385 MODERATE published 3 months ago • updated about 1 month ago
## Summary The `EventStream` class in h3 fails to sanitize carriage return (`\r`) characters in `data` and `comment` fields. Per the SSE specifica...
h3 has a middleware bypass with one gadget
GHSA-3vj8-jmxq-cgj5 CVE-2026-33131 HIGH published 3 months ago • updated 8 days ago
# H3 NodeRequestUrl bugs Vulnerable pieces of code : ```js import { H3, serve, defineHandler, getQuery, getHeaders, readBody, defineNodeHandler ...
h3 has an observable timing discrepancy in basic auth utils
GHSA-26f5-8h2x-34xh CVE-2026-33129 MODERATE published 3 months ago • updated 35 minutes ago
### Summary A Timing Side-Channel vulnerability exists in the `requireBasicAuth` function due to the use of unsafe string comparison (`!==`). This ...
View all 10 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
Bump the npm_and_yarn group across 2 directories with 6 updates

Nick2bad4u/Uptime-Watcher #169

1.15.5 → 1.15.11 Patch PR
Open 6 days ago 5 comments
Nick2bad4u
build(deps): bump the non-breaking-changes group across 1 directory with 58 updates

tianxin8848/tianxin-introduction-admin #46

1.15.5 → 1.15.11 Patch PR
Open 7 days ago 2 comments
tianxin8848
chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates

pinkpixel-dev/keyper #38

1.15.5 → 1.15.11 Patch PR
Open 10 days ago 1 comment
pinkpixel-dev
build(deps): bump the non-breaking-changes group across 1 directory with 84 updates

diyanshan/monorepo #35

1.15.10 → 1.15.11 Patch PR
Closed 12 days ago 1 comment
diyanshan
Bump the npm_and_yarn group across 2 directories with 14 updates

MomenMushtaha/worldcup-betting #1

1.15.4 → 1.15.11 Patch PR
Closed 16 days ago 1 comment
MomenMushtaha
fix: bump the npm-security group across 1 directory with 20 updates

janbiasi/rollup-plugin-sbom #313

1.15.5 → 1.15.11 Patch PR
Closed 17 days ago 2 comments
janbiasi
build(deps): bump the non-breaking-changes group across 1 directory with 73 updates

wht26/my-vben-admin #33

1.15.10 → 1.15.11 Patch PR
Closed 18 days ago 1 comment
wht26
chore(deps): bump the npm_and_yarn group across 1 directory with 19 updates

atze1210/aa-sdk #277

1.15.3 → 1.15.11 Patch PR
Open 19 days ago 2 comments
atze1210
chore(deps): bump the non-breaking-changes group across 1 directory with 62 updates

lehair/gaming-cms #42

1.15.5 → 1.15.11 Patch PR
Closed 19 days ago 1 comment
lehair
Bump the non-breaking-changes group across 1 directory with 61 updates

cg917658910/vben-ai-starter #34

1.15.5 → 1.15.11 Patch PR
Closed 20 days ago 1 comment
cg917658910
deps(deps): bump the npm-security group across 1 directory with 6 updates

sustanza/stargarden #46

1.15.6 → 1.15.11 Patch PR
Closed 22 days ago 4 comments
sustanza
Bump the npm_and_yarn group across 2 directories with 18 updates

BeulahPerry/scaffold-eth-2----scaffold-eth #54

1.15.3 → 1.15.11 Patch PR
Closed 23 days ago 1 comment
BeulahPerry
Bump h3 from 1.15.6 to 1.15.11

samu9nai/myblog #55

1.15.6 → 1.15.11 Patch PR
Open 24 days ago 1 comment
samu9nai
Bump the npm_and_yarn group across 1 directory with 7 updates

spaquet/mailcatcher #22

1.15.8 → 1.15.11 Patch PR
Closed 25 days ago 1 comment
spaquet
Bump the non-breaking-changes group across 1 directory with 70 updates

feipeng21/My-vue-vben-admin #36

1.15.10 → 1.15.11 Patch PR
Closed 25 days ago 2 comments
feipeng21
build(deps): bump the minor-js-updates group across 1 directory with 26 updates

myparcelnl/js-pdk #341

1.15.5 → 1.15.11 Patch PR
Open 28 days ago 1 comment
myparcelnl
chore(deps): bump the npm_and_yarn group across 1 directory with 8 updates

Fused-Gaming/vln #267

1.15.5 → 1.15.11 Patch PR
Open 29 days ago 4 comments
Fused-Gaming
chore(deps): bump the npm_and_yarn group across 1 directory with 15 updates

atze1210/aa-sdk #264

1.15.3 → 1.15.11 Patch PR
Open 29 days ago 2 comments
atze1210
chore(deps): bump the minor-and-patch group across 1 directory with 27 updates

chris23lngr/vs3 #116

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 4 comments
chris23lngr
Bump the npm_and_yarn group across 6 directories with 9 updates

abdurrazzak7395-rgb/workflow #20

1.15.4 → 1.15.9 Patch PR
Closed about 1 month ago 1 comment
abdurrazzak7395-rgb
deps: bump the misc group across 1 directory with 58 updates

musosoft/lamateam-web #98

1.15.10 → 1.15.11 Patch PR
Open about 1 month ago 3 comments
musosoft
chore(deps): bump the npm_and_yarn group across 3 directories with 11 updates

openfort-xyz/ecosystem-sample #51

1.15.4 → 1.15.11 Patch PR
Open about 1 month ago 1 comment
openfort-xyz
chore(deps): bump the npm_and_yarn group across 3 directories with 19 updates

Wbaker7702/onchainkit #35

1.15.5 → 1.15.11 Patch PR
Open about 1 month ago 2 comments
Wbaker7702
chore(deps): bump the non-breaking-changes group across 1 directory with 62 updates

vurtnr/platform #25

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
vurtnr
Bump the non-breaking-changes group across 1 directory with 62 updates

jacky0996/EDM #54

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
jacky0996
build(deps): bump the npm_and_yarn group across 13 directories with 9 updates

snewmanri/learning-vue-app #29

1.15.1 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
snewmanri
chore(deps): bump the non-breaking-changes group across 1 directory with 64 updates

3323939337/cqkjdx-htgl-web #34

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
3323939337
chore(deps): bump the npm_and_yarn group across 3 directories with 5 updates

Dargon789/wagmi #500

1.15.4 → 1.15.5 Patch PR
Open about 1 month ago 3 comments
Dargon789
Bump the non-breaking-changes group with 57 updates

hellopan123/task-flow-admin #14

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
hellopan123
deps: bump the misc group across 1 directory with 54 updates

musosoft/lamateam-web #96

1.15.10 → 1.15.11 Patch PR
Open about 1 month ago 2 comments
musosoft
chore(deps-dev): bump h3 from 1.15.5 to 1.15.11

ribrewguy/nuxt-openfeature #71

1.15.5 → 1.15.11 Patch PR
Open about 1 month ago 1 comment
ribrewguy
deps(deps): bump the other-deps group across 1 directory with 105 updates

vox-celeste/bloodletter #33

1.15.5 → 1.15.11 Patch PR
Open about 1 month ago 1 comment
vox-celeste
build(deps): bump the npm_and_yarn group across 4 directories with 17 updates

Dargon789/aa-sdk #143

1.15.3 → 1.15.11 Patch PR
Open about 1 month ago 2 comments
Dargon789
Bump the npm_and_yarn group across 1 directory with 12 updates

jayvicsanantonio/joelhooks-astro #2

1.15.5 → 1.15.11 Patch PR
Open about 1 month ago 1 comment
jayvicsanantonio
build(deps): bump the npm_and_yarn group across 1 directory with 10 updates

GrantBirki/blueprint #10

1.15.5 → 1.15.11 Patch PR
Open about 1 month ago 1 comment
GrantBirki
Bump the npm_and_yarn group across 2 directories with 15 updates

Dargon789/template-ethereum-contracts #256

1.15.5 → 1.15.11 Patch PR
Open about 1 month ago 3 comments
Dargon789
chore(deps): bump the npm_and_yarn group across 2 directories with 28 updates

MTES-MCT/resorption-bidonvilles #1469

1.15.5 → 1.15.11 Patch PR
Open about 1 month ago 2 comments
MTES-MCT
chore(deps): bump the npm-minor-patch group with 276 updates

weiyb852/VoiceHub-93b43 #13

1.15.5 → 1.15.11 Patch PR
Open about 1 month ago 1 comment
weiyb852
chore(deps): bump the non-breaking-changes group with 82 updates

doweinide/vue3-vben3-NexusChat #11

1.15.4 → 1.15.11 Patch PR
Open about 1 month ago 18 comments
doweinide
chore(deps): bump the npm_and_yarn group across 3 directories with 8 updates

iberi22/xavier2 #147

1.15.6 → 1.15.11 Patch PR
Open about 1 month ago 2 comments
iberi22
chore(deps): bump the non-breaking-changes group across 1 directory with 69 updates

xiaozhuangping-cpu/vben-admin-new #25

1.15.10 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
xiaozhuangping-cpu
deps: bump the misc group across 1 directory with 51 updates

musosoft/lamateam-web #93

1.15.10 → 1.15.11 Patch PR
Closed about 1 month ago 3 comments
musosoft
Bump the non-breaking-changes group across 1 directory with 46 updates

model-five-tech/Chatroom_admin #67

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
model-five-tech
chore(deps): bump the npm_and_yarn group across 4 directories with 23 updates

gsinghjay/astro-shadcn-sanity #674

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
gsinghjay
chore(deps): bump the non-breaking-changes group across 1 directory with 68 updates

xiaozhuangping-cpu/vben-admin-new #24

1.15.10 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
xiaozhuangping-cpu
build(deps): bump the non-breaking-changes group across 1 directory with 50 updates

tianxin8848/tianxin-introduction-admin #39

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 2 comments
tianxin8848
deps(deps): bump the other-deps group across 1 directory with 103 updates

vox-celeste/bloodletter #32

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 2 comments
vox-celeste
deps: bump the misc group across 1 directory with 49 updates

musosoft/lamateam-web #92

1.15.10 → 1.15.11 Patch PR
Open about 1 month ago 2 comments
musosoft
build(deps): bump the non-breaking-changes group across 1 directory with 61 updates

Wangxiangyu1995/Comprehensive-Medical-Management-System #23

1.15.8 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
Wangxiangyu1995
chore(deps): bump the non-breaking-changes group across 1 directory with 60 updates

lehair/gaming-cms #35

1.15.5 → 1.15.11 Patch PR
Closed about 1 month ago 1 comment
lehair
Package Details
Name: h3
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/h3
JSON API: View JSON
Security Advisories

10

Active advisories
HIGH 3
MODERATE 6
LOW 1
View All npm Advisories
Package Information
Description:

Minimal H(TTP) framework built for high performance and portability.

Repository: https://github.com/unjs/h3
Homepage: https://github.com/unjs/h3#readme
Latest Release: 2.0.0
over 9 years ago
Dependent Repos: 10,648
Dependent Packages: 330
Downloads: 8,844,294
Ranking: Top 0.2447% by dependent repos Top 0.1619% by downloads Top 0.1607% by dependent pkgs
PR Status
Open 1,500 (44.0%)
Merged 11 (0.3%)
Closed 1,787 (52.4%)
PR Types
Major 7 (0.2%)
Minor 288 (8.4%)
Patch 2,963 (86.9%)
Removal 1 (0.0%)