To report a vulnerability, please privately report it via the Security tab on the correct GitHub repository (see documentation). If that is impossible, feel free to send an email to security@nuxtjs.org instead.
All security vulnerabilities will be promptly verified and addressed.
While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Nuxt and other dependencies by maintaining lock files (yarn.lock, package-lock.json and pnpm-lock.yaml) in order to ensure your application remains as secure as possible.