Package impact
npm / vite
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39364 | high | 7.5 | 7.5 | 2mo ago | Vite: `server.fs.deny` bypassed with queries | |||
| CVE-2026-39363 | high | 7.5 | 7.5 | 2mo ago | Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket | |||
| CVE-2025-31125 | unknown | — | 1.5 | 1y ago | Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the n… | |||
| CVE-2024-52011 | unknown | — | — | 3d ago | launch-editor vulnerable to command injection via the crafted request on Windows |