| CVE-2026-40074 |
unknown |
— |
— |
|
|
|
2mo ago |
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service |
| CVE-2026-40073 |
unknown |
— |
— |
|
|
|
2mo ago |
@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass |
| CVE-2026-22803 |
unknown |
— |
— |
|
|
|
4mo ago |
@sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata) |
| CVE-2025-67647 |
unknown |
— |
— |
|
|
|
4mo ago |
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering |
| CVE-2025-32388 |
unknown |
— |
— |
|
|
|
1y ago |
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params |
| CVE-2024-53261 |
unknown |
— |
— |
|
|
|
2y ago |
@sveltejs/kit vulnerable to XSS on dev mode 404 page |
| CVE-2024-53262 |
unknown |
— |
— |
|
|
|
2y ago |
@sveltejs/kit has unescaped error message included on error page |
| CVE-2024-23641 |
unknown |
— |
— |
|
|
|
2y ago |
Sending a GET or HEAD request with a body crashes SvelteKit |
| CVE-2023-29008 |
unknown |
— |
— |
|
|
|
3y ago |
SvelteKit framework has Insufficient CSRF protection for CORS requests |
| CVE-2023-29003 |
unknown |
— |
— |
|
|
|
3y ago |
SvelteKit vulnerable to Cross-Site Request Forgery |