| CVE-2026-42573 |
medium |
— |
5.5 |
|
|
|
15d ago |
Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State |
| CVE-2026-42567 |
medium |
— |
5.5 |
|
|
|
15d ago |
Svelte: ReDoS in `<svelte:element>` Tag Validation |
| CVE-2026-42599 |
medium |
— |
5.5 |
|
|
|
15d ago |
Svelte SSR vulnerable to cross-site scripting via spread attributes |
| CVE-2026-27902 |
unknown |
— |
— |
|
|
|
3mo ago |
Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers |
| CVE-2026-27901 |
unknown |
— |
— |
|
|
|
3mo ago |
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent` |
| CVE-2026-27125 |
unknown |
— |
— |
|
|
|
3mo ago |
Svelte SSR attribute spreading includes inherited properties from prototype chain |
| CVE-2026-27122 |
unknown |
— |
— |
|
|
|
3mo ago |
Svelte SSR does not validate dynamic element tag names in `<svelte:element>` |
| CVE-2026-27121 |
unknown |
— |
— |
|
|
|
3mo ago |
Svelte affected by cross-site scripting via spread attributes in Svelte SSR |
| CVE-2026-27119 |
unknown |
— |
— |
|
|
|
3mo ago |
Svelte affected by XSS in SSR `<option>` element |
| CVE-2025-15265 |
unknown |
— |
— |
|
|
|
4mo ago |
svelte vulnerable to Cross-site Scripting |
| CVE-2024-45047 |
unknown |
— |
— |
|
|
|
2y ago |
Svelte has a potential mXSS vulnerability due to improper HTML escaping |
| CVE-2022-25875 |
unknown |
— |
— |
|
|
|
4y ago |
Svelte vulnerable to XSS when using objects during server-side rendering |