VIR Vulnerability Intelligence Relay

Package impact

npm npm / vite

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-39364 high 7.5 7.5 2mo ago Vite: `server.fs.deny` bypassed with queries npm
CVE-2026-39363 high 7.5 7.5 2mo ago Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket npm
CVE-2026-39365 medium 5.3 5.3 2mo ago Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling npm
CVE-2025-31125 unknown 1.5 1y ago Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the n… npm
CVE-2025-62522 unknown 7mo ago vite allows server.fs.deny bypass via backslash on Windows npm
CVE-2025-58751 unknown 9mo ago Vite middleware may serve files starting with the same name with the public directory npm
CVE-2025-58752 unknown 9mo ago Vite's `server.fs` settings were not applied to HTML files npm
CVE-2025-46565 unknown 1y ago Vite's server.fs.deny bypassed with /. for files under project root npm
CVE-2025-32395 unknown 1y ago Vite has an `server.fs.deny` bypass with an invalid `request-target` susenpm
CVE-2025-31486 unknown 1y ago Vite allows server.fs.deny to be bypassed with .svg or relative paths npm
CVE-2025-30208 unknown 1y ago Vite bypasses server.fs.deny when using ?raw?? npm
CVE-2025-24010 unknown 1y ago Websites were able to send any requests to the development server and read the response in vite npm
CVE-2024-45812 unknown 2y ago Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS npm
CVE-2024-45811 unknown 2y ago Vite's `server.fs.deny` is bypassed when using `?import&raw` npm
CVE-2024-31207 unknown 2y ago Vite's `server.fs.deny` did not deny requests for patterns with directories. npm
CVE-2024-23331 unknown 2y ago Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem npm
CVE-2023-49293 unknown 3y ago Vite XSS vulnerability in `server.transformIndexHtml` via URL payload npm
CVE-2023-34092 unknown 3y ago Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) npm
CVE-2022-35204 unknown 4y ago Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service npm