Package impact
npm / vite
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39364 | high | 7.5 | 7.5 | 2mo ago | Vite: `server.fs.deny` bypassed with queries | |||
| CVE-2026-39363 | high | 7.5 | 7.5 | 2mo ago | Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket | |||
| CVE-2026-39365 | medium | 5.3 | 5.3 | 2mo ago | Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling | |||
| CVE-2025-31125 | unknown | — | 1.5 | 1y ago | Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the n… |