Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@sveltejs/kit

npm

SvelteKit is the fastest way to build Svelte apps

View on github.com · View on npmjs.org

Security Advisories for @sveltejs/kit in npm

Moderate
10 days ago

@sveltejs/kit: `query.batch` cross-talk GSA_kwCzR0hTQS1oZ3Y3LXYzMjItbW1ncs4ABXNQ

npm @sveltejs/kit
Moderate
about 2 months ago

@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service GSA_kwCzR0hTQS0zZjZoLTJocnAtdzV3eM4ABVFF

npm @sveltejs/kit
High
about 2 months ago

@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass GSA_kwCzR0hTQS0yY3JnLTNwNzMtNDN4cM4ABVFE

npm @sveltejs/kit
Low
3 months ago

SvelteKit has deserialization expansion in unvalidated `form` remote function leading to Denial of Service (experimental only) GSA_kwCzR0hTQS1mcGc0LWpocXItNTg5Y84ABS6-

npm @sveltejs/kit
Moderate
3 months ago

CPU exhaustion in SvelteKit remote form deserialization (experimental only) GSA_kwCzR0hTQS04OHFwLXA0cWctcnFtNs4ABSmn

npm @sveltejs/kit
Moderate
3 months ago

Memory exhaustion in SvelteKit remote form deserialization (experimental only) GSA_kwCzR0hTQS12cmhtLWd2ZzctZnBjZs4ABSmm

npm @sveltejs/kit
High
5 months ago

@sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata) GSA_kwCzR0hTQS1qMmYzLXdxNjItNnE0Ns4ABRHy

npm @sveltejs/kit
High
5 months ago

SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering GSA_kwCzR0hTQS1qNjJjLTR4NjItOXIzNc4ABRHw

npm @sveltejs/adapter-node, @sveltejs/kit
Moderate
about 1 year ago

@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params GSA_kwCzR0hTQS02cTg3LTg0anctY2pocM4ABGwR

npm @sveltejs/kit
Low
over 1 year ago

@sveltejs/kit vulnerable to XSS on dev mode 404 page GSA_kwCzR0hTQS1yamp2LTg3bXgtNngzaM4ABBvG

npm @sveltejs/kit
Low
over 1 year ago

@sveltejs/kit has unescaped error message included on error page GSA_kwCzR0hTQS1taDJ4LWZjcWgtZm1xds4ABBvF

npm @sveltejs/kit
High
over 2 years ago

Sending a GET or HEAD request with a body crashes SvelteKit GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX

npm @sveltejs/adapter-node, @sveltejs/kit
High
about 3 years ago

SvelteKit framework has Insufficient CSRF protection for CORS requests GSA_kwCzR0hTQS1ndjdnLXg1OXgtd2Y4Zs4AAyoO

npm @sveltejs/kit
High
about 3 years ago

SvelteKit vulnerable to Cross-Site Request Forgery GSA_kwCzR0hTQS01cDc1LXZjNWctOHJ2Ms4AAyiw

npm @sveltejs/kit

Filter by Severity

High 6 Moderate 5 Low 3