Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

vite

npm · Native-ESM powered web dev build tool · Repository · Package

Security Advisories for vite in npm

Low
22 days ago

Vite middleware may serve files starting with the same name with the public directory GSA_kwCzR0hTQS1nNGpxLWgydzktOTk3Y84ABL5N

npm vite
Low
22 days ago

Vite's `server.fs` settings were not applied to HTML files GSA_kwCzR0hTQS1qcWZ3LXZxMjQtdjljM84ABL5M

npm vite
Moderate
5 months ago

Vite's server.fs.deny bypassed with /. for files under project root GSA_kwCzR0hTQS04NTl3LTU5NDUtcjV2M84ABHSm

npm vite
Moderate
6 months ago

Vite has an `server.fs.deny` bypass with an invalid `request-target` GSA_kwCzR0hTQS0zNTZ3LTYzdjUtOHdmNM4ABGt0

npm vite
Moderate
6 months ago

Vite allows server.fs.deny to be bypassed with .svg or relative paths GSA_kwCzR0hTQS14Y2o2LXBxNmctcWo0eM4ABGau

npm vite
Moderate
6 months ago

Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query GSA_kwCzR0hTQS00cjRtLXF3NTctY2hyOM4ABGJV

npm vite
Moderate
6 months ago

Vite bypasses server.fs.deny when using ?raw?? GSA_kwCzR0hTQS14NTc0LW04MjMtNHg3d84ABF5T

npm vite
Moderate
8 months ago

Websites were able to send any requests to the development server and read the response in vite GSA_kwCzR0hTQS12ZzZ4LXJjZ2ctcmp4Ns4ABDou

npm vite
Moderate
about 1 year ago

Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS GSA_kwCzR0hTQS02NHZyLWc0NTItcXZwM84AA_m5

npm vite
Moderate
about 1 year ago

Vite's `server.fs.deny` is bypassed when using `?import&raw` GSA_kwCzR0hTQS05Y3d4LTI4ODMtNHdmeM4AA_m4

npm vite
Moderate
over 1 year ago

Vite's `server.fs.deny` did not deny requests for patterns with directories. GSA_kwCzR0hTQS04amh3LTI4OWgtamgyZ84AA6l1

npm vite
High
over 1 year ago

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem GSA_kwCzR0hTQS1jMjR2LThyZmMtdzh2d84AA4lu

npm vite
Moderate
almost 2 years ago

Vite XSS vulnerability in `server.transformIndexHtml` via URL payload GSA_kwCzR0hTQS05MnIzLW0ybWctcGo5N84AA3lD

npm vite
High
over 2 years ago

Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) GSA_kwCzR0hTQS0zNTNmLTV4ZjQtcXc2N84AAzpR

npm vite
High
about 3 years ago

Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service GSA_kwCzR0hTQS1tdjQ4LWhjdmgtOGpqOM4AAuGt

npm vite

Filter by Severity

Moderate 10 High 3 Low 2