GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
7 advisories
Vite's `server.fs` settings were not applied to HTML files
Low
CVE-2025-58752
was published
for
vite
(npm)
Sep 9, 2025
devalue prototype pollution vulnerability
High
CVE-2025-57820
was published
for
devalue
(npm)
Aug 26, 2025
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params
Moderate
CVE-2025-32388
was published
for
@sveltejs/kit
(npm)
Apr 14, 2025
@sveltejs/kit has unescaped error message included on error page
Low
CVE-2024-53262
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
Sending a GET or HEAD request with a body crashes SvelteKit
High
CVE-2024-23641
was published
for
@sveltejs/adapter-node
(npm)
Jan 24, 2024
SvelteKit framework has Insufficient CSRF protection for CORS requests
High
CVE-2023-29008
was published
for
@sveltejs/kit
(npm)
Apr 7, 2023
SvelteKit vulnerable to Cross-Site Request Forgery
High
CVE-2023-29003
was published
for
@sveltejs/kit
(npm)
Apr 4, 2023
ProTip!
Advisories are also available from the
GraphQL API