SecAlerts
CVE ListPricingSign Up
vitejs logo

vitejs

Security Risk Profile

38
/100
low

Security Risk Score

Comprehensive risk assessment based on 13 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from August 18, 2022 to present

13
Total CVEs
7
Critical+High
2
Exploited
0
Unpatched

Threat Assessment

Avg CVSS
6.5
Base severity
Avg EPSS
8%
Exploit probability
Unpatched
0
Critical/High
Risk Level
38/100
low
⚠️ 2 Active Exploits

Severity Distribution

Critical
0
High
7
Medium
4
Low
2

Exploit Likelihood

>50% chance
0
20-50%
1
5-20%
0
<5%
4

Age Distribution

Common Weaknesses (CWE)

1
Infoleak
8
2
Path Traversal
4
3
XSS
1

Most Affected Products

1. vitejs Vite Node.js69
2. npm/vite49
3. Vite Vite10
4. IBM Concert Software4
5. Voidzero Vite\+ Node.js3

Recent Vulnerabilities

See more →
CVE-2026-39365
CVSS 6.3medium

Vite has a Path Traversal in Optimized Deps `.map` Handling

4/6/2026
CVE-2026-39364
CVSS 8.2high

Vite has a `server.fs.deny` bypass with queries

4/6/2026
CVE-2026-39363
CVSS 8.2high

Vite Affected by Arbitrary File Read via Vite Dev Server WebSocket

4/6/2026
CVE-2025-58752
CVSS 2.3low

Vite's `server.fs` settings were not applied to HTML files

9/8/2025
CVE-2025-58751
CVSS 2.3low

Vite middleware may serve files starting with the same name with the public directory

9/8/2025
CVE-2025-46565
CVSS 6.0EPSS 0%medium

Vite's server.fs.deny bypassed with /. for files under project root

4/30/2025
CVE-2025-31125
CVSS 7.5EPSS 0%high

Vite Vitejs Improper Access Control Vulnerability

3/31/2025⚠ Exploited
CVE-2025-30208
CVSS 7.5EPSS 40%high

Vite bypasses server.fs.deny when using `?raw??`

3/24/2025⚠ Exploited
CVE-2025-24010
CVSS 6.5EPSS 0%medium

Vite allows any websites to send any requests to the development server and read the response

1/20/2025
CVE-2024-23331
CVSS 7.5EPSS 0%high

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

1/19/2024

Monitor vitejs in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

vitejs Security Vulnerabilities & Risk Score | 13 CVEs | SecAlerts - SecAlerts