Latest vulnerabilities for vendor "vitejs"

Where

Sort:

Software

vitejs vite node.js

npm/viteVite has a Path Traversal in Optimized Deps `.map` Handling

Risk 29

Severity

6.3

First published (updated )

CVE-2026-39365

npm/viteVite has a `server.fs.deny` bypass with queries

Risk 43

Severity

8.2

First published (updated )

CVE-2026-39364

npm/viteVite Affected by Arbitrary File Read via Vite Dev Server WebSocket

Risk 43

Severity

8.2

First published (updated )

CVE-2026-39363

npm/viteVite's `server.fs` settings were not applied to HTML files

Risk 27

Severity

2.3

First published (updated )

CVE-2025-58752

npm/viteVite middleware may serve files starting with the same name with the public directory

Risk 27

Severity

2.3

First published (updated )

CVE-2025-58751

npm/viteVite's server.fs.deny bypassed with /. for files under project root

Risk 25

Severity

EPSS

0.07%

First published (updated )

CVE-2025-46565

Vite ViteVite Vitejs Improper Access Control Vulnerability

Risk 65

Severity

7.5

Exploited

EPSS

0.03%

First published (updated )

CVE-2025-31125

npm/viteVite bypasses server.fs.deny when using `?raw??`

Risk 65

Severity

7.5

Exploited

EPSS

40.27%

First published (updated )

CVE-2025-30208

npm/viteVite allows any websites to send any requests to the development server and read the response

Risk 27

Severity

6.5

EPSS

0.04%

First published (updated )

CVE-2025-24010

npm/viteVite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Risk 31

Severity

7.5

EPSS

0.07%

First published (updated )

CVE-2024-23331

vitejs Vite Node.jsCross-site Scripting in `server.transformIndexHtml` via URL payload in vite

Risk 38

Severity

6.1

First published (updated )

CVE-2023-49293

npm/viteVite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

Risk 45

Severity

7.5

First published (updated )

CVE-2023-34092

npm/vitePath Traversal

Risk 51

Severity

8.6

First published (updated )

CVE-2022-35204

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Trending

Vendor Risk Score

Software

npm/viteVite has a Path Traversal in Optimized Deps `.map` Handling

npm/viteVite has a `server.fs.deny` bypass with queries

npm/viteVite Affected by Arbitrary File Read via Vite Dev Server WebSocket

npm/viteVite's `server.fs` settings were not applied to HTML files

npm/viteVite middleware may serve files starting with the same name with the public directory

Don't miss critical vulnerabilities

npm/viteVite's server.fs.deny bypassed with /. for files under project root

Vite ViteVite Vitejs Improper Access Control Vulnerability

npm/viteVite bypasses server.fs.deny when using `?raw??`

npm/viteVite allows any websites to send any requests to the development server and read the response

npm/viteVite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Don't miss critical vulnerabilities

vitejs Vite Node.jsCross-site Scripting in `server.transformIndexHtml` via URL payload in vite

npm/viteVite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

npm/vitePath Traversal

Company

Resources

Contact