svelte vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-F3CJ-J4F6-WQ85Mediumsvelte: Svelte: SSR XSS via Insecure Promise Serialization in hydratableCVE-2026-42573Mediumsvelte: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework StateCVE-2026-42567Mediumsvelte: Svelte: ReDoS in `<svelte:element>` Tag ValidationCVE-2026-42599Mediumsvelte: Svelte SSR vulnerable to cross-site scripting via spread attributesCVE-2026-27902Mediumsvelte: Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration MarkersCVE-2026-27901Mediumsvelte: Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`CVE-2026-27125Mediumsvelte: Svelte SSR attribute spreading includes inherited properties from prototype chainCVE-2026-27122Mediumsvelte: Svelte SSR does not validate dynamic element tag names in `<svelte:element>`CVE-2026-27121Mediumsvelte: Svelte affected by cross-site scripting via spread attributes in Svelte SSRCVE-2026-27119Mediumsvelte: Svelte affected by XSS in SSR `<option>` elementGHSA-GW32-9RMW-QWWWHighsvelte: svelte is vulnerable to XSS with textarea bind:valueCVE-2025-15265Mediumsvelte: svelte vulnerable to Cross-site ScriptingCVE-2024-45047Mediumsvelte: Svelte has a potential mXSS vulnerability due to improper HTML escapingCVE-2022-25875Mediumsvelte: Svelte vulnerable to XSS when using objects during server-side rendering

Stop the waste.
Protect your environment with Kodem.