vite vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-53632Mediumlaunch-editor: launch-editor: NTLMv2 hash disclosure via UNC path handling on WindowsCVE-2026-53571Highvite: vite: `server.fs.deny` bypass on Windows alternate pathsCVE-2024-52011Highlaunch-editor: launch-editor vulnerable to command injection via the crafted request on WindowsCVE-2026-39365Mediumvite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` HandlingCVE-2026-39364Highvite: Vite: `server.fs.deny` bypassed with queriesCVE-2026-39363Highvite: Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocketCVE-2025-62522Mediumvite: vite allows server.fs.deny bypass via backslash on WindowsCVE-2025-58751Lowvite: Vite middleware may serve files starting with the same name with the public directoryCVE-2025-58752Lowvite: Vite's `server.fs` settings were not applied to HTML filesCVE-2025-46565Mediumvite: Vite's server.fs.deny bypassed with /. for files under project rootCVE-2025-32395Mediumvite: Vite has an `server.fs.deny` bypass with an invalid `request-target`CVE-2025-31486Mediumvite: Vite allows server.fs.deny to be bypassed with .svg or relative pathsCVE-2025-31125Mediumvite: Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` queryCVE-2025-30208Mediumvite: Vite bypasses server.fs.deny when using ?raw??CVE-2025-24010Mediumvite: Websites were able to send any requests to the development server and read the response in viteCVE-2024-45812Mediumvite: Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSSCVE-2024-45811Mediumvite: Vite's `server.fs.deny` is bypassed when using `?import&raw`CVE-2024-31207Mediumvite: Vite's `server.fs.deny` did not deny requests for patterns with directories.CVE-2024-23331Highvite: Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystemCVE-2023-49293Mediumvite: Vite XSS vulnerability in `server.transformIndexHtml` via URL payloadCVE-2023-34092Highvite: Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)CVE-2022-35204Highvite: Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service

Stop the waste.
Protect your environment with Kodem.