Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

vite — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in vite, with AI-generated Chinese analysis, references, and POCs.

Vendor: vitejs

CVE IDTitleCVSSSeverityPaused
CVE-2026-39365 Vite has a Path Traversal in Optimized Deps `.map` Handling CWE-22 4.3 -2026-04-07
CVE-2026-39364 Vite has a `server.fs.deny` bypass with queries CWE-180 7.5 -2026-04-07
CVE-2026-39363 Vite Affected by Arbitrary File Read via Vite Dev Server WebSocket CWE-200 7.5 -2026-04-07
CVE-2025-62522 vite allows server.fs.deny bypass via backslash on Windows CWE-22 7.5AIHighAI2025-10-20
CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files CWE-23 4.7AIMediumAI2025-09-08
CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory CWE-22 5.3AIMediumAI2025-09-08
CVE-2025-46565 Vite's server.fs.deny bypassed with /. for files under project root CWE-22 6.5AIMediumAI2025-05-01
CVE-2025-32395 Vite has an `server.fs.deny` bypass with an invalid `request-target` CWE-200 7.5AIHighAI2025-04-10
CVE-2025-31486 Vite allows server.fs.deny to be bypassed with .svg or relative paths CWE-200 5.3 Medium2025-04-03
CVE-2025-31125 Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query CWE-200 5.3 Medium2025-03-31
CVE-2025-30208 Vite bypasses server.fs.deny when using `?raw??` CWE-200 5.3 Medium2025-03-24
CVE-2025-24010 Vite allows any websites to send any requests to the development server and read the response CWE-346 6.5 Medium2025-01-20
CVE-2024-45812 DOM Clobbering gadget found in vite bundled scripts that leads to XSS in Vite CWE-79 6.4 Medium2024-09-17
CVE-2024-45811 server.fs.deny bypassed when using ?import&raw in vite CWE-200 4.8 Medium2024-09-17
CVE-2024-31207 Vite's `server.fs.deny` did not deny requests for patterns with directories CWE-200 5.9 Medium2024-04-04
CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem CWE-178 7.5 High2024-01-19
CVE-2023-49293 Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite CWE-79 6.1 Medium2023-12-04
CVE-2023-34092 Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//) CWE-50 7.5 High2023-06-01

All 18 known CVE vulnerabilities affecting vite with full Chinese analysis, references, and POCs where available.