Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

sveltejs — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting sveltejs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by sveltejs:kitsveltedevalue
CVE IDTitleCVSSSeverityPublished
CVE-2026-40074 SvelteKit's invalidated redirect in handle hook causes Denial-of-Service — kitCWE-755 6.5 -2026-04-10
CVE-2026-40073 SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node — kitCWE-770 5.3 -2026-04-10
CVE-2026-30226 devalue has prototype pollution in devalue.parse and devalue.unflatten — devalueCWE-1321 9.1AICriticalAI2026-03-11
CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers — svelteCWE-79 6.1AIMediumAI2026-02-26
CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent` — svelteCWE-79 6.1AIMediumAI2026-02-26
CVE-2026-27125 Svelte SSR attribute spreading includes inherited properties from prototype chain — svelteCWE-915 3.7 -2026-02-20
CVE-2026-27122 Svelte SSR does not validate dynamic element tag names in `<svelte:element>` — svelteCWE-79 6.1 -2026-02-20
CVE-2026-27121 Svelte affected by cross-site scripting via spread attributes in Svelte SSR — svelteCWE-79 6.1 -2026-02-20
CVE-2026-27119 Svelte affected by XSS in SSR `<option>` element — svelteCWE-79 6.1 -2026-02-20
CVE-2026-27118 Cache poisoning in @sveltejs/adapter-vercel — kitCWE-346 5.4AIMediumAI2026-02-20
CVE-2026-22775 devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse — devalueCWE-405 7.5 High2026-01-15
CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse — devalueCWE-405 7.5 High2026-01-15
CVE-2026-22803 SvelteKit has a memory amplification DoS in Remote Functions binary form deserializer — kitCWE-789 7.5AIHighAI2026-01-15
CVE-2025-67647 SvelteKit Denial of service and possible SSRF when using prerendering — kitCWE-248 7.5AIHighAI2026-01-15
CVE-2025-57820 Svelte devalue vulnerable to prototype pollution — devalueCWE-1321 9.1AICriticalAI2025-08-26
CVE-2025-32388 SvelteKit allows XSS via tracked search_params — kitCWE-79 5.4 Medium2025-04-15
CVE-2024-53261 Cross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKit — kitCWE-79 6.1AIMediumAI2024-11-25
CVE-2024-53262 Unescaped error message included on error page in SvelteKit — kitCWE-79 7.1AIHighAI2024-11-25
CVE-2024-45047 Potential mXSS vulnerability due to improper HTML escaping in svelte — svelteCWE-79 5.4 Medium2024-08-30
CVE-2024-23641 Sending a GET or HEAD request with a body crashes SvelteKit — kitCWE-20 7.5 High2024-01-24
CVE-2023-29008 SvelteKit framework has Insufficient CSRF protection for CORS requests — kitCWE-918 8.8 High2023-04-06
CVE-2023-29003 SvelteKit has Insufficient Cross-Site Request Forgery Protection — kitCWE-352 8.8 High2023-04-04

This page lists every published CVE security advisory associated with sveltejs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.