Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/svelte@5.33.8
Typenpm
Namespace
Namesvelte
Version5.33.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.55.7
Latest_non_vulnerable_version5.55.7
Affected_by_vulnerabilities
0
url VCID-3338-judc-5ke1
vulnerability_id VCID-3338-judc-5ke1
summary Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42573
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.0914
published_at 2026-06-12T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.14874
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42573
1
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42573
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42573
3
reference_url https://github.com/advisories/GHSA-rcqx-6q8c-2c42
reference_id GHSA-rcqx-6q8c-2c42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcqx-6q8c-2c42
4
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-rcqx-6q8c-2c42
reference_id GHSA-rcqx-6q8c-2c42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:25:38Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-rcqx-6q8c-2c42
5
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id svelte%405.55.7
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:25:38Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases CVE-2026-42573, GHSA-rcqx-6q8c-2c42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3338-judc-5ke1
1
url VCID-4hh1-vzj8-bqfy
vulnerability_id VCID-4hh1-vzj8-bqfy
summary svelte performance oriented web framework. Prior to 5.51.5, when using <svelte:element this={tag}> in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27122
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01383
published_at 2026-06-12T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01381
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27122
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441520
reference_id 2441520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441520
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27122
reference_id CVE-2026-27122
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27122
5
reference_url https://github.com/advisories/GHSA-m56q-vw4c-c2cp
reference_id GHSA-m56q-vw4c-c2cp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m56q-vw4c-c2cp
6
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp
reference_id GHSA-m56q-vw4c-c2cp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:22:44Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3338-judc-5ke1
1
vulnerability VCID-cxqy-4aua-v3bt
2
vulnerability VCID-eub6-k2yh-suhb
3
vulnerability VCID-vbz4-avaq-7kh6
4
vulnerability VCID-ycam-n781-gkf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27122, GHSA-m56q-vw4c-c2cp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hh1-vzj8-bqfy
2
url VCID-eub6-k2yh-suhb
vulnerability_id VCID-eub6-k2yh-suhb
summary Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server. Version 5.53.5 fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27901
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10472
published_at 2026-06-12T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.1042
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27901
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5
4
reference_url https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d
reference_id 0df5abcae223058ceb95491470372065fb87951d
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/
url https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442918
reference_id 2442918
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442918
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27901
reference_id CVE-2026-27901
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27901
7
reference_url https://github.com/advisories/GHSA-phwv-c562-gvmh
reference_id GHSA-phwv-c562-gvmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-phwv-c562-gvmh
8
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh
reference_id GHSA-phwv-c562-gvmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh
9
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5
reference_id svelte%405.53.5
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5
fixed_packages
0
url pkg:npm/svelte@5.53.5
purl pkg:npm/svelte@5.53.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3338-judc-5ke1
1
vulnerability VCID-cxqy-4aua-v3bt
2
vulnerability VCID-vbz4-avaq-7kh6
3
vulnerability VCID-ycam-n781-gkf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.53.5
aliases CVE-2026-27901, GHSA-phwv-c562-gvmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eub6-k2yh-suhb
3
url VCID-vbz4-avaq-7kh6
vulnerability_id VCID-vbz4-avaq-7kh6
summary Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. Note that this vulnerability only triggers if the user's browser has JavaScript enabled but Svelte's hydration mechanism does not reach the vulnerable element before the event fires. This issue has been patched in version 5.55.7.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42599.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42599.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42599
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.1046
published_at 2026-06-12T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13638
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42599
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42599
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42599
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2487076
reference_id 2487076
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2487076
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
reference_id CVE-2026-27121
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
6
reference_url https://github.com/advisories/GHSA-pr6f-5x2q-rwfp
reference_id GHSA-pr6f-5x2q-rwfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr6f-5x2q-rwfp
7
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-pr6f-5x2q-rwfp
reference_id GHSA-pr6f-5x2q-rwfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:28:29Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-pr6f-5x2q-rwfp
8
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id svelte%405.55.7
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:28:29Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases CVE-2026-42599, GHSA-pr6f-5x2q-rwfp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbz4-avaq-7kh6
4
url VCID-w8kg-2qq6-xyet
vulnerability_id VCID-w8kg-2qq6-xyet
summary svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. This vulnerability is fixed in 5.51.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27121
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.0142
published_at 2026-06-12T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01418
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27121
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441532
reference_id 2441532
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441532
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
reference_id CVE-2026-27121
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
5
reference_url https://github.com/advisories/GHSA-f7gr-6p89-r883
reference_id GHSA-f7gr-6p89-r883
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7gr-6p89-r883
6
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883
reference_id GHSA-f7gr-6p89-r883
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:31:36Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3338-judc-5ke1
1
vulnerability VCID-cxqy-4aua-v3bt
2
vulnerability VCID-eub6-k2yh-suhb
3
vulnerability VCID-vbz4-avaq-7kh6
4
vulnerability VCID-ycam-n781-gkf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27121, GHSA-f7gr-6p89-r883
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8kg-2qq6-xyet
5
url VCID-x1g1-8b9m-5yhz
vulnerability_id VCID-x1g1-8b9m-5yhz
summary svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements (e.g. <div {...attrs}>) enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a precondition outside of Svelte's control — this can cause unexpected attributes to appear in SSR output or cause SSR to throw errors. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27125
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09166
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09109
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27125
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441511
reference_id 2441511
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441511
4
reference_url https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f
reference_id 73098bb26c6f06e7fd1b0746d817d2c5ee90755f
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/
url https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27125
reference_id CVE-2026-27125
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27125
6
reference_url https://github.com/advisories/GHSA-crpf-4hrx-3jrp
reference_id GHSA-crpf-4hrx-3jrp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crpf-4hrx-3jrp
7
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp
reference_id GHSA-crpf-4hrx-3jrp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp
8
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5
reference_id svelte@5.51.5
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3338-judc-5ke1
1
vulnerability VCID-cxqy-4aua-v3bt
2
vulnerability VCID-eub6-k2yh-suhb
3
vulnerability VCID-vbz4-avaq-7kh6
4
vulnerability VCID-ycam-n781-gkf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27125, GHSA-crpf-4hrx-3jrp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1g1-8b9m-5yhz
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.33.8