Search for packages
| purl | pkg:npm/vite@3.2.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1r3y-ngau-bff1
Aliases: CVE-2025-30208 GHSA-x574-m823-4x7w |
Affected by 7 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
|
VCID-1u9w-ucbx-dqgv
Aliases: CVE-2025-46565 GHSA-859w-5945-r5v3 |
Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
|
VCID-6zrj-xfa9-53bf
Aliases: CVE-2025-31486 GHSA-xcj6-pq6g-qj4x |
Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
|
VCID-8qat-9kwy-sfew
Aliases: CVE-2025-24010 GHSA-vg6x-rcgg-rjx6 |
Affected by 8 other vulnerabilities. Affected by 8 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
|
VCID-937q-cbk9-27g4
Aliases: CVE-2026-39365 GHSA-4w7w-66w2-5vf9 |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-c6xd-az5r-r3fe
Aliases: CVE-2025-58752 GHSA-jqfw-vq24-v9c3 |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
|
VCID-ejgf-18s2-jfcv
Aliases: CVE-2025-31125 GHSA-4r4m-qw57-chr8 |
Affected by 6 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 6 other vulnerabilities. Affected by 1 other vulnerability. Affected by 7 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 7 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
|
VCID-mfry-5z57-n7ad
Aliases: CVE-2024-45811 GHSA-9cwx-2883-4wfx |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
|
VCID-mfye-h829-fybu
Aliases: CVE-2024-45812 GHSA-64vr-g452-qvp3 |
Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
|
VCID-s6e9-86vw-kqej
Aliases: CVE-2024-23331 GHSA-c24v-8rfc-w8vw |
Improper Access Control Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server does not discriminate; a block list bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers. |
Affected by 12 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-sxd9-r8d3-hfhc
Aliases: CVE-2023-34092 GHSA-353f-5xf4-qw67 |
Use of Incorrectly-Resolved Name or Reference Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default `fs.deny` settings (`['.env', '.env.*', '*.{crt,pem}']`). Only users explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in vite@4.3.9, vite@4.2.3, vite@4.1.5, vite@4.0.5, vite@3.2.7, and vite@2.9.16. |
Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-w9wp-8fne-mucm
Aliases: CVE-2025-32395 GHSA-356w-63v5-8wf4 |
Affected by 4 other vulnerabilities. Affected by 4 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
|
VCID-xbcf-jm6w-vyeu
Aliases: GHSA-8jhw-289h-jh2g |
Vite's `server.fs.deny` did not deny requests for patterns with directories. [Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` did not deny requests for patterns with directories. An example of such a pattern is `/foo/**/*`. |
Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
VCID-z9hv-6kpm-6fbv
Aliases: CVE-2025-58751 GHSA-g4jq-h2w9-997c |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||