Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/vite@4.4.0-beta.4
purl pkg:npm/vite@4.4.0-beta.4
Next non-vulnerable version 6.4.2
Latest non-vulnerable version 8.0.5
Risk 10.0
Vulnerabilities affecting this package (13)
Vulnerability Summary Fixed by
VCID-1r3y-ngau-bff1
Aliases:
CVE-2025-30208
GHSA-x574-m823-4x7w
4.5.10
Affected by 7 other vulnerabilities.
5.4.15
Affected by 7 other vulnerabilities.
6.0.12
Affected by 8 other vulnerabilities.
6.1.2
Affected by 8 other vulnerabilities.
6.2.3
Affected by 8 other vulnerabilities.
VCID-1u9w-ucbx-dqgv
Aliases:
CVE-2025-46565
GHSA-859w-5945-r5v3
4.5.14
Affected by 3 other vulnerabilities.
5.0.0-beta.0
Affected by 3 other vulnerabilities.
5.4.19
Affected by 3 other vulnerabilities.
6.0.0-alpha.0
Affected by 1 other vulnerability.
6.1.6
Affected by 4 other vulnerabilities.
6.2.0-beta.0
Affected by 4 other vulnerabilities.
6.2.7
Affected by 4 other vulnerabilities.
6.3.0-beta.0
Affected by 4 other vulnerabilities.
6.3.4
Affected by 4 other vulnerabilities.
VCID-6zrj-xfa9-53bf
Aliases:
CVE-2025-31486
GHSA-xcj6-pq6g-qj4x
4.5.12
Affected by 5 other vulnerabilities.
5.4.17
Affected by 5 other vulnerabilities.
6.0.14
Affected by 6 other vulnerabilities.
6.1.4
Affected by 6 other vulnerabilities.
6.2.5
Affected by 6 other vulnerabilities.
VCID-8qat-9kwy-sfew
Aliases:
CVE-2025-24010
GHSA-vg6x-rcgg-rjx6
4.5.6
Affected by 8 other vulnerabilities.
5.4.12
Affected by 8 other vulnerabilities.
6.0.9
Affected by 9 other vulnerabilities.
VCID-937q-cbk9-27g4
Aliases:
CVE-2026-39365
GHSA-4w7w-66w2-5vf9
6.4.2
Affected by 0 other vulnerabilities.
7.0.0-beta.0
Affected by 0 other vulnerabilities.
7.3.2
Affected by 0 other vulnerabilities.
8.0.0-beta.0
Affected by 0 other vulnerabilities.
8.0.5
Affected by 0 other vulnerabilities.
VCID-c6xd-az5r-r3fe
Aliases:
CVE-2025-58752
GHSA-jqfw-vq24-v9c3
5.4.20
Affected by 2 other vulnerabilities.
6.3.6
Affected by 2 other vulnerabilities.
7.0.7
Affected by 3 other vulnerabilities.
7.1.5
Affected by 3 other vulnerabilities.
VCID-ejgf-18s2-jfcv
Aliases:
CVE-2025-31125
GHSA-4r4m-qw57-chr8
4.5.11
Affected by 6 other vulnerabilities.
5.0.0-beta.0
Affected by 3 other vulnerabilities.
5.4.16
Affected by 6 other vulnerabilities.
6.0.0-alpha.0
Affected by 1 other vulnerability.
6.0.13
Affected by 7 other vulnerabilities.
6.1.0-beta.0
Affected by 5 other vulnerabilities.
6.1.3
Affected by 7 other vulnerabilities.
6.2.0-beta.0
Affected by 4 other vulnerabilities.
6.2.4
Affected by 7 other vulnerabilities.
6.3.0-beta.0
Affected by 4 other vulnerabilities.
VCID-mfry-5z57-n7ad
Aliases:
CVE-2024-45811
GHSA-9cwx-2883-4wfx
4.5.4
Affected by 0 other vulnerabilities.
4.5.5
Affected by 9 other vulnerabilities.
5.1.8
Affected by 9 other vulnerabilities.
5.2.0-beta.0
Affected by 9 other vulnerabilities.
5.2.14
Affected by 9 other vulnerabilities.
5.3.6
Affected by 9 other vulnerabilities.
5.4.6
Affected by 9 other vulnerabilities.
VCID-mfye-h829-fybu
Aliases:
CVE-2024-45812
GHSA-64vr-g452-qvp3
4.5.4
Affected by 0 other vulnerabilities.
4.5.5
Affected by 9 other vulnerabilities.
5.1.8
Affected by 9 other vulnerabilities.
5.2.0-beta.0
Affected by 9 other vulnerabilities.
5.2.14
Affected by 9 other vulnerabilities.
5.3.6
Affected by 9 other vulnerabilities.
5.4.6
Affected by 9 other vulnerabilities.
VCID-s6e9-86vw-kqej
Aliases:
CVE-2024-23331
GHSA-c24v-8rfc-w8vw
Improper Access Control Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server does not discriminate; a block list bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.
4.5.2
Affected by 12 other vulnerabilities.
5.0.0-beta.0
Affected by 3 other vulnerabilities.
5.0.12
Affected by 12 other vulnerabilities.
5.1.0-beta.0
Affected by 11 other vulnerabilities.
VCID-w9wp-8fne-mucm
Aliases:
CVE-2025-32395
GHSA-356w-63v5-8wf4
4.5.13
Affected by 4 other vulnerabilities.
5.4.18
Affected by 4 other vulnerabilities.
6.0.15
Affected by 5 other vulnerabilities.
6.1.5
Affected by 5 other vulnerabilities.
6.2.6
Affected by 5 other vulnerabilities.
VCID-xbcf-jm6w-vyeu
Aliases:
GHSA-8jhw-289h-jh2g
Vite's `server.fs.deny` did not deny requests for patterns with directories. [Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` did not deny requests for patterns with directories. An example of such a pattern is `/foo/**/*`.
4.5.3
Affected by 12 other vulnerabilities.
5.0.13
Affected by 11 other vulnerabilities.
5.1.7
Affected by 11 other vulnerabilities.
5.2.6
Affected by 12 other vulnerabilities.
VCID-z9hv-6kpm-6fbv
Aliases:
CVE-2025-58751
GHSA-g4jq-h2w9-997c
5.4.20
Affected by 2 other vulnerabilities.
6.3.6
Affected by 2 other vulnerabilities.
7.0.7
Affected by 3 other vulnerabilities.
7.1.5
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T10:34:18.824649+00:00 GitLab Importer Affected by VCID-937q-cbk9-27g4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2026-39365.yml 38.6.0
2026-06-01T08:55:52.331469+00:00 GitLab Importer Affected by VCID-c6xd-az5r-r3fe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-58752.yml 38.6.0
2026-06-01T08:55:42.655773+00:00 GitLab Importer Affected by VCID-z9hv-6kpm-6fbv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-58751.yml 38.6.0
2026-06-01T08:40:21.799466+00:00 GitLab Importer Affected by VCID-1u9w-ucbx-dqgv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-46565.yml 38.6.0
2026-06-01T08:38:38.402425+00:00 GitLab Importer Affected by VCID-w9wp-8fne-mucm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-32395.yml 38.6.0
2026-06-01T08:37:51.676230+00:00 GitLab Importer Affected by VCID-6zrj-xfa9-53bf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-31486.yml 38.6.0
2026-06-01T08:37:08.074104+00:00 GitLab Importer Affected by VCID-ejgf-18s2-jfcv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-31125.yml 38.6.0
2026-06-01T08:36:40.285970+00:00 GitLab Importer Affected by VCID-1r3y-ngau-bff1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-30208.yml 38.6.0
2026-06-01T08:29:10.184295+00:00 GitLab Importer Affected by VCID-8qat-9kwy-sfew https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-24010.yml 38.6.0
2026-06-01T08:15:40.194653+00:00 GitLab Importer Affected by VCID-mfye-h829-fybu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2024-45812.yml 38.6.0
2026-06-01T08:15:33.771079+00:00 GitLab Importer Affected by VCID-mfry-5z57-n7ad https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2024-45811.yml 38.6.0
2026-06-01T07:57:34.653115+00:00 GitLab Importer Affected by VCID-xbcf-jm6w-vyeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/GHSA-8jhw-289h-jh2g.yml 38.6.0
2026-06-01T07:48:42.576509+00:00 GitLab Importer Affected by VCID-s6e9-86vw-kqej https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2024-23331.yml 38.6.0