Search for packages
| purl | pkg:npm/vite@4.5.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-mfry-5z57-n7ad
Aliases: CVE-2024-45811 GHSA-9cwx-2883-4wfx |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-qt19-799f-1ue5
Aliases: CVE-2025-62522 GHSA-93m4-6634-74q7 |
vite allows server.fs.deny bypass via backslash on Windows Files denied by [`server.fs.deny`](https://vitejs.dev/config/server-options.html#server-fs-deny) were sent if the URL ended with `\` when the dev server is running on Windows. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-xbcf-jm6w-vyeu | Vite's `server.fs.deny` did not deny requests for patterns with directories. [Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` did not deny requests for patterns with directories. An example of such a pattern is `/foo/**/*`. |
GHSA-8jhw-289h-jh2g
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T01:05:40.554454+00:00 | GHSA Importer | Affected by | VCID-qt19-799f-1ue5 | https://github.com/advisories/GHSA-93m4-6634-74q7 | 38.6.0 |
| 2026-05-31T01:04:51.649177+00:00 | GHSA Importer | Affected by | VCID-mfry-5z57-n7ad | https://github.com/advisories/GHSA-9cwx-2883-4wfx | 38.6.0 |
| 2026-05-30T21:03:45.530726+00:00 | GitLab Importer | Fixing | VCID-xbcf-jm6w-vyeu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/GHSA-8jhw-289h-jh2g.yml | 38.6.0 |