VulnerableCode Package Details - pkg:npm/vite@6.3.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/vite@6.3.0

Essentials
History (5)

purl	pkg:npm/vite@6.3.0

Next non-vulnerable version	6.4.2
Latest non-vulnerable version	8.0.5
Risk	4.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-b2m1-kmdu-ykgt Aliases: CVE-2025-58752 GHSA-jqfw-vq24-v9c3	Vite's `server.fs` settings were not applied to HTML files Any HTML files on the machine were served regardless of the `server.fs` settings.	6.3.6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.1.5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-gefx-xng3-k3f4 Aliases: CVE-2025-58751 GHSA-g4jq-h2w9-997c	Vite middleware may serve files starting with the same name with the public directory Files starting with the same name with the public directory were served bypassing the `server.fs` settings.	6.3.6 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.0.7 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.1.5 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-na8b-yqpp-p7fj Aliases: CVE-2025-46565 GHSA-859w-5945-r5v3	Duplicate This advisory duplicates another.	6.3.4 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-p1jn-hqj6-j7ca Aliases: CVE-2026-39363 GHSA-p9ff-h696-f583	Vite: Vite: Information disclosure via WebSocket connection bypasses access control	6.4.2 Affected by 0 other vulnerabilities. 7.0.0-beta.0 Affected by 0 other vulnerabilities. 7.3.2 Affected by 0 other vulnerabilities. 8.0.0-beta.0 Affected by 0 other vulnerabilities. 8.0.5 Affected by 0 other vulnerabilities.
VCID-zn73-3dmx-vye4 Aliases: CVE-2026-39365 GHSA-4w7w-66w2-5vf9	vite: Vite: Information disclosure via path traversal in dev server's .map request handling	6.4.2 Affected by 0 other vulnerabilities. 7.0.0-beta.0 Affected by 0 other vulnerabilities. 7.3.2 Affected by 0 other vulnerabilities. 8.0.0-beta.0 Affected by 0 other vulnerabilities. 8.0.5 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T07:47:39.507316+00:00	GitLab Importer	Affected by	VCID-p1jn-hqj6-j7ca	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2026-39363.yml	38.6.0
2026-06-06T07:47:24.314254+00:00	GitLab Importer	Affected by	VCID-zn73-3dmx-vye4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2026-39365.yml	38.6.0
2026-06-06T06:05:32.780674+00:00	GitLab Importer	Affected by	VCID-b2m1-kmdu-ykgt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-58752.yml	38.6.0
2026-06-06T06:05:23.292328+00:00	GitLab Importer	Affected by	VCID-gefx-xng3-k3f4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-58751.yml	38.6.0
2026-06-04T16:23:56.494526+00:00	GitLab Importer	Affected by	VCID-na8b-yqpp-p7fj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/vite/CVE-2025-46565.yml	38.6.0