Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/vite@7.1.11
Typenpm
Namespace
Namevite
Version7.1.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.3.2
Latest_non_vulnerable_version8.0.5
Affected_by_vulnerabilities
0
url VCID-nh6q-ms28-13ee
vulnerability_id VCID-nh6q-ms28-13ee
summary Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the server.fs.strict allow list and retrieve .map files located outside the project root, provided they can be parsed as valid source map JSON. This vulnerability is fixed in 6.4.2, 7.3.2, and 8.0.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39365
reference_id
reference_type
scores
0
value 0.01457
scoring_system epss
scoring_elements 0.81253
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39365
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694
4
reference_url https://github.com/vitejs/vite/pull/22161
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/pull/22161
5
reference_url https://github.com/vitejs/vite/releases/tag/v6.4.2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v6.4.2
6
reference_url https://github.com/vitejs/vite/releases/tag/v7.3.2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v7.3.2
7
reference_url https://github.com/vitejs/vite/releases/tag/v8.0.5
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v8.0.5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39365
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39365
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456190
reference_id 2456190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456190
10
reference_url https://github.com/advisories/GHSA-4w7w-66w2-5vf9
reference_id GHSA-4w7w-66w2-5vf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4w7w-66w2-5vf9
11
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9
reference_id GHSA-4w7w-66w2-5vf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T18:10:42Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9
fixed_packages
0
url pkg:npm/vite@7.3.2
purl pkg:npm/vite@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.3.2
1
url pkg:npm/vite@8.0.0-beta.0
purl pkg:npm/vite@8.0.0-beta.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.0-beta.0
2
url pkg:npm/vite@8.0.5
purl pkg:npm/vite@8.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.5
aliases CVE-2026-39365, GHSA-4w7w-66w2-5vf9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh6q-ms28-13ee
1
url VCID-ttfe-2bcz-f3e4
vulnerability_id VCID-ttfe-2bcz-f3e4
summary Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny (e.g., .env, *.crt) can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are appended. This vulnerability is fixed in 7.3.2 and 8.0.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39364.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39364.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39364
reference_id
reference_type
scores
0
value 0.05147
scoring_system epss
scoring_elements 0.90092
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39364
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://github.com/vitejs/vite/commit/a9a3df299378d9cbc5f069e3536a369f8188c8ff
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/a9a3df299378d9cbc5f069e3536a369f8188c8ff
4
reference_url https://github.com/vitejs/vite/pull/22160
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/pull/22160
5
reference_url https://github.com/vitejs/vite/releases/tag/v7.3.2
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v7.3.2
6
reference_url https://github.com/vitejs/vite/releases/tag/v8.0.5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v8.0.5
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39364
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39364
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456181
reference_id 2456181
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456181
9
reference_url https://github.com/advisories/GHSA-v2wj-q39q-566r
reference_id GHSA-v2wj-q39q-566r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v2wj-q39q-566r
10
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-v2wj-q39q-566r
reference_id GHSA-v2wj-q39q-566r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-07T20:01:48Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-v2wj-q39q-566r
11
reference_url https://access.redhat.com/errata/RHSA-2026:24866
reference_id RHSA-2026:24866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:24866
fixed_packages
0
url pkg:npm/vite@7.3.2
purl pkg:npm/vite@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.3.2
1
url pkg:npm/vite@8.0.0-beta.0
purl pkg:npm/vite@8.0.0-beta.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.0-beta.0
2
url pkg:npm/vite@8.0.5
purl pkg:npm/vite@8.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.5
aliases CVE-2026-39364, GHSA-v2wj-q39q-566r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ttfe-2bcz-f3e4
2
url VCID-xn8m-3ck8-fufm
vulnerability_id VCID-xn8m-3ck8-fufm
summary Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, if it is possible to connect to the Vite dev server’s WebSocket without an Origin header, an attacker can invoke fetchModule via the custom WebSocket event vite:invoke and combine file://... with ?raw (or ?inline) to retrieve the contents of arbitrary files on the server as a JavaScript string (e.g., export default "..."). The access control enforced in the HTTP request path (such as server.fs.allow) is not applied to this WebSocket-based execution path. This vulnerability is fixed in 6.4.2, 7.3.2, and 8.0.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39363.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39363.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39363
reference_id
reference_type
scores
0
value 0.05706
scoring_system epss
scoring_elements 0.90621
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39363
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://github.com/vitejs/vite/commit/f02d9fde0b195afe3ea2944414186962fbbe41e0
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/f02d9fde0b195afe3ea2944414186962fbbe41e0
4
reference_url https://github.com/vitejs/vite/pull/22159
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/pull/22159
5
reference_url https://github.com/vitejs/vite/releases/tag/v6.4.2
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v6.4.2
6
reference_url https://github.com/vitejs/vite/releases/tag/v7.3.2
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v7.3.2
7
reference_url https://github.com/vitejs/vite/releases/tag/v8.0.5
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v8.0.5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39363
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39363
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456179
reference_id 2456179
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456179
10
reference_url https://github.com/advisories/GHSA-p9ff-h696-f583
reference_id GHSA-p9ff-h696-f583
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9ff-h696-f583
11
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-p9ff-h696-f583
reference_id GHSA-p9ff-h696-f583
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-08T17:52:54Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-p9ff-h696-f583
12
reference_url https://access.redhat.com/errata/RHSA-2026:24761
reference_id RHSA-2026:24761
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:24761
13
reference_url https://access.redhat.com/errata/RHSA-2026:24762
reference_id RHSA-2026:24762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:24762
14
reference_url https://access.redhat.com/errata/RHSA-2026:24866
reference_id RHSA-2026:24866
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:24866
fixed_packages
0
url pkg:npm/vite@7.3.2
purl pkg:npm/vite@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.3.2
1
url pkg:npm/vite@8.0.0-beta.0
purl pkg:npm/vite@8.0.0-beta.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.0-beta.0
2
url pkg:npm/vite@8.0.5
purl pkg:npm/vite@8.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.5
aliases CVE-2026-39363, GHSA-p9ff-h696-f583
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xn8m-3ck8-fufm
Fixing_vulnerabilities
0
url VCID-3szj-s4z5-k3cp
vulnerability_id VCID-3szj-s4z5-k3cp
summary Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended with \ when the dev server is running on Windows. Only apps explicitly exposing the Vite dev server to the network and running the dev server on Windows were affected. This issue has been patched in versions 5.4.21, 6.4.1, 7.0.8, and 7.1.11.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62522.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62522.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62522
reference_id
reference_type
scores
0
value 0.00817
scoring_system epss
scoring_elements 0.74774
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62522
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2405222
reference_id 2405222
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2405222
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62522
reference_id CVE-2025-62522
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62522
5
reference_url https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed
reference_id f479cc57c425ed41ceb434fecebd63931b1ed4ed
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T20:16:51Z/
url https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed
6
reference_url https://github.com/advisories/GHSA-93m4-6634-74q7
reference_id GHSA-93m4-6634-74q7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93m4-6634-74q7
7
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7
reference_id GHSA-93m4-6634-74q7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T20:16:51Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7
fixed_packages
0
url pkg:npm/vite@5.4.21
purl pkg:npm/vite@5.4.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.21
1
url pkg:npm/vite@6.4.1
purl pkg:npm/vite@6.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.4.1
2
url pkg:npm/vite@7.0.8
purl pkg:npm/vite@7.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.8
3
url pkg:npm/vite@7.1.11
purl pkg:npm/vite@7.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-ttfe-2bcz-f3e4
2
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.1.11
aliases CVE-2025-62522, GHSA-93m4-6634-74q7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3szj-s4z5-k3cp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/vite@7.1.11