Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/vite@5.4.21
Typenpm
Namespace
Namevite
Version5.4.21
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.4.2
Latest_non_vulnerable_version8.0.5
Affected_by_vulnerabilities
0
url VCID-nh6q-ms28-13ee
vulnerability_id VCID-nh6q-ms28-13ee
summary Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the server.fs.strict allow list and retrieve .map files located outside the project root, provided they can be parsed as valid source map JSON. This vulnerability is fixed in 6.4.2, 7.3.2, and 8.0.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39365
reference_id
reference_type
scores
0
value 0.01457
scoring_system epss
scoring_elements 0.81253
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39365
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694
4
reference_url https://github.com/vitejs/vite/pull/22161
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/pull/22161
5
reference_url https://github.com/vitejs/vite/releases/tag/v6.4.2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v6.4.2
6
reference_url https://github.com/vitejs/vite/releases/tag/v7.3.2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v7.3.2
7
reference_url https://github.com/vitejs/vite/releases/tag/v8.0.5
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v8.0.5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39365
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39365
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456190
reference_id 2456190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456190
10
reference_url https://github.com/advisories/GHSA-4w7w-66w2-5vf9
reference_id GHSA-4w7w-66w2-5vf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4w7w-66w2-5vf9
11
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9
reference_id GHSA-4w7w-66w2-5vf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T18:10:42Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9
fixed_packages
0
url pkg:npm/vite@6.4.2
purl pkg:npm/vite@6.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.4.2
1
url pkg:npm/vite@7.0.0-beta.0
purl pkg:npm/vite@7.0.0-beta.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.0-beta.0
2
url pkg:npm/vite@7.3.2
purl pkg:npm/vite@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.3.2
3
url pkg:npm/vite@8.0.0-beta.0
purl pkg:npm/vite@8.0.0-beta.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.0-beta.0
4
url pkg:npm/vite@8.0.5
purl pkg:npm/vite@8.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.5
aliases CVE-2026-39365, GHSA-4w7w-66w2-5vf9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh6q-ms28-13ee
Fixing_vulnerabilities
0
url VCID-3szj-s4z5-k3cp
vulnerability_id VCID-3szj-s4z5-k3cp
summary Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0 to before 6.4.1, 7.0.0 to before 7.0.8, and 7.1.0 to before 7.1.11, files denied by server.fs.deny were sent if the URL ended with \ when the dev server is running on Windows. Only apps explicitly exposing the Vite dev server to the network and running the dev server on Windows were affected. This issue has been patched in versions 5.4.21, 6.4.1, 7.0.8, and 7.1.11.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62522.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62522.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62522
reference_id
reference_type
scores
0
value 0.00817
scoring_system epss
scoring_elements 0.74774
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62522
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2405222
reference_id 2405222
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2405222
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62522
reference_id CVE-2025-62522
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62522
5
reference_url https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed
reference_id f479cc57c425ed41ceb434fecebd63931b1ed4ed
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T20:16:51Z/
url https://github.com/vitejs/vite/commit/f479cc57c425ed41ceb434fecebd63931b1ed4ed
6
reference_url https://github.com/advisories/GHSA-93m4-6634-74q7
reference_id GHSA-93m4-6634-74q7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-93m4-6634-74q7
7
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7
reference_id GHSA-93m4-6634-74q7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-20T20:16:51Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-93m4-6634-74q7
fixed_packages
0
url pkg:npm/vite@5.4.21
purl pkg:npm/vite@5.4.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.21
1
url pkg:npm/vite@6.4.1
purl pkg:npm/vite@6.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.4.1
2
url pkg:npm/vite@7.0.8
purl pkg:npm/vite@7.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.8
3
url pkg:npm/vite@7.1.11
purl pkg:npm/vite@7.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-ttfe-2bcz-f3e4
2
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.1.11
aliases CVE-2025-62522, GHSA-93m4-6634-74q7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3szj-s4z5-k3cp
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.21