Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/svelte@5.51.5
Typenpm
Namespace
Namesvelte
Version5.51.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.55.7
Latest_non_vulnerable_version5.55.7
Affected_by_vulnerabilities
0
url VCID-3338-judc-5ke1
vulnerability_id VCID-3338-judc-5ke1
summary Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42573
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.0914
published_at 2026-06-12T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.14874
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42573
1
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42573
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42573
3
reference_url https://github.com/advisories/GHSA-rcqx-6q8c-2c42
reference_id GHSA-rcqx-6q8c-2c42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcqx-6q8c-2c42
4
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-rcqx-6q8c-2c42
reference_id GHSA-rcqx-6q8c-2c42
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:25:38Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-rcqx-6q8c-2c42
5
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id svelte%405.55.7
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:25:38Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases CVE-2026-42573, GHSA-rcqx-6q8c-2c42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3338-judc-5ke1
1
url VCID-cxqy-4aua-v3bt
vulnerability_id VCID-cxqy-4aua-v3bt
summary 
Svelte: SSR XSS via Insecure Promise Serialization in hydratable
Contents of `hydratable` promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true:
- you are using `hydratable` (an experimental feature at the time of this report)
- you are passing attacker-controlled input such that a synchronous value is hydrated, then a promise value, e.g. `hydratable('someKey', () => [synchronousValue, promiseValue])`
references
0
reference_url http://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
1
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
2
reference_url https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte/commit/a16ebc67bbcf8f708360195687e1b2719463e1a4
3
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-f3cj-j4f6-wq85
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte/security/advisories/GHSA-f3cj-j4f6-wq85
4
reference_url https://github.com/advisories/GHSA-f3cj-j4f6-wq85
reference_id GHSA-f3cj-j4f6-wq85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3cj-j4f6-wq85
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases GHSA-f3cj-j4f6-wq85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cxqy-4aua-v3bt
2
url VCID-eub6-k2yh-suhb
vulnerability_id VCID-eub6-k2yh-suhb
summary Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server. Version 5.53.5 fixes the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27901
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10472
published_at 2026-06-12T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.1042
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27901
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5
4
reference_url https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d
reference_id 0df5abcae223058ceb95491470372065fb87951d
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/
url https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442918
reference_id 2442918
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442918
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27901
reference_id CVE-2026-27901
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27901
7
reference_url https://github.com/advisories/GHSA-phwv-c562-gvmh
reference_id GHSA-phwv-c562-gvmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-phwv-c562-gvmh
8
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh
reference_id GHSA-phwv-c562-gvmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh
9
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5
reference_id svelte%405.53.5
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5
fixed_packages
0
url pkg:npm/svelte@5.53.5
purl pkg:npm/svelte@5.53.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3338-judc-5ke1
1
vulnerability VCID-cxqy-4aua-v3bt
2
vulnerability VCID-vbz4-avaq-7kh6
3
vulnerability VCID-ycam-n781-gkf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.53.5
aliases CVE-2026-27901, GHSA-phwv-c562-gvmh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eub6-k2yh-suhb
3
url VCID-vbz4-avaq-7kh6
vulnerability_id VCID-vbz4-avaq-7kh6
summary Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. Note that this vulnerability only triggers if the user's browser has JavaScript enabled but Svelte's hydration mechanism does not reach the vulnerable element before the event fires. This issue has been patched in version 5.55.7.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42599.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42599.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42599
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.1046
published_at 2026-06-12T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13638
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42599
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42599
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42599
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2487076
reference_id 2487076
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2487076
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
reference_id CVE-2026-27121
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
6
reference_url https://github.com/advisories/GHSA-pr6f-5x2q-rwfp
reference_id GHSA-pr6f-5x2q-rwfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pr6f-5x2q-rwfp
7
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-pr6f-5x2q-rwfp
reference_id GHSA-pr6f-5x2q-rwfp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:28:29Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-pr6f-5x2q-rwfp
8
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id svelte%405.55.7
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:28:29Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases CVE-2026-42599, GHSA-pr6f-5x2q-rwfp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbz4-avaq-7kh6
4
url VCID-ycam-n781-gkf8
vulnerability_id VCID-ycam-n781-gkf8
summary Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42567.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42567.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42567
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11899
published_at 2026-06-11T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.15266
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42567
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-42567
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-42567
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2487114
reference_id 2487114
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2487114
5
reference_url https://github.com/advisories/GHSA-9rmh-mm8f-r9h6
reference_id GHSA-9rmh-mm8f-r9h6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9rmh-mm8f-r9h6
6
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-9rmh-mm8f-r9h6
reference_id GHSA-9rmh-mm8f-r9h6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:09:08Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-9rmh-mm8f-r9h6
7
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
reference_id svelte%405.55.7
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-09T18:09:08Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte%405.55.7
fixed_packages
0
url pkg:npm/svelte@5.55.7
purl pkg:npm/svelte@5.55.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.55.7
aliases CVE-2026-42567, GHSA-9rmh-mm8f-r9h6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ycam-n781-gkf8
Fixing_vulnerabilities
0
url VCID-4hh1-vzj8-bqfy
vulnerability_id VCID-4hh1-vzj8-bqfy
summary svelte performance oriented web framework. Prior to 5.51.5, when using <svelte:element this={tag}> in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27122
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01383
published_at 2026-06-12T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01381
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27122
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441520
reference_id 2441520
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441520
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27122
reference_id CVE-2026-27122
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27122
5
reference_url https://github.com/advisories/GHSA-m56q-vw4c-c2cp
reference_id GHSA-m56q-vw4c-c2cp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m56q-vw4c-c2cp
6
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp
reference_id GHSA-m56q-vw4c-c2cp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:22:44Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3338-judc-5ke1
1
vulnerability VCID-cxqy-4aua-v3bt
2
vulnerability VCID-eub6-k2yh-suhb
3
vulnerability VCID-vbz4-avaq-7kh6
4
vulnerability VCID-ycam-n781-gkf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27122, GHSA-m56q-vw4c-c2cp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hh1-vzj8-bqfy
1
url VCID-w8kg-2qq6-xyet
vulnerability_id VCID-w8kg-2qq6-xyet
summary svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. This vulnerability is fixed in 5.51.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27121
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.0142
published_at 2026-06-12T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01418
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27121
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441532
reference_id 2441532
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441532
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
reference_id CVE-2026-27121
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27121
5
reference_url https://github.com/advisories/GHSA-f7gr-6p89-r883
reference_id GHSA-f7gr-6p89-r883
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f7gr-6p89-r883
6
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883
reference_id GHSA-f7gr-6p89-r883
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:31:36Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3338-judc-5ke1
1
vulnerability VCID-cxqy-4aua-v3bt
2
vulnerability VCID-eub6-k2yh-suhb
3
vulnerability VCID-vbz4-avaq-7kh6
4
vulnerability VCID-ycam-n781-gkf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27121, GHSA-f7gr-6p89-r883
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w8kg-2qq6-xyet
2
url VCID-x1g1-8b9m-5yhz
vulnerability_id VCID-x1g1-8b9m-5yhz
summary svelte performance oriented web framework. Prior to 5.51.5, in server-side rendering, attribute spreading on elements (e.g. <div {...attrs}>) enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where Object.prototype has already been polluted — a precondition outside of Svelte's control — this can cause unexpected attributes to appear in SSR output or cause SSR to throw errors. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27125
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09166
published_at 2026-06-12T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09109
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27125
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441511
reference_id 2441511
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441511
4
reference_url https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f
reference_id 73098bb26c6f06e7fd1b0746d817d2c5ee90755f
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/
url https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27125
reference_id CVE-2026-27125
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27125
6
reference_url https://github.com/advisories/GHSA-crpf-4hrx-3jrp
reference_id GHSA-crpf-4hrx-3jrp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-crpf-4hrx-3jrp
7
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp
reference_id GHSA-crpf-4hrx-3jrp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp
8
reference_url https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5
reference_id svelte@5.51.5
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/
url https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3338-judc-5ke1
1
vulnerability VCID-cxqy-4aua-v3bt
2
vulnerability VCID-eub6-k2yh-suhb
3
vulnerability VCID-vbz4-avaq-7kh6
4
vulnerability VCID-ycam-n781-gkf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27125, GHSA-crpf-4hrx-3jrp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x1g1-8b9m-5yhz
3
url VCID-zmre-1nsj-9ug6
vulnerability_id VCID-zmre-1nsj-9ug6
summary svelte performance oriented web framework. From 5.39.3, <=5.51.4, in certain circumstances, the server-side rendering output of an <option> element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27119.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27119.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27119
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01898
published_at 2026-06-12T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01895
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27119
2
reference_url https://github.com/sveltejs/svelte
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/svelte
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441526
reference_id 2441526
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441526
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27119
reference_id CVE-2026-27119
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27119
5
reference_url https://github.com/advisories/GHSA-h7h7-mm68-gmrc
reference_id GHSA-h7h7-mm68-gmrc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7h7-mm68-gmrc
6
reference_url https://github.com/sveltejs/svelte/security/advisories/GHSA-h7h7-mm68-gmrc
reference_id GHSA-h7h7-mm68-gmrc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:41:15Z/
url https://github.com/sveltejs/svelte/security/advisories/GHSA-h7h7-mm68-gmrc
fixed_packages
0
url pkg:npm/svelte@5.51.5
purl pkg:npm/svelte@5.51.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3338-judc-5ke1
1
vulnerability VCID-cxqy-4aua-v3bt
2
vulnerability VCID-eub6-k2yh-suhb
3
vulnerability VCID-vbz4-avaq-7kh6
4
vulnerability VCID-ycam-n781-gkf8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5
aliases CVE-2026-27119, GHSA-h7h7-mm68-gmrc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmre-1nsj-9ug6
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5