Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40sveltejs/kit@2.38.0
Typenpm
Namespace@sveltejs
Namekit
Version2.38.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.57.1
Latest_non_vulnerable_version2.60.1
Affected_by_vulnerabilities
0
url VCID-8sme-918e-w7gk
vulnerability_id VCID-8sme-918e-w7gk
summary @sveltejs/kit: `query.batch` cross-talk
references
0
reference_url https://github.com/sveltejs/kit
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit
1
reference_url https://github.com/advisories/GHSA-hgv7-v322-mmgr
reference_id GHSA-hgv7-v322-mmgr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hgv7-v322-mmgr
2
reference_url https://github.com/sveltejs/kit/security/advisories/GHSA-hgv7-v322-mmgr
reference_id GHSA-hgv7-v322-mmgr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/security/advisories/GHSA-hgv7-v322-mmgr
fixed_packages
0
url pkg:npm/%40sveltejs/kit@2.60.1
purl pkg:npm/%40sveltejs/kit@2.60.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.60.1
aliases GHSA-hgv7-v322-mmgr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sme-918e-w7gk
1
url VCID-epuv-msbd-u7g9
vulnerability_id VCID-epuv-msbd-u7g9
summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40073
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25599
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40073
1
reference_url https://github.com/sveltejs/kit
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit
2
reference_url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40073
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40073
4
reference_url https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95
reference_id 3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/
url https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95
5
reference_url https://github.com/advisories/GHSA-2crg-3p73-43xp
reference_id GHSA-2crg-3p73-43xp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2crg-3p73-43xp
6
reference_url https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp
reference_id GHSA-2crg-3p73-43xp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/
url https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp
7
reference_url https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1
reference_id kit@2.57.1
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/
url https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1
fixed_packages
0
url pkg:npm/%40sveltejs/kit@2.57.1
purl pkg:npm/%40sveltejs/kit@2.57.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.57.1
aliases CVE-2026-40073, GHSA-2crg-3p73-43xp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epuv-msbd-u7g9
2
url VCID-px8a-8ars-83f9
vulnerability_id VCID-px8a-8ars-83f9
summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input. This vulnerability is fixed in 2.57.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40074
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18158
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40074
1
reference_url https://github.com/sveltejs/kit
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit
2
reference_url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40074
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40074
4
reference_url https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd
reference_id 10d7b44425c3d9da642eecce373d0c6ef83b4fcd
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/
url https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd
5
reference_url https://github.com/advisories/GHSA-3f6h-2hrp-w5wx
reference_id GHSA-3f6h-2hrp-w5wx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f6h-2hrp-w5wx
6
reference_url https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx
reference_id GHSA-3f6h-2hrp-w5wx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/
url https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx
7
reference_url https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1
reference_id kit@2.57.1
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/
url https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1
fixed_packages
0
url pkg:npm/%40sveltejs/kit@2.57.1
purl pkg:npm/%40sveltejs/kit@2.57.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.57.1
aliases CVE-2026-40074, GHSA-3f6h-2hrp-w5wx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-px8a-8ars-83f9
3
url VCID-xe5v-xxrc-auan
vulnerability_id VCID-xe5v-xxrc-auan
summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when your app has at least one prerendered route (export const prerender = true). From 2.19.0 through 2.49.4, the vulnerability results in a DoS when your app has at least one prerendered route and you are using adapter-node without a configured ORIGIN environment variable, and you are not using a reverse proxy that implements Host header validation. This vulnerability is fixed in 2.49.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-67647
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13423
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-67647
1
reference_url https://github.com/sveltejs/kit
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit
2
reference_url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fadapter-node%405.5.1
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fadapter-node%405.5.1
3
reference_url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.49.5
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.49.5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67647
reference_id CVE-2025-67647
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-67647
5
reference_url https://github.com/sveltejs/kit/commit/d9ae9b00b14f5574d109f3fd548f960594346226
reference_id d9ae9b00b14f5574d109f3fd548f960594346226
reference_type
scores
0
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:57:32Z/
url https://github.com/sveltejs/kit/commit/d9ae9b00b14f5574d109f3fd548f960594346226
6
reference_url https://github.com/advisories/GHSA-j62c-4x62-9r35
reference_id GHSA-j62c-4x62-9r35
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j62c-4x62-9r35
7
reference_url https://github.com/sveltejs/kit/security/advisories/GHSA-j62c-4x62-9r35
reference_id GHSA-j62c-4x62-9r35
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:H/SC:L/SI:L/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-15T18:57:32Z/
url https://github.com/sveltejs/kit/security/advisories/GHSA-j62c-4x62-9r35
fixed_packages
0
url pkg:npm/%40sveltejs/kit@2.49.5
purl pkg:npm/%40sveltejs/kit@2.49.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epuv-msbd-u7g9
1
vulnerability VCID-f73t-4wu7-7bgg
2
vulnerability VCID-px8a-8ars-83f9
3
vulnerability VCID-q9mp-v3kn-1fb7
4
vulnerability VCID-s559-dy4x-xqcv
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.49.5
aliases CVE-2025-67647, GHSA-j62c-4x62-9r35
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xe5v-xxrc-auan
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.38.0