Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/vite@5.4.8

Type npm

Namespace

Name vite

Version 5.4.8

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.4.2

Latest_non_vulnerable_version 8.0.5

Affected_by_vulnerabilities

url VCID-6mrd-hwmy-4yay

vulnerability_id VCID-6mrd-hwmy-4yay

summary Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31125.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31125.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-31125

reference_id

reference_type

scores

value	0.83244
scoring_system	epss
scoring_elements	0.99286
published_at	2026-06-11T12:55:00Z

value	0.83244
scoring_system	epss
scoring_elements	0.99289
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-31125

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-31125

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31125

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2356283
reference_id	2356283
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2356283

reference_url

https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949

reference_id

59673137c45ac2bcfad1170d954347c1a17ab949

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-01-23T16:58:33Z/

url

https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949

reference_url	https://github.com/advisories/GHSA-4r4m-qw57-chr8
reference_id	GHSA-4r4m-qw57-chr8
reference_type
scores
url	https://github.com/advisories/GHSA-4r4m-qw57-chr8

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8

reference_id

GHSA-4r4m-qw57-chr8

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-01-23T16:58:33Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8

fixed_packages

url pkg:npm/vite@5.4.16

purl pkg:npm/vite@5.4.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.16

url pkg:npm/vite@6.0.0-alpha.0

purl pkg:npm/vite@6.0.0-alpha.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nh6q-ms28-13ee

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.0-alpha.0

url pkg:npm/vite@6.0.13

purl pkg:npm/vite@6.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.13

url pkg:npm/vite@6.1.0-beta.0

purl pkg:npm/vite@6.1.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.0-beta.0

url pkg:npm/vite@6.1.3

purl pkg:npm/vite@6.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.3

url pkg:npm/vite@6.2.0-beta.0

purl pkg:npm/vite@6.2.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.0-beta.0

url pkg:npm/vite@6.2.4

purl pkg:npm/vite@6.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.4

url pkg:npm/vite@6.3.0-beta.0

purl pkg:npm/vite@6.3.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.0-beta.0

aliases CVE-2025-31125, GHSA-4r4m-qw57-chr8

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mrd-hwmy-4yay

url VCID-84n3-jwnn-6kc4

vulnerability_id VCID-84n3-jwnn-6kc4

summary Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than build.assetsInlineLimit (default: 4kB) and when using Vite 6.0+. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 4.5.12, 5.4.17, 6.0.14, 6.1.4, and 6.2.5.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31486.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31486.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-31486

reference_id

reference_type

scores

value	0.04736
scoring_system	epss
scoring_elements	0.89648
published_at	2026-06-11T12:55:00Z

value	0.04736
scoring_system	epss
scoring_elements	0.89683
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-31486

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-31486

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31486

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2357264
reference_id	2357264
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2357264

reference_url

https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647

reference_id

62d7e81ee189d65899bb65f3263ddbd85247b647

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T20:39:24Z/

url

https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647

reference_url

https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290

reference_id

asset.ts#L285-L290

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T20:39:24Z/

url

https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290

reference_url	https://github.com/advisories/GHSA-xcj6-pq6g-qj4x
reference_id	GHSA-xcj6-pq6g-qj4x
reference_type
scores
url	https://github.com/advisories/GHSA-xcj6-pq6g-qj4x

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x

reference_id

GHSA-xcj6-pq6g-qj4x

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T20:39:24Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x

fixed_packages

url pkg:npm/vite@5.4.17

purl pkg:npm/vite@5.4.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.17

url pkg:npm/vite@6.0.14

purl pkg:npm/vite@6.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.14

url pkg:npm/vite@6.1.4

purl pkg:npm/vite@6.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.4

url pkg:npm/vite@6.2.5

purl pkg:npm/vite@6.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.5

aliases CVE-2025-31486, GHSA-xcj6-pq6g-qj4x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84n3-jwnn-6kc4

url VCID-bn49-7c61-27fp

vulnerability_id VCID-bn49-7c61-27fp

summary Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. Only files that are under project root and are denied by a file matching pattern can be bypassed. `server.fs.deny` can contain patterns matching against files (by default it includes .env, .env.*, *.{crt,pem} as such patterns). These patterns were able to bypass for files under `root` by using a combination of slash and dot (/.). This issue has been patched in versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46565.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46565.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-46565

reference_id

reference_type

scores

value	0.02428
scoring_system	epss
scoring_elements	0.85472
published_at	2026-06-11T12:55:00Z

value	0.02428
scoring_system	epss
scoring_elements	0.85523
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-46565

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-46565

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-46565

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2363544
reference_id	2363544
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2363544

reference_url

https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb

reference_id

c22c43de612eebb6c182dd67850c24e4fab8cacb

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T17:38:51Z/

url

https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb

reference_url	https://github.com/advisories/GHSA-859w-5945-r5v3
reference_id	GHSA-859w-5945-r5v3
reference_type
scores
url	https://github.com/advisories/GHSA-859w-5945-r5v3

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3

reference_id

GHSA-859w-5945-r5v3

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T17:38:51Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3

fixed_packages

url pkg:npm/vite@5.4.19

purl pkg:npm/vite@5.4.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.19

url pkg:npm/vite@6.0.0-alpha.0

purl pkg:npm/vite@6.0.0-alpha.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nh6q-ms28-13ee

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.0-alpha.0

url pkg:npm/vite@6.1.6

purl pkg:npm/vite@6.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.6

url pkg:npm/vite@6.2.0-beta.0

purl pkg:npm/vite@6.2.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.0-beta.0

url pkg:npm/vite@6.2.7

purl pkg:npm/vite@6.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.7

url pkg:npm/vite@6.3.0-beta.0

purl pkg:npm/vite@6.3.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.0-beta.0

url pkg:npm/vite@6.3.4

purl pkg:npm/vite@6.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.4

aliases CVE-2025-46565, GHSA-859w-5945-r5v3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bn49-7c61-27fp

url VCID-g8z2-qvuv-b7da

vulnerability_id VCID-g8z2-qvuv-b7da

summary Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24010.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24010.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24010

reference_id

reference_type

scores

value	0.00125
scoring_system	epss
scoring_elements	0.31409
published_at	2026-06-12T12:55:00Z

value	0.00125
scoring_system	epss
scoring_elements	0.31215
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24010

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-24010

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-24010

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2339011
reference_id	2339011
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2339011

reference_url	https://github.com/advisories/GHSA-vg6x-rcgg-rjx6
reference_id	GHSA-vg6x-rcgg-rjx6
reference_type
scores
url	https://github.com/advisories/GHSA-vg6x-rcgg-rjx6

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6

reference_id

GHSA-vg6x-rcgg-rjx6

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T14:52:46Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6

fixed_packages

url pkg:npm/vite@5.4.12

purl pkg:npm/vite@5.4.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mrd-hwmy-4yay

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xrg5-ae14-c3e1

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.12

url pkg:npm/vite@6.0.9

purl pkg:npm/vite@6.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mrd-hwmy-4yay

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

vulnerability	VCID-xrg5-ae14-c3e1

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.9

aliases CVE-2025-24010, GHSA-vg6x-rcgg-rjx6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8z2-qvuv-b7da

url VCID-h2jq-e6kt-v3f9

vulnerability_id VCID-h2jq-e6kt-v3f9

summary Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or server.host config option) and use `appType: 'spa'` (default) or `appType: 'mpa'` are affected. This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58752.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58752.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-58752

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.08037
published_at	2026-06-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08073
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-58752

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-58752

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-58752

reference_url

https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f

reference_id

0ab19ea9fcb66f544328f442cf6e70f7c0528d5f

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f

reference_url

https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e

reference_id

14015d794f69accba68798bd0e15135bc51c9c1e

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2393983
reference_id	2393983
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2393983

reference_url

https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea

reference_id

482000f57f56fe6ff2e905305100cfe03043ddea

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea

reference_url

https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6

reference_id

6f01ff4fe072bcfcd4e2a84811772b818cd51fe6

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6

reference_url	https://github.com/advisories/GHSA-jqfw-vq24-v9c3
reference_id	GHSA-jqfw-vq24-v9c3
reference_type
scores
url	https://github.com/advisories/GHSA-jqfw-vq24-v9c3

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3

reference_id

GHSA-jqfw-vq24-v9c3

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3

fixed_packages

url pkg:npm/vite@5.4.20

purl pkg:npm/vite@5.4.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3szj-s4z5-k3cp

vulnerability	VCID-nh6q-ms28-13ee

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.20

url pkg:npm/vite@6.3.6

purl pkg:npm/vite@6.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.6

url pkg:npm/vite@7.0.7

purl pkg:npm/vite@7.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3szj-s4z5-k3cp

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.7

url pkg:npm/vite@7.1.5

purl pkg:npm/vite@7.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-ttfe-2bcz-f3e4

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.1.5

aliases CVE-2025-58752, GHSA-jqfw-vq24-v9c3

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2jq-e6kt-v3f9

url VCID-h3c2-mbd1-zua6

vulnerability_id VCID-h3c2-mbd1-zua6

summary Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58751.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58751.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-58751

reference_id

reference_type

scores

value	0.01434
scoring_system	epss
scoring_elements	0.81167
published_at	2026-06-12T12:55:00Z

value	0.01434
scoring_system	epss
scoring_elements	0.81108
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-58751

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-58751

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-58751

reference_url

https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d

reference_id

09f2b52e8d5907f26602653caf41b3a56692600d

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2393970
reference_id	2393970
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2393970

reference_url

https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069

reference_id

4f1c35bcbb5830290c694aa14b6789e07450f069

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069

reference_url

https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec

reference_id

63e2a5d232218f3f8d852056751e609a5367aaec

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec

reference_url

https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0

reference_id

e11d24008b97d4ca731ecc1a3b95260a6d12e7e0

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0

reference_url

https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb

reference_id

f0113f3f8266328d804ee808f763a3c11f8997eb

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb

reference_url	https://github.com/advisories/GHSA-g4jq-h2w9-997c
reference_id	GHSA-g4jq-h2w9-997c
reference_type
scores
url	https://github.com/advisories/GHSA-g4jq-h2w9-997c

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c

reference_id

GHSA-g4jq-h2w9-997c

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c

fixed_packages

url pkg:npm/vite@5.4.20

purl pkg:npm/vite@5.4.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3szj-s4z5-k3cp

vulnerability	VCID-nh6q-ms28-13ee

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.20

url pkg:npm/vite@6.3.6

purl pkg:npm/vite@6.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.6

url pkg:npm/vite@7.0.7

purl pkg:npm/vite@7.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3szj-s4z5-k3cp

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.7

url pkg:npm/vite@7.1.5

purl pkg:npm/vite@7.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-ttfe-2bcz-f3e4

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.1.5

aliases CVE-2025-58751, GHSA-g4jq-h2w9-997c

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h3c2-mbd1-zua6

url VCID-nh6q-ms28-13ee

vulnerability_id VCID-nh6q-ms28-13ee

summary Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the server.fs.strict allow list and retrieve .map files located outside the project root, provided they can be parsed as valid source map JSON. This vulnerability is fixed in 6.4.2, 7.3.2, and 8.0.5.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-39365

reference_id

reference_type

scores

value	0.01457
scoring_system	epss
scoring_elements	0.81313
published_at	2026-06-12T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.81253
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-39365

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694

reference_url

https://github.com/vitejs/vite/pull/22161

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/pull/22161

reference_url

https://github.com/vitejs/vite/releases/tag/v6.4.2

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/releases/tag/v6.4.2

reference_url

https://github.com/vitejs/vite/releases/tag/v7.3.2

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/releases/tag/v7.3.2

reference_url

https://github.com/vitejs/vite/releases/tag/v8.0.5

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/releases/tag/v8.0.5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-39365

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-39365

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2456190
reference_id	2456190
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2456190

reference_url

https://github.com/advisories/GHSA-4w7w-66w2-5vf9

reference_id

GHSA-4w7w-66w2-5vf9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4w7w-66w2-5vf9

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9

reference_id

GHSA-4w7w-66w2-5vf9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T18:10:42Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9

fixed_packages

url	pkg:npm/vite@6.4.2
purl	pkg:npm/vite@6.4.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.4.2

url	pkg:npm/vite@7.0.0-beta.0
purl	pkg:npm/vite@7.0.0-beta.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.0-beta.0

url	pkg:npm/vite@7.3.2
purl	pkg:npm/vite@7.3.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.3.2

url	pkg:npm/vite@8.0.0-beta.0
purl	pkg:npm/vite@8.0.0-beta.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.0-beta.0

url	pkg:npm/vite@8.0.5
purl	pkg:npm/vite@8.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.5

aliases CVE-2026-39365, GHSA-4w7w-66w2-5vf9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh6q-ms28-13ee

url VCID-v2nx-m23g-mbd6

vulnerability_id VCID-v2nx-m23g-mbd6

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52011.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52011.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52011

reference_id

reference_type

scores

value	0.00079
scoring_system	epss
scoring_elements	0.23617
published_at	2026-06-12T12:55:00Z

value	0.00079
scoring_system	epss
scoring_elements	0.23421
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52011

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/vitejs/launch-editor

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/launch-editor

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2483853
reference_id	2483853
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2483853

reference_url

https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e

reference_id

971291e8a6a91226e1616c5c0ec85423d2d50a5e

reference_type

scores

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-06-02T15:24:21Z/

url

https://github.com/vitejs/launch-editor/commit/971291e8a6a91226e1616c5c0ec85423d2d50a5e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52011

reference_id

CVE-2024-52011

reference_type

scores

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52011

reference_url

https://github.com/advisories/GHSA-c27g-q93r-2cwf

reference_id

GHSA-c27g-q93r-2cwf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c27g-q93r-2cwf

reference_url

https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf

reference_id

GHSA-c27g-q93r-2cwf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-06-02T15:24:21Z/

url

https://github.com/vitejs/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf

reference_url

https://github.com/yyx990803/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf

reference_id

GHSA-c27g-q93r-2cwf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.5
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/yyx990803/launch-editor/security/advisories/GHSA-c27g-q93r-2cwf

fixed_packages

url pkg:npm/vite@5.4.9

purl pkg:npm/vite@5.4.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mrd-hwmy-4yay

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-g8z2-qvuv-b7da

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xrg5-ae14-c3e1

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.9

aliases CVE-2024-52011, GHSA-c27g-q93r-2cwf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2nx-m23g-mbd6

url VCID-w4t6-jjc1-afac

vulnerability_id VCID-w4t6-jjc1-afac

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32395.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32395.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32395

reference_id

reference_type

scores

value	0.03166
scoring_system	epss
scoring_elements	0.87217
published_at	2026-06-11T12:55:00Z

value	0.03166
scoring_system	epss
scoring_elements	0.87262
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32395

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-32395

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-32395

reference_url

https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70

reference_id

175a83909f02d3b554452a7bd02b9f340cdfef70

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T14:14:30Z/

url

https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2358861
reference_id	2358861
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2358861

reference_url	https://github.com/advisories/GHSA-356w-63v5-8wf4
reference_id	GHSA-356w-63v5-8wf4
reference_type
scores
url	https://github.com/advisories/GHSA-356w-63v5-8wf4

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4

reference_id

GHSA-356w-63v5-8wf4

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T14:14:30Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4

fixed_packages

url pkg:npm/vite@5.4.18

purl pkg:npm/vite@5.4.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.18

url pkg:npm/vite@6.0.15

purl pkg:npm/vite@6.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.15

url pkg:npm/vite@6.1.5

purl pkg:npm/vite@6.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.5

url pkg:npm/vite@6.2.6

purl pkg:npm/vite@6.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.6

aliases CVE-2025-32395, GHSA-356w-63v5-8wf4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4t6-jjc1-afac

url VCID-xrg5-ae14-c3e1

vulnerability_id VCID-xrg5-ae14-c3e1

summary Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. The contents of arbitrary files can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected. Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 fix the issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30208.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30208.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-30208

reference_id

reference_type

scores

value	0.89847
scoring_system	epss
scoring_elements	0.99594
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-30208

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-30208

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-30208

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2354598
reference_id	2354598
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2354598

reference_url

https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4

reference_id

315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4

reference_url

https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c

reference_id

80381c38d6f068b12e6e928cd3c616bd1d64803c

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c

reference_url

https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41

reference_id

807d7f06d33ab49c48a2a3501da3eea1906c0d41

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41

reference_url

https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca

reference_id

92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52111.py
reference_id	CVE-2025-30208
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52111.py

reference_url

https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1

reference_id

f234b5744d8b74c95535a7b82cc88ed2144263c1

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1

reference_url	https://github.com/advisories/GHSA-x574-m823-4x7w
reference_id	GHSA-x574-m823-4x7w
reference_type
scores
url	https://github.com/advisories/GHSA-x574-m823-4x7w

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w

reference_id

GHSA-x574-m823-4x7w

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w

fixed_packages

url pkg:npm/vite@5.4.15

purl pkg:npm/vite@5.4.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mrd-hwmy-4yay

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.15

url pkg:npm/vite@6.0.12

purl pkg:npm/vite@6.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mrd-hwmy-4yay

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.12

url pkg:npm/vite@6.1.2

purl pkg:npm/vite@6.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mrd-hwmy-4yay

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.2

url pkg:npm/vite@6.2.3

purl pkg:npm/vite@6.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6mrd-hwmy-4yay

vulnerability	VCID-84n3-jwnn-6kc4

vulnerability	VCID-bn49-7c61-27fp

vulnerability	VCID-h2jq-e6kt-v3f9

vulnerability	VCID-h3c2-mbd1-zua6

vulnerability	VCID-nh6q-ms28-13ee

vulnerability	VCID-w4t6-jjc1-afac

vulnerability	VCID-xn8m-3ck8-fufm

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.3

aliases CVE-2025-30208, GHSA-x574-m823-4x7w

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xrg5-ae14-c3e1

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.8

Package Instance