Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/vite@3.0.0-alpha.2
Typenpm
Namespace
Namevite
Version3.0.0-alpha.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.4.2
Latest_non_vulnerable_version8.0.5
Affected_by_vulnerabilities
0
url VCID-53we-mdcx-bbfr
vulnerability_id VCID-53we-mdcx-bbfr
summary Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability when building scripts to `cjs`/`iife`/`umd` output format. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an img tag with an unsanitized name attribute) are present. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. We have identified a DOM Clobbering vulnerability in Vite bundled scripts, particularly when the scripts dynamically import other scripts from the assets folder and the developer sets the build output format to `cjs`, `iife`, or `umd`. In such cases, Vite replaces relative paths starting with `__VITE_ASSET__` using the URL retrieved from `document.currentScript`. However, this implementation is vulnerable to a DOM Clobbering attack. The `document.currentScript` lookup can be shadowed by an attacker via the browser's named DOM tree element access mechanism. This manipulation allows an attacker to replace the intended script element with a malicious HTML element. When this happens, the src attribute of the attacker-controlled element is used as the URL for importing scripts, potentially leading to the dynamic loading of scripts from an attacker-controlled server. This vulnerability can result in cross-site scripting (XSS) attacks on websites that include Vite-bundled files (configured with an output format of `cjs`, `iife`, or `umd`) and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45812.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45812.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45812
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.49432
published_at 2026-06-14T12:55:00Z
1
value 0.00256
scoring_system epss
scoring_elements 0.49444
published_at 2026-06-13T12:55:00Z
2
value 0.00256
scoring_system epss
scoring_elements 0.49426
published_at 2026-06-12T12:55:00Z
3
value 0.00256
scoring_system epss
scoring_elements 0.49289
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45812
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/179b17773cf35c73ddb041f9e6c703fd9f3126af
4
reference_url https://github.com/vitejs/vite/commit/2691bb3ff6b073b41fb9046909e1e03a74e36675
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/2691bb3ff6b073b41fb9046909e1e03a74e36675
5
reference_url https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/2ddd8541ec3b2d2e5b698749e0f2362ef28056bd
6
reference_url https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/e8127166979e7ace6eeaa2c3b733c8994caa31f3
7
reference_url https://github.com/vitejs/vite/commit/ebb94c5b3bf41950f45562595adec117a4d0ba5e
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/ebb94c5b3bf41950f45562595adec117a4d0ba5e
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2312935
reference_id 2312935
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2312935
9
reference_url https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad
reference_id ade1d89660e17eedfd35652165b0c26905259fad
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:57:07Z/
url https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45812
reference_id CVE-2024-45812
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45812
11
reference_url https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986
reference_id GHSA-4vvj-4cpr-p986
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:57:07Z/
url https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986
12
reference_url https://github.com/advisories/GHSA-64vr-g452-qvp3
reference_id GHSA-64vr-g452-qvp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64vr-g452-qvp3
13
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3
reference_id GHSA-64vr-g452-qvp3
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:57:07Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3
14
reference_url https://access.redhat.com/errata/RHSA-2024:10917
reference_id RHSA-2024:10917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10917
15
reference_url https://access.redhat.com/errata/RHSA-2024:10962
reference_id RHSA-2024:10962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10962
16
reference_url https://scnps.co/papers/sp23_domclob.pdf
reference_id sp23_domclob.pdf
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:57:07Z/
url https://scnps.co/papers/sp23_domclob.pdf
17
reference_url https://research.securitum.com/xss-in-amp4email-dom-clobbering
reference_id xss-in-amp4email-dom-clobbering
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:57:07Z/
url https://research.securitum.com/xss-in-amp4email-dom-clobbering
fixed_packages
0
url pkg:npm/vite@3.2.11
purl pkg:npm/vite@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@3.2.11
1
url pkg:npm/vite@4.0.0-alpha.0
purl pkg:npm/vite@4.0.0-alpha.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.0.0-alpha.0
2
url pkg:npm/vite@4.5.4
purl pkg:npm/vite@4.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.4
3
url pkg:npm/vite@4.5.5
purl pkg:npm/vite@4.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.5
4
url pkg:npm/vite@5.1.8
purl pkg:npm/vite@5.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.1.8
5
url pkg:npm/vite@5.2.0-beta.0
purl pkg:npm/vite@5.2.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.2.0-beta.0
6
url pkg:npm/vite@5.2.14
purl pkg:npm/vite@5.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.2.14
7
url pkg:npm/vite@5.3.6
purl pkg:npm/vite@5.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.3.6
8
url pkg:npm/vite@5.4.6
purl pkg:npm/vite@5.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.6
aliases CVE-2024-45812, GHSA-64vr-g452-qvp3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-53we-mdcx-bbfr
1
url VCID-6mrd-hwmy-4yay
vulnerability_id VCID-6mrd-hwmy-4yay
summary Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3, 6.0.13, 5.4.16, and 4.5.11.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31125.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31125.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31125
reference_id
reference_type
scores
0
value 0.83244
scoring_system epss
scoring_elements 0.99288
published_at 2026-06-14T12:55:00Z
1
value 0.83244
scoring_system epss
scoring_elements 0.99289
published_at 2026-06-13T12:55:00Z
2
value 0.83244
scoring_system epss
scoring_elements 0.99286
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31125
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31125
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31125
4
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2356283
reference_id 2356283
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2356283
6
reference_url https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949
reference_id 59673137c45ac2bcfad1170d954347c1a17ab949
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-01-23T16:58:33Z/
url https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949
7
reference_url https://github.com/advisories/GHSA-4r4m-qw57-chr8
reference_id GHSA-4r4m-qw57-chr8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4r4m-qw57-chr8
8
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8
reference_id GHSA-4r4m-qw57-chr8
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-01-23T16:58:33Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8
fixed_packages
0
url pkg:npm/vite@4.5.11
purl pkg:npm/vite@4.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-84n3-jwnn-6kc4
1
vulnerability VCID-bn49-7c61-27fp
2
vulnerability VCID-h2jq-e6kt-v3f9
3
vulnerability VCID-h3c2-mbd1-zua6
4
vulnerability VCID-nh6q-ms28-13ee
5
vulnerability VCID-w4t6-jjc1-afac
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.11
1
url pkg:npm/vite@5.0.0-beta.0
purl pkg:npm/vite@5.0.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.0.0-beta.0
2
url pkg:npm/vite@5.4.16
purl pkg:npm/vite@5.4.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-84n3-jwnn-6kc4
1
vulnerability VCID-bn49-7c61-27fp
2
vulnerability VCID-h2jq-e6kt-v3f9
3
vulnerability VCID-h3c2-mbd1-zua6
4
vulnerability VCID-nh6q-ms28-13ee
5
vulnerability VCID-w4t6-jjc1-afac
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.16
3
url pkg:npm/vite@6.0.0-alpha.0
purl pkg:npm/vite@6.0.0-alpha.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.0-alpha.0
4
url pkg:npm/vite@6.0.13
purl pkg:npm/vite@6.0.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-84n3-jwnn-6kc4
1
vulnerability VCID-bn49-7c61-27fp
2
vulnerability VCID-h2jq-e6kt-v3f9
3
vulnerability VCID-h3c2-mbd1-zua6
4
vulnerability VCID-nh6q-ms28-13ee
5
vulnerability VCID-w4t6-jjc1-afac
6
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.13
5
url pkg:npm/vite@6.1.0-beta.0
purl pkg:npm/vite@6.1.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
4
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.0-beta.0
6
url pkg:npm/vite@6.1.3
purl pkg:npm/vite@6.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-84n3-jwnn-6kc4
1
vulnerability VCID-bn49-7c61-27fp
2
vulnerability VCID-h2jq-e6kt-v3f9
3
vulnerability VCID-h3c2-mbd1-zua6
4
vulnerability VCID-nh6q-ms28-13ee
5
vulnerability VCID-w4t6-jjc1-afac
6
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.3
7
url pkg:npm/vite@6.2.0-beta.0
purl pkg:npm/vite@6.2.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
3
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.0-beta.0
8
url pkg:npm/vite@6.2.4
purl pkg:npm/vite@6.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-84n3-jwnn-6kc4
1
vulnerability VCID-bn49-7c61-27fp
2
vulnerability VCID-h2jq-e6kt-v3f9
3
vulnerability VCID-h3c2-mbd1-zua6
4
vulnerability VCID-nh6q-ms28-13ee
5
vulnerability VCID-w4t6-jjc1-afac
6
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.4
9
url pkg:npm/vite@6.3.0-beta.0
purl pkg:npm/vite@6.3.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
3
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.0-beta.0
aliases CVE-2025-31125, GHSA-4r4m-qw57-chr8
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mrd-hwmy-4yay
2
url VCID-84n3-jwnn-6kc4
vulnerability_id VCID-84n3-jwnn-6kc4
summary Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest: script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than build.assetsInlineLimit (default: 4kB) and when using Vite 6.0+. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 4.5.12, 5.4.17, 6.0.14, 6.1.4, and 6.2.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31486.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31486.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31486
reference_id
reference_type
scores
0
value 0.04736
scoring_system epss
scoring_elements 0.89648
published_at 2026-06-11T12:55:00Z
1
value 0.04736
scoring_system epss
scoring_elements 0.89688
published_at 2026-06-14T12:55:00Z
2
value 0.04736
scoring_system epss
scoring_elements 0.89683
published_at 2026-06-12T12:55:00Z
3
value 0.04736
scoring_system epss
scoring_elements 0.89689
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31486
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31486
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31486
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2357264
reference_id 2357264
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2357264
5
reference_url https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647
reference_id 62d7e81ee189d65899bb65f3263ddbd85247b647
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T20:39:24Z/
url https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647
6
reference_url https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290
reference_id asset.ts#L285-L290
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T20:39:24Z/
url https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290
7
reference_url https://github.com/advisories/GHSA-xcj6-pq6g-qj4x
reference_id GHSA-xcj6-pq6g-qj4x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xcj6-pq6g-qj4x
8
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x
reference_id GHSA-xcj6-pq6g-qj4x
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T20:39:24Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x
fixed_packages
0
url pkg:npm/vite@4.5.12
purl pkg:npm/vite@4.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
4
vulnerability VCID-w4t6-jjc1-afac
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.12
1
url pkg:npm/vite@5.4.17
purl pkg:npm/vite@5.4.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
4
vulnerability VCID-w4t6-jjc1-afac
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.17
2
url pkg:npm/vite@6.0.14
purl pkg:npm/vite@6.0.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
4
vulnerability VCID-w4t6-jjc1-afac
5
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.14
3
url pkg:npm/vite@6.1.4
purl pkg:npm/vite@6.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
4
vulnerability VCID-w4t6-jjc1-afac
5
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.4
4
url pkg:npm/vite@6.2.5
purl pkg:npm/vite@6.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
4
vulnerability VCID-w4t6-jjc1-afac
5
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.5
aliases CVE-2025-31486, GHSA-xcj6-pq6g-qj4x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-84n3-jwnn-6kc4
3
url VCID-bn49-7c61-27fp
vulnerability_id VCID-bn49-7c61-27fp
summary Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. Only files that are under project root and are denied by a file matching pattern can be bypassed. `server.fs.deny` can contain patterns matching against files (by default it includes .env, .env.*, *.{crt,pem} as such patterns). These patterns were able to bypass for files under `root` by using a combination of slash and dot (/.). This issue has been patched in versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46565.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46565.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46565
reference_id
reference_type
scores
0
value 0.02428
scoring_system epss
scoring_elements 0.85523
published_at 2026-06-12T12:55:00Z
1
value 0.02428
scoring_system epss
scoring_elements 0.85472
published_at 2026-06-11T12:55:00Z
2
value 0.02588
scoring_system epss
scoring_elements 0.85971
published_at 2026-06-13T12:55:00Z
3
value 0.02588
scoring_system epss
scoring_elements 0.85963
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46565
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46565
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46565
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2363544
reference_id 2363544
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2363544
5
reference_url https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb
reference_id c22c43de612eebb6c182dd67850c24e4fab8cacb
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T17:38:51Z/
url https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb
6
reference_url https://github.com/advisories/GHSA-859w-5945-r5v3
reference_id GHSA-859w-5945-r5v3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-859w-5945-r5v3
7
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3
reference_id GHSA-859w-5945-r5v3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T17:38:51Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3
fixed_packages
0
url pkg:npm/vite@4.5.14
purl pkg:npm/vite@4.5.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.14
1
url pkg:npm/vite@5.0.0-beta.0
purl pkg:npm/vite@5.0.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.0.0-beta.0
2
url pkg:npm/vite@5.4.19
purl pkg:npm/vite@5.4.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.19
3
url pkg:npm/vite@6.0.0-alpha.0
purl pkg:npm/vite@6.0.0-alpha.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.0-alpha.0
4
url pkg:npm/vite@6.1.6
purl pkg:npm/vite@6.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
3
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.6
5
url pkg:npm/vite@6.2.0-beta.0
purl pkg:npm/vite@6.2.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
3
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.0-beta.0
6
url pkg:npm/vite@6.2.7
purl pkg:npm/vite@6.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
3
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.7
7
url pkg:npm/vite@6.3.0-beta.0
purl pkg:npm/vite@6.3.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
3
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.0-beta.0
8
url pkg:npm/vite@6.3.4
purl pkg:npm/vite@6.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h2jq-e6kt-v3f9
1
vulnerability VCID-h3c2-mbd1-zua6
2
vulnerability VCID-nh6q-ms28-13ee
3
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.4
aliases CVE-2025-46565, GHSA-859w-5945-r5v3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bn49-7c61-27fp
4
url VCID-g8z2-qvuv-b7da
vulnerability_id VCID-g8z2-qvuv-b7da
summary Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24010.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24010.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24010
reference_id
reference_type
scores
0
value 0.00125
scoring_system epss
scoring_elements 0.31426
published_at 2026-06-13T12:55:00Z
1
value 0.00125
scoring_system epss
scoring_elements 0.31408
published_at 2026-06-14T12:55:00Z
2
value 0.00125
scoring_system epss
scoring_elements 0.31215
published_at 2026-06-11T12:55:00Z
3
value 0.00125
scoring_system epss
scoring_elements 0.31409
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24010
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24010
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24010
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2339011
reference_id 2339011
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2339011
5
reference_url https://github.com/advisories/GHSA-vg6x-rcgg-rjx6
reference_id GHSA-vg6x-rcgg-rjx6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vg6x-rcgg-rjx6
6
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6
reference_id GHSA-vg6x-rcgg-rjx6
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T14:52:46Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6
fixed_packages
0
url pkg:npm/vite@4.5.6
purl pkg:npm/vite@4.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-h2jq-e6kt-v3f9
4
vulnerability VCID-h3c2-mbd1-zua6
5
vulnerability VCID-nh6q-ms28-13ee
6
vulnerability VCID-w4t6-jjc1-afac
7
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.6
1
url pkg:npm/vite@5.4.12
purl pkg:npm/vite@5.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-h2jq-e6kt-v3f9
4
vulnerability VCID-h3c2-mbd1-zua6
5
vulnerability VCID-nh6q-ms28-13ee
6
vulnerability VCID-w4t6-jjc1-afac
7
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.12
2
url pkg:npm/vite@6.0.9
purl pkg:npm/vite@6.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-h2jq-e6kt-v3f9
4
vulnerability VCID-h3c2-mbd1-zua6
5
vulnerability VCID-nh6q-ms28-13ee
6
vulnerability VCID-w4t6-jjc1-afac
7
vulnerability VCID-xn8m-3ck8-fufm
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.9
aliases CVE-2025-24010, GHSA-vg6x-rcgg-rjx6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8z2-qvuv-b7da
5
url VCID-h2jq-e6kt-v3f9
vulnerability_id VCID-h2jq-e6kt-v3f9
summary Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or server.host config option) and use `appType: 'spa'` (default) or `appType: 'mpa'` are affected. This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58752.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58752.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58752
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.08037
published_at 2026-06-11T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.08069
published_at 2026-06-14T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.08073
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58752
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58752
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58752
5
reference_url https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f
reference_id 0ab19ea9fcb66f544328f442cf6e70f7c0528d5f
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/
url https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f
6
reference_url https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e
reference_id 14015d794f69accba68798bd0e15135bc51c9c1e
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/
url https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2393983
reference_id 2393983
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2393983
8
reference_url https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea
reference_id 482000f57f56fe6ff2e905305100cfe03043ddea
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/
url https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea
9
reference_url https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6
reference_id 6f01ff4fe072bcfcd4e2a84811772b818cd51fe6
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/
url https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6
10
reference_url https://github.com/advisories/GHSA-jqfw-vq24-v9c3
reference_id GHSA-jqfw-vq24-v9c3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jqfw-vq24-v9c3
11
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3
reference_id GHSA-jqfw-vq24-v9c3
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3
fixed_packages
0
url pkg:npm/vite@5.4.20
purl pkg:npm/vite@5.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3szj-s4z5-k3cp
1
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.20
1
url pkg:npm/vite@6.3.6
purl pkg:npm/vite@6.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.6
2
url pkg:npm/vite@7.0.7
purl pkg:npm/vite@7.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3szj-s4z5-k3cp
1
vulnerability VCID-nh6q-ms28-13ee
2
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.7
3
url pkg:npm/vite@7.1.5
purl pkg:npm/vite@7.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-ttfe-2bcz-f3e4
2
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.1.5
aliases CVE-2025-58752, GHSA-jqfw-vq24-v9c3
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2jq-e6kt-v3f9
6
url VCID-h3c2-mbd1-zua6
vulnerability_id VCID-h3c2-mbd1-zua6
summary Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (using --host or `server.host` config option), use the public directory feature (enabled by default), and have a symlink in the public directory are affected. Versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20 fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58751.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58751.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58751
reference_id
reference_type
scores
0
value 0.01434
scoring_system epss
scoring_elements 0.81166
published_at 2026-06-14T12:55:00Z
1
value 0.01434
scoring_system epss
scoring_elements 0.81167
published_at 2026-06-12T12:55:00Z
2
value 0.01434
scoring_system epss
scoring_elements 0.81108
published_at 2026-06-11T12:55:00Z
3
value 0.01434
scoring_system epss
scoring_elements 0.81176
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58751
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58751
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58751
4
reference_url https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d
reference_id 09f2b52e8d5907f26602653caf41b3a56692600d
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/
url https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2393970
reference_id 2393970
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2393970
6
reference_url https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069
reference_id 4f1c35bcbb5830290c694aa14b6789e07450f069
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/
url https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069
7
reference_url https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec
reference_id 63e2a5d232218f3f8d852056751e609a5367aaec
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/
url https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec
8
reference_url https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0
reference_id e11d24008b97d4ca731ecc1a3b95260a6d12e7e0
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/
url https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0
9
reference_url https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb
reference_id f0113f3f8266328d804ee808f763a3c11f8997eb
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/
url https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb
10
reference_url https://github.com/advisories/GHSA-g4jq-h2w9-997c
reference_id GHSA-g4jq-h2w9-997c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4jq-h2w9-997c
11
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c
reference_id GHSA-g4jq-h2w9-997c
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c
fixed_packages
0
url pkg:npm/vite@5.4.20
purl pkg:npm/vite@5.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3szj-s4z5-k3cp
1
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.20
1
url pkg:npm/vite@6.3.6
purl pkg:npm/vite@6.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.6
2
url pkg:npm/vite@7.0.7
purl pkg:npm/vite@7.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3szj-s4z5-k3cp
1
vulnerability VCID-nh6q-ms28-13ee
2
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.7
3
url pkg:npm/vite@7.1.5
purl pkg:npm/vite@7.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nh6q-ms28-13ee
1
vulnerability VCID-ttfe-2bcz-f3e4
2
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.1.5
aliases CVE-2025-58751, GHSA-g4jq-h2w9-997c
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h3c2-mbd1-zua6
7
url VCID-jhy2-cnvt-nyg1
vulnerability_id VCID-jhy2-cnvt-nyg1
summary Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the browser. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists. This issue has been patched in versions 5.4.6, 5.3.6, 5.2.14, 4.5.5, and 3.2.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45811.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45811.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-45811
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03076
published_at 2026-06-14T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03064
published_at 2026-06-13T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03081
published_at 2026-06-12T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03068
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-45811
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249
4
reference_url https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd
5
reference_url https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6
6
reference_url https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2312930
reference_id 2312930
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2312930
8
reference_url https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34
reference_id 6820bb3b9a54334f3268fc5ee1e967d2e1c0db34
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:59:58Z/
url https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-45811
reference_id CVE-2024-45811
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-45811
10
reference_url https://github.com/advisories/GHSA-9cwx-2883-4wfx
reference_id GHSA-9cwx-2883-4wfx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9cwx-2883-4wfx
11
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx
reference_id GHSA-9cwx-2883-4wfx
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-18T13:59:58Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx
12
reference_url https://access.redhat.com/errata/RHSA-2024:10917
reference_id RHSA-2024:10917
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10917
13
reference_url https://access.redhat.com/errata/RHSA-2024:10962
reference_id RHSA-2024:10962
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10962
fixed_packages
0
url pkg:npm/vite@3.2.11
purl pkg:npm/vite@3.2.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@3.2.11
1
url pkg:npm/vite@4.0.0-alpha.0
purl pkg:npm/vite@4.0.0-alpha.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.0.0-alpha.0
2
url pkg:npm/vite@4.5.4
purl pkg:npm/vite@4.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.4
3
url pkg:npm/vite@4.5.5
purl pkg:npm/vite@4.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.5
4
url pkg:npm/vite@5.1.8
purl pkg:npm/vite@5.1.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.1.8
5
url pkg:npm/vite@5.2.0-beta.0
purl pkg:npm/vite@5.2.0-beta.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.2.0-beta.0
6
url pkg:npm/vite@5.2.14
purl pkg:npm/vite@5.2.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.2.14
7
url pkg:npm/vite@5.3.6
purl pkg:npm/vite@5.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.3.6
8
url pkg:npm/vite@5.4.6
purl pkg:npm/vite@5.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-g8z2-qvuv-b7da
4
vulnerability VCID-h2jq-e6kt-v3f9
5
vulnerability VCID-h3c2-mbd1-zua6
6
vulnerability VCID-nh6q-ms28-13ee
7
vulnerability VCID-w4t6-jjc1-afac
8
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.6
aliases CVE-2024-45811, GHSA-9cwx-2883-4wfx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jhy2-cnvt-nyg1
8
url VCID-nh6q-ms28-13ee
vulnerability_id VCID-nh6q-ms28-13ee
summary Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the server.fs.strict allow list and retrieve .map files located outside the project root, provided they can be parsed as valid source map JSON. This vulnerability is fixed in 6.4.2, 7.3.2, and 8.0.5.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39365
reference_id
reference_type
scores
0
value 0.01457
scoring_system epss
scoring_elements 0.81253
published_at 2026-06-11T12:55:00Z
1
value 0.01457
scoring_system epss
scoring_elements 0.81321
published_at 2026-06-13T12:55:00Z
2
value 0.01457
scoring_system epss
scoring_elements 0.81313
published_at 2026-06-12T12:55:00Z
3
value 0.01521
scoring_system epss
scoring_elements 0.81719
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39365
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694
4
reference_url https://github.com/vitejs/vite/pull/22161
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/pull/22161
5
reference_url https://github.com/vitejs/vite/releases/tag/v6.4.2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v6.4.2
6
reference_url https://github.com/vitejs/vite/releases/tag/v7.3.2
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v7.3.2
7
reference_url https://github.com/vitejs/vite/releases/tag/v8.0.5
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v8.0.5
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-39365
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-39365
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456190
reference_id 2456190
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456190
10
reference_url https://github.com/advisories/GHSA-4w7w-66w2-5vf9
reference_id GHSA-4w7w-66w2-5vf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4w7w-66w2-5vf9
11
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9
reference_id GHSA-4w7w-66w2-5vf9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T18:10:42Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9
fixed_packages
0
url pkg:npm/vite@6.4.2
purl pkg:npm/vite@6.4.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.4.2
1
url pkg:npm/vite@7.0.0-beta.0
purl pkg:npm/vite@7.0.0-beta.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.0-beta.0
2
url pkg:npm/vite@7.3.2
purl pkg:npm/vite@7.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.3.2
3
url pkg:npm/vite@8.0.0-beta.0
purl pkg:npm/vite@8.0.0-beta.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.0-beta.0
4
url pkg:npm/vite@8.0.5
purl pkg:npm/vite@8.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.5
aliases CVE-2026-39365, GHSA-4w7w-66w2-5vf9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nh6q-ms28-13ee
9
url VCID-w4t6-jjc1-afac
vulnerability_id VCID-w4t6-jjc1-afac
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32395.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32395.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32395
reference_id
reference_type
scores
0
value 0.03166
scoring_system epss
scoring_elements 0.87217
published_at 2026-06-11T12:55:00Z
1
value 0.03166
scoring_system epss
scoring_elements 0.87266
published_at 2026-06-14T12:55:00Z
2
value 0.03166
scoring_system epss
scoring_elements 0.87269
published_at 2026-06-13T12:55:00Z
3
value 0.03166
scoring_system epss
scoring_elements 0.87262
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32395
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32395
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32395
5
reference_url https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70
reference_id 175a83909f02d3b554452a7bd02b9f340cdfef70
reference_type
scores
0
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T14:14:30Z/
url https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2358861
reference_id 2358861
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2358861
7
reference_url https://github.com/advisories/GHSA-356w-63v5-8wf4
reference_id GHSA-356w-63v5-8wf4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-356w-63v5-8wf4
8
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4
reference_id GHSA-356w-63v5-8wf4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value 6.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T14:14:30Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4
fixed_packages
0
url pkg:npm/vite@4.5.13
purl pkg:npm/vite@4.5.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.13
1
url pkg:npm/vite@5.4.18
purl pkg:npm/vite@5.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.18
2
url pkg:npm/vite@6.0.15
purl pkg:npm/vite@6.0.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
4
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.15
3
url pkg:npm/vite@6.1.5
purl pkg:npm/vite@6.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
4
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.5
4
url pkg:npm/vite@6.2.6
purl pkg:npm/vite@6.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bn49-7c61-27fp
1
vulnerability VCID-h2jq-e6kt-v3f9
2
vulnerability VCID-h3c2-mbd1-zua6
3
vulnerability VCID-nh6q-ms28-13ee
4
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.6
aliases CVE-2025-32395, GHSA-356w-63v5-8wf4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4t6-jjc1-afac
10
url VCID-wf6g-h5dq-1qg3
vulnerability_id VCID-wf6g-h5dq-1qg3
summary Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35204
reference_id
reference_type
scores
0
value 0.0097
scoring_system epss
scoring_elements 0.77119
published_at 2026-06-12T12:55:00Z
1
value 0.0097
scoring_system epss
scoring_elements 0.77048
published_at 2026-06-11T12:55:00Z
2
value 0.0097
scoring_system epss
scoring_elements 0.77125
published_at 2026-06-14T12:55:00Z
3
value 0.0097
scoring_system epss
scoring_elements 0.77131
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35204
1
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
2
reference_url https://github.com/vitejs/vite/commit/6851009e6725b17608113a5a63474280075cae1c
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/6851009e6725b17608113a5a63474280075cae1c
3
reference_url https://github.com/vitejs/vite/commit/e109d64331d9fa57753832762c3573c3532a6947
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/commit/e109d64331d9fa57753832762c3573c3532a6947
4
reference_url https://github.com/vitejs/vite/issues/8498
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/issues/8498
5
reference_url https://github.com/vitejs/vite/releases/tag/v2.9.13
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v2.9.13
6
reference_url https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite/releases/tag/v3.0.0-beta.4
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35204
reference_id CVE-2022-35204
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35204
8
reference_url https://github.com/advisories/GHSA-mv48-hcvh-8jj8
reference_id GHSA-mv48-hcvh-8jj8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mv48-hcvh-8jj8
fixed_packages
0
url pkg:npm/vite@3.0.0-beta.4
purl pkg:npm/vite@3.0.0-beta.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-53we-mdcx-bbfr
1
vulnerability VCID-6mrd-hwmy-4yay
2
vulnerability VCID-84n3-jwnn-6kc4
3
vulnerability VCID-bn49-7c61-27fp
4
vulnerability VCID-g8z2-qvuv-b7da
5
vulnerability VCID-h2jq-e6kt-v3f9
6
vulnerability VCID-h3c2-mbd1-zua6
7
vulnerability VCID-jhy2-cnvt-nyg1
8
vulnerability VCID-nh6q-ms28-13ee
9
vulnerability VCID-w4t6-jjc1-afac
10
vulnerability VCID-xrg5-ae14-c3e1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@3.0.0-beta.4
aliases CVE-2022-35204, GHSA-mv48-hcvh-8jj8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wf6g-h5dq-1qg3
11
url VCID-xrg5-ae14-c3e1
vulnerability_id VCID-xrg5-ae14-c3e1
summary Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. The contents of arbitrary files can be returned to the browser. Only apps explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected. Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 fix the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30208.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30208.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30208
reference_id
reference_type
scores
0
value 0.89847
scoring_system epss
scoring_elements 0.99594
published_at 2026-06-12T12:55:00Z
1
value 0.89847
scoring_system epss
scoring_elements 0.99595
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30208
2
reference_url https://github.com/vitejs/vite
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vitejs/vite
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30208
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30208
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2354598
reference_id 2354598
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2354598
5
reference_url https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4
reference_id 315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/
url https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4
6
reference_url https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c
reference_id 80381c38d6f068b12e6e928cd3c616bd1d64803c
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/
url https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c
7
reference_url https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41
reference_id 807d7f06d33ab49c48a2a3501da3eea1906c0d41
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/
url https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41
8
reference_url https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca
reference_id 92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/
url https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52111.py
reference_id CVE-2025-30208
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52111.py
10
reference_url https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1
reference_id f234b5744d8b74c95535a7b82cc88ed2144263c1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/
url https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1
11
reference_url https://github.com/advisories/GHSA-x574-m823-4x7w
reference_id GHSA-x574-m823-4x7w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x574-m823-4x7w
12
reference_url https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w
reference_id GHSA-x574-m823-4x7w
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/
url https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w
fixed_packages
0
url pkg:npm/vite@4.5.10
purl pkg:npm/vite@4.5.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-h2jq-e6kt-v3f9
4
vulnerability VCID-h3c2-mbd1-zua6
5
vulnerability VCID-nh6q-ms28-13ee
6
vulnerability VCID-w4t6-jjc1-afac
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.10
1
url pkg:npm/vite@5.4.15
purl pkg:npm/vite@5.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-h2jq-e6kt-v3f9
4
vulnerability VCID-h3c2-mbd1-zua6
5
vulnerability VCID-nh6q-ms28-13ee
6
vulnerability VCID-w4t6-jjc1-afac
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.15
2
url pkg:npm/vite@6.0.12
purl pkg:npm/vite@6.0.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-h2jq-e6kt-v3f9
4
vulnerability VCID-h3c2-mbd1-zua6
5
vulnerability VCID-nh6q-ms28-13ee
6
vulnerability VCID-w4t6-jjc1-afac
7
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.12
3
url pkg:npm/vite@6.1.2
purl pkg:npm/vite@6.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-h2jq-e6kt-v3f9
4
vulnerability VCID-h3c2-mbd1-zua6
5
vulnerability VCID-nh6q-ms28-13ee
6
vulnerability VCID-w4t6-jjc1-afac
7
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.2
4
url pkg:npm/vite@6.2.3
purl pkg:npm/vite@6.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6mrd-hwmy-4yay
1
vulnerability VCID-84n3-jwnn-6kc4
2
vulnerability VCID-bn49-7c61-27fp
3
vulnerability VCID-h2jq-e6kt-v3f9
4
vulnerability VCID-h3c2-mbd1-zua6
5
vulnerability VCID-nh6q-ms28-13ee
6
vulnerability VCID-w4t6-jjc1-afac
7
vulnerability VCID-xn8m-3ck8-fufm
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.3
aliases CVE-2025-30208, GHSA-x574-m823-4x7w
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xrg5-ae14-c3e1
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/vite@3.0.0-alpha.2