Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40sveltejs/kit@2.5.4
Typenpm
Namespace@sveltejs
Namekit
Version2.5.4
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.57.1
Latest_non_vulnerable_version2.60.1
Affected_by_vulnerabilities
0
url VCID-5q8f-ekd9-57fe
vulnerability_id VCID-5q8f-ekd9-57fe
summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS)." The files `packages/kit/src/exports/vite/dev/index.js` and `packages/kit/src/exports/vite/utils.js` both contain user controllable data which under specific conditions may flow to dev mode pages. There is little to no expected impact. The Vite development is not exposed to the network by default and even if someone were able to trick a developer into executing an XSS against themselves, a development database should not have any sensitive data. None the less this issue has been addressed in version 2.8.3 and all users are advised to upgrade.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53261
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.4836
published_at 2026-06-12T12:55:00Z
1
value 0.00247
scoring_system epss
scoring_elements 0.48363
published_at 2026-06-14T12:55:00Z
2
value 0.00247
scoring_system epss
scoring_elements 0.48378
published_at 2026-06-13T12:55:00Z
3
value 0.00247
scoring_system epss
scoring_elements 0.48223
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53261
1
reference_url https://github.com/sveltejs/kit
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit
2
reference_url https://github.com/sveltejs/kit/pull/13039
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/pull/13039
3
reference_url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.8.3
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.8.3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53261
reference_id
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53261
5
reference_url https://github.com/sveltejs/kit/commit/d338d4635a7fd947ba5112df6ee632c4a0979438
reference_id d338d4635a7fd947ba5112df6ee632c4a0979438
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:01:35Z/
url https://github.com/sveltejs/kit/commit/d338d4635a7fd947ba5112df6ee632c4a0979438
6
reference_url https://github.com/advisories/GHSA-rjjv-87mx-6x3h
reference_id GHSA-rjjv-87mx-6x3h
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rjjv-87mx-6x3h
7
reference_url https://github.com/sveltejs/kit/security/advisories/GHSA-rjjv-87mx-6x3h
reference_id GHSA-rjjv-87mx-6x3h
reference_type
scores
0
value 0.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:01:35Z/
url https://github.com/sveltejs/kit/security/advisories/GHSA-rjjv-87mx-6x3h
fixed_packages
0
url pkg:npm/%40sveltejs/kit@2.8.3
purl pkg:npm/%40sveltejs/kit@2.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epuv-msbd-u7g9
1
vulnerability VCID-px8a-8ars-83f9
2
vulnerability VCID-zxhq-skg2-muaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.8.3
aliases CVE-2024-53261, GHSA-rjjv-87mx-6x3h
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5q8f-ekd9-57fe
1
url VCID-epuv-msbd-u7g9
vulnerability_id VCID-epuv-msbd-u7g9
summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40073
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25599
published_at 2026-06-11T12:55:00Z
1
value 0.0009
scoring_system epss
scoring_elements 0.25813
published_at 2026-06-13T12:55:00Z
2
value 0.0009
scoring_system epss
scoring_elements 0.25797
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40073
1
reference_url https://github.com/sveltejs/kit
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit
2
reference_url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40073
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40073
4
reference_url https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95
reference_id 3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/
url https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95
5
reference_url https://github.com/advisories/GHSA-2crg-3p73-43xp
reference_id GHSA-2crg-3p73-43xp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2crg-3p73-43xp
6
reference_url https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp
reference_id GHSA-2crg-3p73-43xp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/
url https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp
7
reference_url https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1
reference_id kit@2.57.1
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/
url https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1
fixed_packages
0
url pkg:npm/%40sveltejs/kit@2.57.1
purl pkg:npm/%40sveltejs/kit@2.57.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.57.1
aliases CVE-2026-40073, GHSA-2crg-3p73-43xp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epuv-msbd-u7g9
2
url VCID-px8a-8ars-83f9
vulnerability_id VCID-px8a-8ars-83f9
summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input. This vulnerability is fixed in 2.57.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40074
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18318
published_at 2026-06-14T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.18158
published_at 2026-06-11T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.18343
published_at 2026-06-13T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.1832
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40074
1
reference_url https://github.com/sveltejs/kit
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit
2
reference_url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40074
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40074
4
reference_url https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd
reference_id 10d7b44425c3d9da642eecce373d0c6ef83b4fcd
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/
url https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd
5
reference_url https://github.com/advisories/GHSA-3f6h-2hrp-w5wx
reference_id GHSA-3f6h-2hrp-w5wx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3f6h-2hrp-w5wx
6
reference_url https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx
reference_id GHSA-3f6h-2hrp-w5wx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/
url https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx
7
reference_url https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1
reference_id kit@2.57.1
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/
url https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1
fixed_packages
0
url pkg:npm/%40sveltejs/kit@2.57.1
purl pkg:npm/%40sveltejs/kit@2.57.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.57.1
aliases CVE-2026-40074, GHSA-3f6h-2hrp-w5wx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-px8a-8ars-83f9
3
url VCID-qv9g-usgy-5ycq
vulnerability_id VCID-qv9g-usgy-5ycq
summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contain the following placeholders: %sveltekit.status% — the HTTP status, and %sveltekit.error.message% — the error message. This leads to possible injection if an app explicitly creates an error with a message that contains user controlled content. Only applications where user provided input is used in the `Error` message will be vulnerable, so the vast majority of applications will not be vulnerable This issue has been addressed in version 2.8.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53262
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41139
published_at 2026-06-11T12:55:00Z
1
value 0.00193
scoring_system epss
scoring_elements 0.41315
published_at 2026-06-14T12:55:00Z
2
value 0.00193
scoring_system epss
scoring_elements 0.41325
published_at 2026-06-13T12:55:00Z
3
value 0.00193
scoring_system epss
scoring_elements 0.41306
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53262
1
reference_url https://github.com/sveltejs/kit
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit
2
reference_url https://github.com/sveltejs/kit/pull/13050
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/pull/13050
3
reference_url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.8.3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.8.3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53262
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53262
5
reference_url https://github.com/sveltejs/kit/commit/134e36343ef57ed7e6e2b3bb9e7f05ad37865794
reference_id 134e36343ef57ed7e6e2b3bb9e7f05ad37865794
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:23:50Z/
url https://github.com/sveltejs/kit/commit/134e36343ef57ed7e6e2b3bb9e7f05ad37865794
6
reference_url https://kit.svelte.dev/docs/errors
reference_id errors
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:23:50Z/
url https://kit.svelte.dev/docs/errors
7
reference_url https://github.com/advisories/GHSA-mh2x-fcqh-fmqv
reference_id GHSA-mh2x-fcqh-fmqv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mh2x-fcqh-fmqv
8
reference_url https://github.com/sveltejs/kit/security/advisories/GHSA-mh2x-fcqh-fmqv
reference_id GHSA-mh2x-fcqh-fmqv
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value 1.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:23:50Z/
url https://github.com/sveltejs/kit/security/advisories/GHSA-mh2x-fcqh-fmqv
fixed_packages
0
url pkg:npm/%40sveltejs/kit@2.8.3
purl pkg:npm/%40sveltejs/kit@2.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epuv-msbd-u7g9
1
vulnerability VCID-px8a-8ars-83f9
2
vulnerability VCID-zxhq-skg2-muaq
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.8.3
aliases CVE-2024-53262, GHSA-mh2x-fcqh-fmqv
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qv9g-usgy-5ycq
4
url VCID-zxhq-skg2-muaq
vulnerability_id VCID-zxhq-skg2-muaq
summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. This vulnerability is fixed in 2.20.6.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-32388
reference_id
reference_type
scores
0
value 0.00274
scoring_system epss
scoring_elements 0.51133
published_at 2026-06-11T12:55:00Z
1
value 0.00274
scoring_system epss
scoring_elements 0.51265
published_at 2026-06-14T12:55:00Z
2
value 0.00274
scoring_system epss
scoring_elements 0.51264
published_at 2026-06-12T12:55:00Z
3
value 0.00274
scoring_system epss
scoring_elements 0.51277
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-32388
1
reference_url https://github.com/sveltejs/kit
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/sveltejs/kit
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-32388
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-32388
3
reference_url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6
reference_id %40sveltejs%2Fkit%402.20.6
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:33:24Z/
url https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6
4
reference_url https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf
reference_id d3300c6a67908590266c363dba7b0835d9a194cf
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:33:24Z/
url https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf
5
reference_url https://github.com/advisories/GHSA-6q87-84jw-cjhp
reference_id GHSA-6q87-84jw-cjhp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q87-84jw-cjhp
6
reference_url https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp
reference_id GHSA-6q87-84jw-cjhp
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:33:24Z/
url https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp
fixed_packages
0
url pkg:npm/%40sveltejs/kit@2.20.6
purl pkg:npm/%40sveltejs/kit@2.20.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-epuv-msbd-u7g9
1
vulnerability VCID-px8a-8ars-83f9
2
vulnerability VCID-xe5v-xxrc-auan
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.20.6
aliases CVE-2025-32388, GHSA-6q87-84jw-cjhp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxhq-skg2-muaq
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.5.4