{"url":"http://public2.vulnerablecode.io/api/packages/785706?format=json","purl":"pkg:npm/%40sveltejs/kit@1.20.3","type":"npm","namespace":"@sveltejs","name":"kit","version":"1.20.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.57.1","latest_non_vulnerable_version":"2.60.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56262?format=json","vulnerability_id":"VCID-b8jm-v2ga-xyg8","summary":"@sveltejs/kit vulnerable to XSS on dev mode 404 page\n\"Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS).\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53261","reference_id":"","reference_type":"","scores":[{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48149","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48162","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48197","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48194","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00247","scoring_system":"epss","scoring_elements":"0.48179","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53261"},{"reference_url":"https://github.com/sveltejs/kit","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit"},{"reference_url":"https://github.com/sveltejs/kit/commit/d338d4635a7fd947ba5112df6ee632c4a0979438","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:01:35Z/"}],"url":"https://github.com/sveltejs/kit/commit/d338d4635a7fd947ba5112df6ee632c4a0979438"},{"reference_url":"https://github.com/sveltejs/kit/pull/13039","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit/pull/13039"},{"reference_url":"https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.8.3","reference_id":"","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.8.3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53261","reference_id":"CVE-2024-53261","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53261"},{"reference_url":"https://github.com/advisories/GHSA-rjjv-87mx-6x3h","reference_id":"GHSA-rjjv-87mx-6x3h","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjjv-87mx-6x3h"},{"reference_url":"https://github.com/sveltejs/kit/security/advisories/GHSA-rjjv-87mx-6x3h","reference_id":"GHSA-rjjv-87mx-6x3h","reference_type":"","scores":[{"value":"0.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:01:35Z/"}],"url":"https://github.com/sveltejs/kit/security/advisories/GHSA-rjjv-87mx-6x3h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83335?format=json","purl":"pkg:npm/%40sveltejs/kit@2.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hrcg-dsxm-qfah"},{"vulnerability":"VCID-sj2j-q9rk-17ak"},{"vulnerability":"VCID-tzuj-vehx-k3c6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.8.3"}],"aliases":["CVE-2024-53261","GHSA-rjjv-87mx-6x3h"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8jm-v2ga-xyg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56253?format=json","vulnerability_id":"VCID-e7kv-s2v6-53en","summary":"@sveltejs/kit has unescaped error message included on error page\nThe static error.html template for errors contains placeholders that are replaced without escaping the content first.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53262","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41131","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41082","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41072","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41104","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41135","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53262"},{"reference_url":"https://github.com/sveltejs/kit","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit"},{"reference_url":"https://github.com/sveltejs/kit/commit/134e36343ef57ed7e6e2b3bb9e7f05ad37865794","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:23:50Z/"}],"url":"https://github.com/sveltejs/kit/commit/134e36343ef57ed7e6e2b3bb9e7f05ad37865794"},{"reference_url":"https://github.com/sveltejs/kit/pull/13050","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit/pull/13050"},{"reference_url":"https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.8.3","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.8.3"},{"reference_url":"https://kit.svelte.dev/docs/errors","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:23:50Z/"}],"url":"https://kit.svelte.dev/docs/errors"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53262","reference_id":"CVE-2024-53262","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53262"},{"reference_url":"https://github.com/advisories/GHSA-mh2x-fcqh-fmqv","reference_id":"GHSA-mh2x-fcqh-fmqv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mh2x-fcqh-fmqv"},{"reference_url":"https://github.com/sveltejs/kit/security/advisories/GHSA-mh2x-fcqh-fmqv","reference_id":"GHSA-mh2x-fcqh-fmqv","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T20:23:50Z/"}],"url":"https://github.com/sveltejs/kit/security/advisories/GHSA-mh2x-fcqh-fmqv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83335?format=json","purl":"pkg:npm/%40sveltejs/kit@2.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hrcg-dsxm-qfah"},{"vulnerability":"VCID-sj2j-q9rk-17ak"},{"vulnerability":"VCID-tzuj-vehx-k3c6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.8.3"}],"aliases":["CVE-2024-53262","GHSA-mh2x-fcqh-fmqv"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e7kv-s2v6-53en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89971?format=json","vulnerability_id":"VCID-hrcg-dsxm-qfah","summary":"@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service\n`redirect`, when called from inside the `handle` server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled `TypeError`. This could result in DoS on some platforms, especially if the location passed to `redirect` contains unsanitized user input.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40074","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18164","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18073","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18055","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18129","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18166","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40074"},{"reference_url":"https://github.com/sveltejs/kit","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit"},{"reference_url":"https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/"}],"url":"https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd"},{"reference_url":"https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1"},{"reference_url":"https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/"}],"url":"https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1"},{"reference_url":"https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/"}],"url":"https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40074","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40074"},{"reference_url":"https://github.com/advisories/GHSA-3f6h-2hrp-w5wx","reference_id":"GHSA-3f6h-2hrp-w5wx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3f6h-2hrp-w5wx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109925?format=json","purl":"pkg:npm/%40sveltejs/kit@2.57.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.57.1"}],"aliases":["CVE-2026-40074","GHSA-3f6h-2hrp-w5wx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hrcg-dsxm-qfah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89027?format=json","vulnerability_id":"VCID-sj2j-q9rk-17ak","summary":"@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass\nUnder certain circumstances, requests could bypass the `BODY_SIZE_LIMIT` on SvelteKit applications running with `adapter-node`. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40073","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25616","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25567","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25557","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25664","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25673","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40073"},{"reference_url":"https://github.com/sveltejs/kit","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit"},{"reference_url":"https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/"}],"url":"https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95"},{"reference_url":"https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1"},{"reference_url":"https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/"}],"url":"https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1"},{"reference_url":"https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/"}],"url":"https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40073","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40073"},{"reference_url":"https://github.com/advisories/GHSA-2crg-3p73-43xp","reference_id":"GHSA-2crg-3p73-43xp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2crg-3p73-43xp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109925?format=json","purl":"pkg:npm/%40sveltejs/kit@2.57.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.57.1"}],"aliases":["CVE-2026-40073","GHSA-2crg-3p73-43xp"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sj2j-q9rk-17ak"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@1.20.3"}