Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/%40sveltejs/kit@2.11.0

Type npm

Namespace @sveltejs

Name kit

Version 2.11.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.57.1

Latest_non_vulnerable_version 2.60.1

Affected_by_vulnerabilities

url VCID-epuv-msbd-u7g9

vulnerability_id VCID-epuv-msbd-u7g9

summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected. This vulnerability is fixed in 2.57.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40073

reference_id

reference_type

scores

value	0.0009
scoring_system	epss
scoring_elements	0.25599
published_at	2026-06-11T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25813
published_at	2026-06-13T12:55:00Z

value	0.0009
scoring_system	epss
scoring_elements	0.25797
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40073

reference_url

https://github.com/sveltejs/kit

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/kit

reference_url

https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40073

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40073

reference_url

https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95

reference_id

3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/

url

https://github.com/sveltejs/kit/commit/3202ed6c98f9e8d86bf0c4c7ad0f2e273e5e3b95

reference_url

https://github.com/advisories/GHSA-2crg-3p73-43xp

reference_id

GHSA-2crg-3p73-43xp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2crg-3p73-43xp

reference_url

https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp

reference_id

GHSA-2crg-3p73-43xp

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/

url

https://github.com/sveltejs/kit/security/advisories/GHSA-2crg-3p73-43xp

reference_url

https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1

reference_id

kit@2.57.1

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-13T15:04:15Z/

url

https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1

fixed_packages

url	pkg:npm/%40sveltejs/kit@2.57.1
purl	pkg:npm/%40sveltejs/kit@2.57.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.57.1

aliases CVE-2026-40073, GHSA-2crg-3p73-43xp

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epuv-msbd-u7g9

url VCID-px8a-8ars-83f9

vulnerability_id VCID-px8a-8ars-83f9

summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input. This vulnerability is fixed in 2.57.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40074

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.18318
published_at	2026-06-14T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18158
published_at	2026-06-11T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18343
published_at	2026-06-13T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.1832
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40074

reference_url

https://github.com/sveltejs/kit

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/kit

reference_url

https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.57.1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-40074

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40074

reference_url

https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd

reference_id

10d7b44425c3d9da642eecce373d0c6ef83b4fcd

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/

url

https://github.com/sveltejs/kit/commit/10d7b44425c3d9da642eecce373d0c6ef83b4fcd

reference_url

https://github.com/advisories/GHSA-3f6h-2hrp-w5wx

reference_id

GHSA-3f6h-2hrp-w5wx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3f6h-2hrp-w5wx

reference_url

https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx

reference_id

GHSA-3f6h-2hrp-w5wx

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/

url

https://github.com/sveltejs/kit/security/advisories/GHSA-3f6h-2hrp-w5wx

reference_url

https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1

reference_id

kit@2.57.1

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T14:17:18Z/

url

https://github.com/sveltejs/kit/releases/tag/@sveltejs/kit@2.57.1

fixed_packages

url	pkg:npm/%40sveltejs/kit@2.57.1
purl	pkg:npm/%40sveltejs/kit@2.57.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.57.1

aliases CVE-2026-40074, GHSA-3f6h-2hrp-w5wx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-px8a-8ars-83f9

url VCID-zxhq-skg2-muaq

vulnerability_id VCID-zxhq-skg2-muaq

summary SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vulnerability. You are affected if you iterate over all entries of event.url.searchParams inside a server load function. Attackers can exploit it by crafting a malicious URL and getting a user to click a link with said URL. This vulnerability is fixed in 2.20.6.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32388

reference_id

reference_type

scores

value	0.00274
scoring_system	epss
scoring_elements	0.51133
published_at	2026-06-11T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.51265
published_at	2026-06-14T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.51264
published_at	2026-06-12T12:55:00Z

value	0.00274
scoring_system	epss
scoring_elements	0.51277
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32388

reference_url

https://github.com/sveltejs/kit

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/kit

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-32388

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-32388

reference_url

https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6

reference_id

%40sveltejs%2Fkit%402.20.6

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:33:24Z/

url

https://github.com/sveltejs/kit/releases/tag/%40sveltejs%2Fkit%402.20.6

reference_url

https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf

reference_id

d3300c6a67908590266c363dba7b0835d9a194cf

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:33:24Z/

url

https://github.com/sveltejs/kit/commit/d3300c6a67908590266c363dba7b0835d9a194cf

reference_url

https://github.com/advisories/GHSA-6q87-84jw-cjhp

reference_id

GHSA-6q87-84jw-cjhp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6q87-84jw-cjhp

reference_url

https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp

reference_id

GHSA-6q87-84jw-cjhp

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T13:33:24Z/

url

https://github.com/sveltejs/kit/security/advisories/GHSA-6q87-84jw-cjhp

fixed_packages

url pkg:npm/%40sveltejs/kit@2.20.6

purl pkg:npm/%40sveltejs/kit@2.20.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-epuv-msbd-u7g9

vulnerability	VCID-px8a-8ars-83f9

vulnerability	VCID-xe5v-xxrc-auan

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.20.6

aliases CVE-2025-32388, GHSA-6q87-84jw-cjhp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxhq-skg2-muaq

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540sveltejs/kit@2.11.0

Package Instance