Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/vite@4.0.0-beta.0

Type npm

Namespace

Name vite

Version 4.0.0-beta.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 6.4.2

Latest_non_vulnerable_version 8.0.5

Affected_by_vulnerabilities

url VCID-b2m1-kmdu-ykgt

vulnerability_id VCID-b2m1-kmdu-ykgt

summary

Vite's `server.fs` settings were not applied to HTML files
Any HTML files on the machine were served regardless of the `server.fs` settings.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58752.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58752.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-58752

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07975
published_at	2026-06-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08028
published_at	2026-06-05T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08042
published_at	2026-06-06T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.08025
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-58752

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/blob/v7.1.5/packages/vite/CHANGELOG.md

reference_url

https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f

reference_url

https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/commit/14015d794f69accba68798bd0e15135bc51c9c1e

reference_url

https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/commit/482000f57f56fe6ff2e905305100cfe03043ddea

reference_url

https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/commit/6f01ff4fe072bcfcd4e2a84811772b818cd51fe6

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2393983
reference_id	2393983
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2393983

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-58752

reference_id

CVE-2025-58752

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-58752

reference_url	https://github.com/advisories/GHSA-jqfw-vq24-v9c3
reference_id	GHSA-jqfw-vq24-v9c3
reference_type
scores
url	https://github.com/advisories/GHSA-jqfw-vq24-v9c3

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3

reference_id

GHSA-jqfw-vq24-v9c3

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:13:50Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-jqfw-vq24-v9c3

fixed_packages

url pkg:npm/vite@5.4.20

purl pkg:npm/vite@5.4.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kb9w-txmc-pbhq

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.20

url pkg:npm/vite@6.3.6

purl pkg:npm/vite@6.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.6

url pkg:npm/vite@7.0.7

purl pkg:npm/vite@7.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kb9w-txmc-pbhq

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.7

url pkg:npm/vite@7.1.5

purl pkg:npm/vite@7.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-ths5-cgck-gkhy

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.1.5

aliases CVE-2025-58752, GHSA-jqfw-vq24-v9c3

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2m1-kmdu-ykgt

url VCID-cwjw-gp95-5uad

vulnerability_id VCID-cwjw-gp95-5uad

summary

Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
The contents of arbitrary files can be returned to the browser.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31125.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31125.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-31125

reference_id

reference_type

scores

value	0.83244
scoring_system	epss
scoring_elements	0.99284
published_at	2026-06-05T12:55:00Z

value	0.83244
scoring_system	epss
scoring_elements	0.99285
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-31125

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-01-23T16:58:33Z/

url

https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949

reference_url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31125

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2356283
reference_id	2356283
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2356283

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-31125

reference_id

CVE-2025-31125

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31125

reference_url	https://github.com/advisories/GHSA-4r4m-qw57-chr8
reference_id	GHSA-4r4m-qw57-chr8
reference_type
scores
url	https://github.com/advisories/GHSA-4r4m-qw57-chr8

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8

reference_id

GHSA-4r4m-qw57-chr8

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Attend
scoring_system	ssvc
scoring_elements	SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-01-23T16:58:33Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8

fixed_packages

url pkg:npm/vite@4.5.11

purl pkg:npm/vite@4.5.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.11

url pkg:npm/vite@5.0.0-beta.0

purl pkg:npm/vite@5.0.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.0.0-beta.0

url pkg:npm/vite@5.4.16

purl pkg:npm/vite@5.4.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.16

url pkg:npm/vite@6.0.0-alpha.0

purl pkg:npm/vite@6.0.0-alpha.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.0-alpha.0

url pkg:npm/vite@6.0.13

purl pkg:npm/vite@6.0.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.13

url pkg:npm/vite@6.1.0-beta.0

purl pkg:npm/vite@6.1.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.0-beta.0

url pkg:npm/vite@6.1.3

purl pkg:npm/vite@6.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.3

url pkg:npm/vite@6.2.0-beta.0

purl pkg:npm/vite@6.2.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.0-beta.0

url pkg:npm/vite@6.2.4

purl pkg:npm/vite@6.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.4

url pkg:npm/vite@6.3.0-beta.0

purl pkg:npm/vite@6.3.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.0-beta.0

aliases CVE-2025-31125, GHSA-4r4m-qw57-chr8

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwjw-gp95-5uad

url VCID-gdv1-n78f-tud7

vulnerability_id VCID-gdv1-n78f-tud7

summary

Websites were able to send any requests to the development server and read the response in vite
Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections.

> [!WARNING]
> This vulnerability even applies to users that only run the Vite dev server on the local machine and does not expose the dev server to the network.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24010.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24010.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24010

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25883
published_at	2026-06-05T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25773
published_at	2026-06-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25831
published_at	2026-06-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25875
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24010

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2339011
reference_id	2339011
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2339011

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-24010

reference_id

CVE-2025-24010

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-24010

reference_url	https://github.com/advisories/GHSA-vg6x-rcgg-rjx6
reference_id	GHSA-vg6x-rcgg-rjx6
reference_type
scores
url	https://github.com/advisories/GHSA-vg6x-rcgg-rjx6

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6

reference_id

GHSA-vg6x-rcgg-rjx6

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T14:52:46Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6

fixed_packages

url pkg:npm/vite@4.5.6

purl pkg:npm/vite@4.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-cwjw-gp95-5uad

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-jxyb-k93s-g3e8

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.6

url pkg:npm/vite@5.4.12

purl pkg:npm/vite@5.4.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-cwjw-gp95-5uad

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-jxyb-k93s-g3e8

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.12

url pkg:npm/vite@6.0.9

purl pkg:npm/vite@6.0.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-cwjw-gp95-5uad

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-jxyb-k93s-g3e8

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.9

aliases CVE-2025-24010, GHSA-vg6x-rcgg-rjx6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdv1-n78f-tud7

url VCID-gefx-xng3-k3f4

vulnerability_id VCID-gefx-xng3-k3f4

summary

Vite middleware may serve files starting with the same name with the public directory
Files starting with the same name with the public directory were served bypassing the `server.fs` settings.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58751.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58751.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-58751

reference_id

reference_type

scores

value	0.01434
scoring_system	epss
scoring_elements	0.81049
published_at	2026-06-08T12:55:00Z

value	0.01434
scoring_system	epss
scoring_elements	0.81054
published_at	2026-06-05T12:55:00Z

value	0.01434
scoring_system	epss
scoring_elements	0.81058
published_at	2026-06-06T12:55:00Z

value	0.01434
scoring_system	epss
scoring_elements	0.81053
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-58751

reference_url

https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/lukeed/sirv/commit/f0113f3f8266328d804ee808f763a3c11f8997eb

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/commit/09f2b52e8d5907f26602653caf41b3a56692600d

reference_url

https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/commit/4f1c35bcbb5830290c694aa14b6789e07450f069

reference_url

https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/commit/63e2a5d232218f3f8d852056751e609a5367aaec

reference_url

https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0

reference_id

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2393970
reference_id	2393970
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2393970

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-58751

reference_id

CVE-2025-58751

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-58751

reference_url	https://github.com/advisories/GHSA-g4jq-h2w9-997c
reference_id	GHSA-g4jq-h2w9-997c
reference_type
scores
url	https://github.com/advisories/GHSA-g4jq-h2w9-997c

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c

reference_id

GHSA-g4jq-h2w9-997c

reference_type

scores

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T13:14:11Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-g4jq-h2w9-997c

fixed_packages

url pkg:npm/vite@5.4.20

purl pkg:npm/vite@5.4.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kb9w-txmc-pbhq

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.20

url pkg:npm/vite@6.3.6

purl pkg:npm/vite@6.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.6

url pkg:npm/vite@7.0.7

purl pkg:npm/vite@7.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kb9w-txmc-pbhq

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.7

url pkg:npm/vite@7.1.5

purl pkg:npm/vite@7.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-ths5-cgck-gkhy

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.1.5

aliases CVE-2025-58751, GHSA-g4jq-h2w9-997c

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gefx-xng3-k3f4

url VCID-jxyb-k93s-g3e8

vulnerability_id VCID-jxyb-k93s-g3e8

summary

Vite bypasses server.fs.deny when using ?raw??
The contents of arbitrary files can be returned to the browser.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30208.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30208.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-30208

reference_id

reference_type

scores

value	0.89847
scoring_system	epss
scoring_elements	0.99592
published_at	2026-06-08T12:55:00Z

value	0.89847
scoring_system	epss
scoring_elements	0.99593
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-30208

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/315695e9d97cc6cfa7e6d9e0229fb50cdae3d9f4

reference_url

https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/80381c38d6f068b12e6e928cd3c616bd1d64803c

reference_url

https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/807d7f06d33ab49c48a2a3501da3eea1906c0d41

reference_url

https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/92ca12dc79118bf66f2b32ff81ed09e0d0bd07ca

reference_url

https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/commit/f234b5744d8b74c95535a7b82cc88ed2144263c1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2354598
reference_id	2354598
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2354598

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52111.py
reference_id	CVE-2025-30208
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/52111.py

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-30208

reference_id

CVE-2025-30208

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-30208

reference_url	https://github.com/advisories/GHSA-x574-m823-4x7w
reference_id	GHSA-x574-m823-4x7w
reference_type
scores
url	https://github.com/advisories/GHSA-x574-m823-4x7w

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w

reference_id

GHSA-x574-m823-4x7w

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:40:42Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w

fixed_packages

url pkg:npm/vite@4.5.10

purl pkg:npm/vite@4.5.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-cwjw-gp95-5uad

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.10

url pkg:npm/vite@5.4.15

purl pkg:npm/vite@5.4.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-cwjw-gp95-5uad

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.15

url pkg:npm/vite@6.0.12

purl pkg:npm/vite@6.0.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-cwjw-gp95-5uad

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.12

url pkg:npm/vite@6.1.2

purl pkg:npm/vite@6.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-cwjw-gp95-5uad

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.2

url pkg:npm/vite@6.2.3

purl pkg:npm/vite@6.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-cwjw-gp95-5uad

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-q59b-2z2s-mfbt

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.3

aliases CVE-2025-30208, GHSA-x574-m823-4x7w

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxyb-k93s-g3e8

url VCID-na8b-yqpp-p7fj

vulnerability_id VCID-na8b-yqpp-p7fj

summary

Duplicate
This advisory duplicates another.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46565.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46565.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-46565

reference_id

reference_type

scores

value	0.01436
scoring_system	epss
scoring_elements	0.8107
published_at	2026-06-07T12:55:00Z

value	0.01436
scoring_system	epss
scoring_elements	0.81074
published_at	2026-06-06T12:55:00Z

value	0.0325
scoring_system	epss
scoring_elements	0.87376
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-46565

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb

reference_id

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T17:38:51Z/

url

https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2363544
reference_id	2363544
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2363544

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-46565

reference_id

CVE-2025-46565

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-46565

reference_url	https://github.com/advisories/GHSA-859w-5945-r5v3
reference_id	GHSA-859w-5945-r5v3
reference_type
scores
url	https://github.com/advisories/GHSA-859w-5945-r5v3

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3

reference_id

GHSA-859w-5945-r5v3

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T17:38:51Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3

fixed_packages

url pkg:npm/vite@4.5.14

purl pkg:npm/vite@4.5.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.14

url pkg:npm/vite@5.0.0-beta.0

purl pkg:npm/vite@5.0.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.0.0-beta.0

url pkg:npm/vite@5.4.19

purl pkg:npm/vite@5.4.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.19

url pkg:npm/vite@6.0.0-alpha.0

purl pkg:npm/vite@6.0.0-alpha.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.0-alpha.0

url pkg:npm/vite@6.1.6

purl pkg:npm/vite@6.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.6

url pkg:npm/vite@6.2.0-beta.0

purl pkg:npm/vite@6.2.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.0-beta.0

url pkg:npm/vite@6.2.7

purl pkg:npm/vite@6.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.7

url pkg:npm/vite@6.3.0-beta.0

purl pkg:npm/vite@6.3.0-beta.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.0-beta.0

url pkg:npm/vite@6.3.4

purl pkg:npm/vite@6.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.3.4

aliases CVE-2025-46565, GHSA-859w-5945-r5v3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-na8b-yqpp-p7fj

url VCID-q59b-2z2s-mfbt

vulnerability_id VCID-q59b-2z2s-mfbt

summary

Vite allows server.fs.deny to be bypassed with .svg or relative paths
The contents of arbitrary files can be returned to the browser.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31486.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31486.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-31486

reference_id

reference_type

scores

value	0.04736
scoring_system	epss
scoring_elements	0.89613
published_at	2026-06-08T12:55:00Z

value	0.04736
scoring_system	epss
scoring_elements	0.89611
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-31486

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T20:39:24Z/

url

https://github.com/vitejs/vite/blob/037f801075ec35bb6e52145d659f71a23813c48f/packages/vite/src/node/plugins/asset.ts#L285-L290

reference_url

https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T20:39:24Z/

url

https://github.com/vitejs/vite/commit/62d7e81ee189d65899bb65f3263ddbd85247b647

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2357264
reference_id	2357264
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2357264

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-31486

reference_id

CVE-2025-31486

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-31486

reference_url	https://github.com/advisories/GHSA-xcj6-pq6g-qj4x
reference_id	GHSA-xcj6-pq6g-qj4x
reference_type
scores
url	https://github.com/advisories/GHSA-xcj6-pq6g-qj4x

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x

reference_id

GHSA-xcj6-pq6g-qj4x

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-03T20:39:24Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-xcj6-pq6g-qj4x

fixed_packages

url pkg:npm/vite@4.5.12

purl pkg:npm/vite@4.5.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.12

url pkg:npm/vite@5.4.17

purl pkg:npm/vite@5.4.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.17

url pkg:npm/vite@6.0.14

purl pkg:npm/vite@6.0.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.14

url pkg:npm/vite@6.1.4

purl pkg:npm/vite@6.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.4

url pkg:npm/vite@6.2.5

purl pkg:npm/vite@6.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-t716-h35b-9kf2

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.5

aliases CVE-2025-31486, GHSA-xcj6-pq6g-qj4x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q59b-2z2s-mfbt

url VCID-t716-h35b-9kf2

vulnerability_id VCID-t716-h35b-9kf2

summary

Vite has an `server.fs.deny` bypass with an invalid `request-target`
The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32395.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-32395.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-32395

reference_id

reference_type

scores

value	0.03166
scoring_system	epss
scoring_elements	0.87192
published_at	2026-06-05T12:55:00Z

value	0.03166
scoring_system	epss
scoring_elements	0.87183
published_at	2026-06-08T12:55:00Z

value	0.03166
scoring_system	epss
scoring_elements	0.87187
published_at	2026-06-07T12:55:00Z

value	0.03166
scoring_system	epss
scoring_elements	0.8719
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-32395

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70

reference_id

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T14:14:30Z/

url

https://github.com/vitejs/vite/commit/175a83909f02d3b554452a7bd02b9f340cdfef70

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2358861
reference_id	2358861
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2358861

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-32395

reference_id

CVE-2025-32395

reference_type

scores

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-32395

reference_url	https://github.com/advisories/GHSA-356w-63v5-8wf4
reference_id	GHSA-356w-63v5-8wf4
reference_type
scores
url	https://github.com/advisories/GHSA-356w-63v5-8wf4

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4

reference_id

GHSA-356w-63v5-8wf4

reference_type

scores

value	6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	6.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-10T14:14:30Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-356w-63v5-8wf4

fixed_packages

url pkg:npm/vite@4.5.13

purl pkg:npm/vite@4.5.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.5.13

url pkg:npm/vite@5.4.18

purl pkg:npm/vite@5.4.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@5.4.18

url pkg:npm/vite@6.0.15

purl pkg:npm/vite@6.0.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.0.15

url pkg:npm/vite@6.1.5

purl pkg:npm/vite@6.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.1.5

url pkg:npm/vite@6.2.6

purl pkg:npm/vite@6.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b2m1-kmdu-ykgt

vulnerability	VCID-gefx-xng3-k3f4

vulnerability	VCID-na8b-yqpp-p7fj

vulnerability	VCID-p1jn-hqj6-j7ca

vulnerability	VCID-zn73-3dmx-vye4

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.2.6

aliases CVE-2025-32395, GHSA-356w-63v5-8wf4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t716-h35b-9kf2

url VCID-zn73-3dmx-vye4

vulnerability_id VCID-zn73-3dmx-vye4

summary vite: Vite: Information disclosure via path traversal in dev server's .map request handling

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-39365

reference_id

reference_type

scores

value	0.01457
scoring_system	epss
scoring_elements	0.81195
published_at	2026-06-08T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.81199
published_at	2026-06-07T12:55:00Z

value	0.01457
scoring_system	epss
scoring_elements	0.81202
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-39365

reference_url

https://github.com/vitejs/vite

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite

reference_url

https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/commit/79f002f2286c03c88c7b74c511c7f9fc6dc46694

reference_url

https://github.com/vitejs/vite/pull/22161

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/pull/22161

reference_url

https://github.com/vitejs/vite/releases/tag/v6.4.2

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/releases/tag/v6.4.2

reference_url

https://github.com/vitejs/vite/releases/tag/v7.3.2

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/releases/tag/v7.3.2

reference_url

https://github.com/vitejs/vite/releases/tag/v8.0.5

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/vitejs/vite/releases/tag/v8.0.5

reference_url

https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-09T18:10:42Z/

url

https://github.com/vitejs/vite/security/advisories/GHSA-4w7w-66w2-5vf9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-39365

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-39365

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2456190
reference_id	2456190
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2456190

reference_url

https://github.com/advisories/GHSA-4w7w-66w2-5vf9

reference_id

GHSA-4w7w-66w2-5vf9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4w7w-66w2-5vf9

fixed_packages

url	pkg:npm/vite@6.4.2
purl	pkg:npm/vite@6.4.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@6.4.2

url	pkg:npm/vite@7.0.0-beta.0
purl	pkg:npm/vite@7.0.0-beta.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.0.0-beta.0

url	pkg:npm/vite@7.3.2
purl	pkg:npm/vite@7.3.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@7.3.2

url	pkg:npm/vite@8.0.0-beta.0
purl	pkg:npm/vite@8.0.0-beta.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.0-beta.0

url	pkg:npm/vite@8.0.5
purl	pkg:npm/vite@8.0.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/vite@8.0.5

aliases CVE-2026-39365, GHSA-4w7w-66w2-5vf9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zn73-3dmx-vye4

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vite@4.0.0-beta.0

Package Instance