Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/svelte@5.43.11

Type npm

Namespace

Name svelte

Version 5.43.11

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.53.5

Latest_non_vulnerable_version 5.55.7

Affected_by_vulnerabilities

url VCID-2x29-rs51-hfha

vulnerability_id VCID-2x29-rs51-hfha

summary

Svelte affected by cross-site scripting via spread attributes in Svelte SSR
Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27121.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27121

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01418
published_at	2026-06-09T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0142
published_at	2026-06-08T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01425
published_at	2026-06-06T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01427
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27121

reference_url

https://github.com/sveltejs/svelte

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/svelte

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2441532
reference_id	2441532
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2441532

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-27121

reference_id

CVE-2026-27121

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-27121

reference_url

https://github.com/advisories/GHSA-f7gr-6p89-r883

reference_id

GHSA-f7gr-6p89-r883

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f7gr-6p89-r883

reference_url

https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883

reference_id

GHSA-f7gr-6p89-r883

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:31:36Z/

url

https://github.com/sveltejs/svelte/security/advisories/GHSA-f7gr-6p89-r883

fixed_packages

url pkg:npm/svelte@5.51.5

purl pkg:npm/svelte@5.51.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-967r-bg6y-2bd6

vulnerability	VCID-f7b2-jqpu-27bs

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5

aliases CVE-2026-27121, GHSA-f7gr-6p89-r883

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2x29-rs51-hfha

url VCID-7d5p-wukp-u7bu

vulnerability_id VCID-7d5p-wukp-u7bu

summary

Svelte affected by XSS in SSR `<option>` element
In certain circumstances, the server-side rendering output of an `<option>` element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27119.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27119.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27119

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.0189
published_at	2026-06-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01913
published_at	2026-06-05T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01919
published_at	2026-06-06T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.0191
published_at	2026-06-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01897
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27119

reference_url

https://github.com/sveltejs/svelte

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/svelte

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2441526
reference_id	2441526
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2441526

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-27119

reference_id

CVE-2026-27119

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-27119

reference_url

https://github.com/advisories/GHSA-h7h7-mm68-gmrc

reference_id

GHSA-h7h7-mm68-gmrc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h7h7-mm68-gmrc

reference_url

https://github.com/sveltejs/svelte/security/advisories/GHSA-h7h7-mm68-gmrc

reference_id

GHSA-h7h7-mm68-gmrc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:41:15Z/

url

https://github.com/sveltejs/svelte/security/advisories/GHSA-h7h7-mm68-gmrc

fixed_packages

url pkg:npm/svelte@5.51.5

purl pkg:npm/svelte@5.51.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-967r-bg6y-2bd6

vulnerability	VCID-f7b2-jqpu-27bs

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5

aliases CVE-2026-27119, GHSA-h7h7-mm68-gmrc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7d5p-wukp-u7bu

url VCID-967r-bg6y-2bd6

vulnerability_id VCID-967r-bg6y-2bd6

summary

Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
The contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable HTML injection and Cross-site Scripting (XSS) if rendering untrusted data as the binding's initial value on the server.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27901.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27901

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.1034
published_at	2026-06-09T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10421
published_at	2026-06-05T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10441
published_at	2026-06-06T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10399
published_at	2026-06-07T12:55:00Z

value	0.00034
scoring_system	epss
scoring_elements	0.10315
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27901

reference_url

https://github.com/sveltejs/svelte

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/svelte

reference_url

https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/

url

https://github.com/sveltejs/svelte/commit/0df5abcae223058ceb95491470372065fb87951d

reference_url

https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/svelte/releases/tag/svelte@5.53.5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442918
reference_id	2442918
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442918

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-27901

reference_id

CVE-2026-27901

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-27901

reference_url

https://github.com/advisories/GHSA-phwv-c562-gvmh

reference_id

GHSA-phwv-c562-gvmh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-phwv-c562-gvmh

reference_url

https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh

reference_id

GHSA-phwv-c562-gvmh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/

url

https://github.com/sveltejs/svelte/security/advisories/GHSA-phwv-c562-gvmh

reference_url

https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5

reference_id

svelte%405.53.5

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-26T14:30:46Z/

url

https://github.com/sveltejs/svelte/releases/tag/svelte%405.53.5

fixed_packages

url	pkg:npm/svelte@5.53.5
purl	pkg:npm/svelte@5.53.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.53.5

aliases CVE-2026-27901, GHSA-phwv-c562-gvmh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-967r-bg6y-2bd6

url VCID-bq9b-9t2h-sydd

vulnerability_id VCID-bq9b-9t2h-sydd

summary

Svelte SSR attribute spreading includes inherited properties from prototype chain
In server-side rendering, attribute spreading on elements (e.g. `<div {...attrs}>`) enumerates inherited properties from the object's prototype chain rather than only own properties. In environments where `Object.prototype` has already been polluted — a precondition outside of Svelte's control — this can cause unexpected attributes to appear in SSR output or cause SSR to throw errors. Client-side rendering is not affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27125.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27125

reference_id

reference_type

scores

value	0.0003
scoring_system	epss
scoring_elements	0.09048
published_at	2026-06-09T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09083
published_at	2026-06-05T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.091
published_at	2026-06-06T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09079
published_at	2026-06-07T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.0902
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27125

reference_url

https://github.com/sveltejs/svelte

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/svelte

reference_url

https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/

url

https://github.com/sveltejs/svelte/commit/73098bb26c6f06e7fd1b0746d817d2c5ee90755f

reference_url

https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/

url

https://github.com/sveltejs/svelte/releases/tag/svelte@5.51.5

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2441511
reference_id	2441511
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2441511

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-27125

reference_id

CVE-2026-27125

reference_type

scores

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-27125

reference_url

https://github.com/advisories/GHSA-crpf-4hrx-3jrp

reference_id

GHSA-crpf-4hrx-3jrp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-crpf-4hrx-3jrp

reference_url

https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp

reference_id

GHSA-crpf-4hrx-3jrp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T21:33:01Z/

url

https://github.com/sveltejs/svelte/security/advisories/GHSA-crpf-4hrx-3jrp

fixed_packages

url pkg:npm/svelte@5.51.5

purl pkg:npm/svelte@5.51.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-967r-bg6y-2bd6

vulnerability	VCID-f7b2-jqpu-27bs

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5

aliases CVE-2026-27125, GHSA-crpf-4hrx-3jrp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq9b-9t2h-sydd

url VCID-s9rd-dy7s-wka4

vulnerability_id VCID-s9rd-dy7s-wka4

summary

Svelte SSR does not validate dynamic element tag names in `<svelte:element>`
When using `<svelte:element this={tag}>` in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27122.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-27122

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01382
published_at	2026-06-09T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01385
published_at	2026-06-05T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01389
published_at	2026-06-06T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0139
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-27122

reference_url

https://github.com/sveltejs/svelte

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sveltejs/svelte

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2441520
reference_id	2441520
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2441520

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-27122

reference_id

CVE-2026-27122

reference_type

scores

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-27122

reference_url

https://github.com/advisories/GHSA-m56q-vw4c-c2cp

reference_id

GHSA-m56q-vw4c-c2cp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m56q-vw4c-c2cp

reference_url

https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp

reference_id

GHSA-m56q-vw4c-c2cp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:H/SI:H/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T19:22:44Z/

url

https://github.com/sveltejs/svelte/security/advisories/GHSA-m56q-vw4c-c2cp

fixed_packages

url pkg:npm/svelte@5.51.5

purl pkg:npm/svelte@5.51.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-967r-bg6y-2bd6

vulnerability	VCID-f7b2-jqpu-27bs

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.51.5

aliases CVE-2026-27122, GHSA-m56q-vw4c-c2cp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9rd-dy7s-wka4

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/svelte@5.43.11

Package Instance