Home/Product/vitejs vite
Product

vitejs vite

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-41211
< 0.1.17
Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, downloadPackageManager() accepts an u
10.0CRITICAL
 CVE-2026-39365
>= 6.0.0 and <= 6.4.1
Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of
5.3MEDIUM
 CVE-2026-39364
>= 7.0.0 and <= 7.3.1
Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that shou
7.5HIGH
 CVE-2026-39363
>= 6.0.0 and <= 6.4.1
Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, if it is possible to connect to
7.5HIGH
 CVE-2025-58752
< 5.4.20
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the mach
5.3MEDIUM
 CVE-2025-58751
< 5.4.20
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the sa
5.3MEDIUM
 CVE-2025-46565
< 4.5.14
Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of fi
5.3MEDIUM
 CVE-2025-31125
< 4.5.11
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import
5.3MEDIUM
 CVE-2025-30208
< 4.5.10
Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.1
5.3MEDIUM
 CVE-2025-24010
< 4.5.5
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and
6.5MEDIUM
 CVE-2024-23331
>= 2.7.0 and < 2.9.17
Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensiti
7.5HIGH
 CVE-2023-49293
>= 4.4.0 and <= 4.4.11
Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the ori
6.1MEDIUM
 CVE-2023-34092
>= 3.0.2 and < 3.2.7
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.d
7.5HIGH
 CVE-2022-35204
< 2.9.13
Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's se
4.3MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin