@builder.io/qwik (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @builder.io/qwik, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2026-27971 — CVSS 9.8 (critical): Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in…
CVE-2024-41677 — CVSS 6.3 (medium): Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not…