@sveltejs/kit (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package @sveltejs/kit, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2025-67647 — CVSS 9.1 (critical): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable…
CVE-2023-29003 — CVSS 8.8 (high): SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by…
CVE-2023-29008 — CVSS 8.8 (high): The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing…
CVE-2026-40074 — CVSS 7.5 (high): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called…
CVE-2024-23641 — CVSS 7.5 (high): SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app…
CVE-2026-22803 — CVSS 7.5 (high): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental…
CVE-2026-40073 — CVSS 7.5 (high): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain…
CVE-2024-53261 — CVSS 5.4 (medium): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL*…
CVE-2025-32388 — CVSS 5.4 (medium): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search…
CVE-2024-53262 — CVSS 5.4 (medium): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors…