Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package vite, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (23)
CVE-2024-52011 — CVSS 8.3 (high): launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient…
CVE-2024-23331 — CVSS 7.5 (high): Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file…
CVE-2026-39363 — CVSS 7.5 (high): Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, if it is possible to connect to the Vite…
CVE-2026-39364 — CVSS 7.5 (high): Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be…
CVE-2023-34092 — CVSS 7.5 (high): Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can…
CVE-2026-53571 — CVSS 7.5 (high): Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by…
CVE-2025-24010 — CVSS 6.5 (medium): Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the…
CVE-2024-45812 — CVSS 6.4 (medium): Vite a frontend build tooling framework for javascript. Affected versions of vite were discovered to contain a DOM Clobbering vulnerability…
CVE-2023-49293 — CVSS 6.1 (medium): Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via `server.transformIndexHtml`, the original…
CVE-2025-32395: Vite is a frontend tooling framework for javascript. Prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13, the contents of arbitrary files can…
CVE-2025-62522: Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0…
CVE-2024-31207 — CVSS 5.9 (medium): Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development…
CVE-2026-53632: launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses…
CVE-2025-24360 — CVSS 5.3 (medium): Nuxt is an open-source web development framework for Vue.js. Starting in version 3.8.1 and prior to version 3.15.3, Nuxt allows any…
CVE-2025-30208 — CVSS 5.3 (medium): Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs`…
CVE-2025-31486 — CVSS 5.3 (medium): Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with…
CVE-2025-46565 — CVSS 5.3 (medium): Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in…
CVE-2025-58751 — CVSS 5.3 (medium): Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name…
CVE-2025-58752 — CVSS 5.3 (medium): Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were…
CVE-2026-39365 — CVSS 5.3 (medium): Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map…
CVE-2024-45811 — CVSS 4.8 (medium): Vite a frontend build tooling framework for javascript. In affected versions the contents of arbitrary files can be returned to the…
CVE-2022-35204 — CVSS 4.3 (medium): Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.