Every CVE whose affected-product data names Vitejs Vite, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2026-39363 — CVSS 7.5 (high): Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, if it is possible to connect to the Vite…
CVE-2024-23331 — CVSS 7.5 (high): Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file…
CVE-2026-39364 — CVSS 7.5 (high): Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be…
CVE-2023-34092 — CVSS 7.5 (high): Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can…
CVE-2026-53571 — CVSS 7.5 (high): Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by…
CVE-2025-24010 — CVSS 6.5 (medium): Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the…
CVE-2023-49293 — CVSS 6.1 (medium): Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via `server.transformIndexHtml`, the original…
CVE-2025-46565 — CVSS 5.3 (medium): Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in…
CVE-2025-30208 — CVSS 5.3 (medium): Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. `@fs`…
CVE-2025-58751 — CVSS 5.3 (medium): Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name…
CVE-2025-58752 — CVSS 5.3 (medium): Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were…
CVE-2026-39365 — CVSS 5.3 (medium): Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map…
CVE-2022-35204 — CVSS 4.3 (medium): Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.