12 matches found
EUVD-2025-29441
Malicious code in bioql PyPI...
CVE-2025-59427
The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...
CVE-2025-59427
The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...
CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server
The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...
CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server
The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...
CVE-2025-59427
The Cloudflare Vite plugin is vulnerable when used in its default configuration, exposing all files on the local dev server (including root files like .env and .dev.vars) via the Workers runtime integration. Affected: Cloudflare Vite plugin within the Cloudflare Workers SDK. Root cause: default d...
GHSA-4PFG-2MW5-F8JX Cloudflare Vite plugin exposes secrets over the built-in dev server
Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...
@astrojs/cloudflare (>=13.0.0 <=14.0.0-alpha.0), @decocms/vite-plugin (>=1.0.0-alpha.1 <=1.0.0-alpha.2) +39 more potentially affected by CVE-2025-59427 via @cloudflare/vite-plugin (>=0.0.0-1bae8618b <=1.36.3)
@cloudflare/vite-plugin NPM version =0.0.0-1bae8618b, =13.0.0, =1.0.0-alpha.1, =0.1.0, =0.0.9, =1.0.0, =1.0.0, =1.0.0, =0.3.0, =0.2.2, =0.0.1, =0.1.0, =0.0.0-0d2e556, =0.0.1, =0.1.13 and more Source cves: CVE-2025-59427 Source advisory: OSV:GHSA-4PFG-2MW5-F8JX...
Cloudflare Vite plugin exposes secrets over the built-in dev server
Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...
PT-2025-30105 · Npm · @Cloudflare/Vite-Plugin
Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...
PT-2025-38576
Name of the Vulnerable Software and Affected Versions: Cloudflare Vite plugin versions prior to 1.6.0 Description: The Cloudflare Vite plugin, when used with its default configuration, exposes files from the root directory via the local development server. This includes sensitive files such as .e...
@cfpreview/pages-e2e-test-runner-cli (>=0.0.9 <=0.0.25), @cloudflare/vite-plugin (>=0.0.0-0a9a26099 <=0.0.0-fec45ed61) +5 more potentially affected by CVE-2023-3348 via wrangler (>=0.0.0-a18155fb8 <=2.0.23)
wrangler NPM version =0.0.0-a18155fb8, =0.0.9, =0.0.0-0a9a26099, =0.0.1, =0.0.84-test.20250522015638, =1.0.0, =2.1.7 Source cves: CVE-2023-3348 Source advisory: OSV:GHSA-8C93-4HCH-XGXP...