150 matches found
GHSA-HGV7-V322-MMGR @sveltejs/kit: `query.batch` cross-talk
query.batch could, under very rare and specific timings, cause concurrent requests from different users to merge and resolve under single request context, enabling cross-user data disclosure...
PT-2026-33834
I found a stored XSS vulnerability in @LenisSmooth that affected 800,000+ weekly npm downloads across Next.js, Nuxt, and SvelteKit deployments. Fixed in v1.3.22. Assigned CVE-2026-41251. If you're using Lenis — please update now. BugBounty XSS WebSecurity OpenSource CVE https://t.co/tsfYQ33N3I...
CVE-2026-40074
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...
CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service
redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could result in DoS on some platforms, especially if the location passed to redirect contains unsanitized user input...
Improper Handling of Exceptional Conditions
Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions in the redirect function in the handle server hook when the location parameter contains characters invalid in an HTTP header. An attacker can cau...
EUVD-2026-21504
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service...
EUVD-2026-21502
@sveltejs/adapter-node has a BODYSIZELIMIT bypass...
GHSA-2CRG-3P73-43XP @sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass
Under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers of the application stack, so limits enforced in the WAF, gateway, or at the platform level are unaffected...
Allocation of Resources Without Limits or Throttling
Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the request processing. An attacker can send requests that exceed BODYSIZELIMIT restriction to applications running with adapter-node...
CVE-2026-40074
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...
CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...
CVE-2026-40074
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...
CVE-2026-40074 SvelteKit's invalidated redirect in handle hook causes Denial-of-Service
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...
CVE-2026-40074
CVE-2026-40074 affects SvelteKit. The issue is an unhandled TypeError in redirect() when called from the handle hook with a location containing characters invalid in HTTP headers, leading to potential DoS. Vulnerable in all versions before 2.57.1; fixed in 2.57.1. Remediation: upgrade to 2.57.1 o...
CVE-2026-40074 SvelteKit's invalidated redirect in handle hook causes Denial-of-Service
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This...
CVE-2026-40073
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...
CVE-2026-40073
SvelteKit (framework for building web apps with Svelte) contains a vulnerability in adapter-node prior to version 2.57.1 where, under certain conditions, requests could bypass the BODY_SIZE_LIMIT. The issue is scoped to SvelteKit applications using adapter-node and does not affect body size limit...
CVE-2026-40073 SvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-node
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODYSIZELIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers...
PT-2026-31989
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY SIZE LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other laye...