2 matches found
GHSA-QCR8-X557-7CP3 @asymmetric-effort/specifyjs: Production console warnings may leak internal framework state
Finding Location: core/src/core/scheduler.ts:23, core/src/hooks/dispatcher.ts:100, core/src/client/graphql.ts:71 Several console.warn calls are not gated behind DEV and will fire in production builds, potentially exposing internal framework state such as queue sizes, component names, and query...
NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...