Lucene search
K

5 matches found

CVE
CVE
added 2026/06/09 4:22 p.m.21 views

CVE-2026-42567

CVE-2026-42567 affects Svelte runtimes from 5.51.5 up to 5.55.6, where an internal regex used during svelte:element tag validation can cause exponential-time processing (ReDoS) on certain tag names. The issue is triggered during the validation of , leading to significant CPU usage and potential...

7.5CVSS5.3AI score0.00421EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/02/20 11:16 p.m.13 views

CVE-2026-27122

svelte performance oriented web framework. Prior to 5.51.5, when using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output...

5.4CVSS0.00189EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/19 3:18 p.m.10 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the svelte:element tags. An attacker can inject arbitrary HTML into the server-side rendered output by supplying a crafted tag name. Details Cross-site...

5.5CVSS5.6AI score0.00189EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/19 3:18 p.m.5 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the svelte:element tags. An attacker can inject arbitrary HTML into the server-side rendered output by supplying a crafted tag name. Details...

5.5CVSS5.7AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20881

Name of the Vulnerable Software and Affected Versions Svelte versions prior to 5.51.5 Description A flaw exists in Svelte where, during server-side rendering, the tag name provided to the component is not validated or sanitized before being included in the HTML output. This can lead to HTML...

5CVSS5.3AI score0.00189EPSS
Exploits0References4
Rows per page
Query Builder