@agregio-solutions/design-system (>=1.89.2 <=1.89.4), @altipla/directus-sdk-utils (=0.7.2) +226 more potentially affected by CVE-2026-39363 via vite (>=7.0.0 <=7.3.1)

vite NPM version =7.0.0, =1.89.2, =20.1.0, =20.1.0, =0.1.0, =0.0.4, =0.2.9, =0.79.1, =1.0.0-beta.23, =2.1.2-alpha.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.28.0 and more Source cves: CVE-2026-39363 Source advisory: OSV:GHSA-P9FF-H696-F583...

@agregio-solutions/design-system (>=1.89.2 <=1.89.4), @altipla/directus-sdk-utils (=0.7.2) +226 more potentially affected by CVE-2026-39363 via vite (>=7.0.0 <=7.3.1)

vite NPM version =7.0.0, =1.89.2, =20.1.0, =20.1.0, =0.1.0, =0.0.4, =0.2.9, =0.79.1, =1.0.0-beta.23, =2.1.2-alpha.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.23.0, =2.28.0 and more Source cves: CVE-2026-39363 Source advisory: SNYK:JS-VITE-15922242...

128981semzub (=1.0.1), 1food-menu (>=0.3.0 <=0.3.7) +3466 more potentially affected by CVE-2025-62522 via vite (>=4.0.0-beta.0 <=5.4.20)

vite NPM version =4.0.0-beta.0, =0.3.0, =1.0.0, =2.0.3, =0.0.1, =0.0.1, =0.0.7, =4.0.61, =4.0.61, =4.0.61, =4.0.61, =0.0.1, =0.0.3 and more Source cves: CVE-2025-62522 Source advisory: OSV:GHSA-93M4-6634-74Q7...

@1771technologies/oneplay (>=0.0.1 <=0.0.6), @aklesky/vite-config (>=1.0.0 <=1.0.1) +169 more potentially affected by CVE-2025-58752 via vite (>=6.0.0 <=6.3.5)

vite NPM version =6.0.0, =0.0.1, =1.0.0, =0.2.0, =4.25.19-patch.2, =19.1.0, =19.1.0, =0.55.0, =0.21.2-4.1, =0.4.2, =0.1.10, =0.0.1, =1.0.0, =1.0.3 and more Source cves: CVE-2025-58752 Source advisory: OSV:GHSA-JQFW-VQ24-V9C3...

@altipla/directus-sdk-utils (=0.7.2), @angular-devkit/build-angular (>=20.2.0 <=21.0.0-rc.1) +58 more potentially affected by CVE-2025-58752 via vite (>=7.1.0 <=7.1.4)

vite NPM version =7.1.0, =20.2.0, =20.2.0, =2.1.2-alpha.0, =0.0.0, =2.14.0, =5.0.0-beta.4, =30.0.0, =16.0.1, =1.0.0, =3.22.0, =9.0.0-next.68, =21.0.0-alpha.10, =21.0.0-alpha.10, =21.0.0-next.9 and more Source cves: CVE-2025-58752 Source advisory: OSV:GHSA-JQFW-VQ24-V9C3...

@angular-devkit/build-angular (>=20.1.0 <=20.2.0-next.2), @angular/build (>=20.1.0 <=20.2.0-next.2) +59 more potentially affected by CVE-2025-58752 via vite (>=7.0.0 <=7.0.6)

vite NPM version =7.0.0, =20.1.0, =20.1.0, =0.0.4, =0.2.9, =1.190.0, =0.1.0, =19.3.2, =19.3.2, =0.0.1750946288791, =0.0.2, =0.0.7, =0.3.4 and more Source cves: CVE-2025-58752 Source advisory: SNYK:JS-VITE-12558116...

CVE-2025-58752 Vite's `server.fs` settings were not applied to HTML files

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or server.host config option and...

CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

Vite < 4.5.13 / 5.0.x < 5.4.18 / 6.0.x < 6.0.15 / 6.1.x < 6.1.5 / 6.2.x < 6.2.6 Arbitrary File Read

Vite version prior to 4.5.13, 5.0.x prior to 5.4.18, 6.0.x prior to 6.0.15, 6.1.x prior to 6.1.5 or 6.2.x prior to 6.2.6 are affected by a vulnerability allowing unauthenticated remote attackers to read arbitrary files on the affected host when the app is exposing the Vite dev server to the...

@angular-devkit/build-angular (>=19.2.0 <=19.2.0-rc.0), @angular/build (>=19.2.0 <=19.2.0-rc.0) +40 more potentially affected by CVE-2025-32395 via vite (>=6.1.0 <=6.1.4)

vite NPM version =6.1.0, =19.2.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

@aklesky/vite-config (>=0.7.9 <=0.9.0), @andrewzagorski/admin (=4.25.19-patch.1) +406 more potentially affected by CVE-2025-31486 via vite (>=5.0.0 <=5.4.16)

vite NPM version =5.0.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =1.0.0-alpha.13, =1.0.0-alpha.16 and more Source cves: CVE-2025-31486 Source advisory: OSV:GHSA-XCJ6-PQ6G-QJ4X...

@angular-devkit/build-angular (>=19.2.0 <=19.2.0-rc.0), @angular/build (>=19.2.0 <=19.2.0-rc.0) +40 more potentially affected by CVE-2025-31486 via vite (>=6.1.0 <=6.1.3)

vite NPM version =6.1.0, =19.2.0, =19.2.0, =1.0.7, =2.12.0, =2.12.0, =11.24.0, =0.0.1739797164641, =1.0.0, =0.0.0-experimental-989cf02-20250217-d62ba1cb, =0.0.0-experimental-80aadca-20250205-e2641483, =0.0.0-snapshot-1e670bae5105bde781e82aa2a8ee4f2dfc2446f0,...

@aklesky/vite-config (>=0.7.9 <=0.9.0), @andrewzagorski/admin (=4.25.19-patch.1) +395 more potentially affected by CVE-2025-24010 +1 more via vite (>=5.0.0 <=5.4.11)

vite NPM version =5.0.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =1.0.0-alpha.13, =1.0.0-alpha.16 and more Source cves: CVE-2025-24010, CVE-2025-24360 Source advisory: OSV:GHSA-VG6X-RCGG-RJX6...

1food-menu (=0.3.8), 2473-alex-ui (>=0.0.1 <=0.0.4-alpha.3) +4715 more potentially affected by CVE-2024-45812 via vite (>=5.4.0 <=5.4.5)

vite NPM version =5.4.0, =0.0.1, =0.0.1, =1.1.2, =0.1.1, =0.1.0, =5.0.0, =0.0.1-alpha.10, =0.0.4-alpha.5, =0.0.11, =0.0.5, =0.0.1, =1.0.0, =1.0.0, =1.1.1 and more Source cves: CVE-2024-45812 Source advisory: OSV:GHSA-64VR-G452-QVP3...

@1-kb/emoji-picker (=0.0.1-alpha.11), @11ty/eleventy-plugin-vite (>=1.0.0 <=1.0.0-canary.3) +1526 more potentially affected by CVE-2024-45812 via vite (>=0.14.4 <=3.2.1)

vite NPM version =0.14.4, =1.0.0, =0.0.3, =1.0.1, =1.0.12, =0.0.4, =1.0.1, =0.0.1, =0.0.1, =0.0.12, =1.1.0, =1.0.0, =0.0.1, =0.0.11 - @agora-labs/paper-creator =0.0.5 and more Source cves: CVE-2024-45812 Source advisory: OSV:GHSA-64VR-G452-QVP3...

@angular-devkit/build-angular (>=18.0.0 <=18.1.0-next.2), @angular/build (>=18.0.0 <=18.1.0-next.2) +57 more potentially affected by CVE-2024-45812 via vite (>=5.2.0 <=5.2.13)

vite NPM version =5.2.0, =18.0.0, =18.0.0, =5.0.0-alpha.4, =0.1.0-rc.8, =18.0.0-next.46, =18.0.0-next.46, =3.0.2, =3.5.0, =4.1.0, =34.0.0, =2.1.3, =1.2.0, =1.0.0, =11.17.0, =8.0.8, =8.1.0 and more Source cves: CVE-2024-45812 Source advisory: OSV:GHSA-64VR-G452-QVP3...

@aem-vite/import-rewriter (>=5.0.1 <=6.0.1), @aem-vite/vite-aem-plugin (>=1.0.0 <=2.3.1) +124 more potentially affected by CVE-2024-31207 via vite (>=2.7.0 <=2.9.17)

vite NPM version =2.7.0, =5.0.1, =1.0.0, =3.0.0-beta.5, =3.0.0-beta.2, =0.10.0, =1.1.0-next.4, =0.0.0-experimental-17c6886-20220324, =0.0.0-canary-20220428124037, =0.1.5, =0.0.11, =0.0.12, =0.0.1, =0.1.5, =0.0.11, =0.0.37, =0.0.42 and more Source cves: CVE-2024-31207 Source advisory:...

@aklesky/vite-config (>=0.7.9 <=0.9.0), @angular-devkit/build-angular (>=17.1.0 <=17.2.3) +180 more potentially affected by CVE-2023-49293 via vite (>=5.0.0 <=5.0.4)

vite NPM version =5.0.0, =0.7.9, =17.1.0, =0.5.0, =0.22.0, =1.0.1, =1.0.0, =0.9.0, =1.0.0-alpha.13, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =1.0.0-alpha.1, =4.20.4, =1.0.274, =1.0.294 and more Source cves: CVE-2023-49293 Source advisory: OSV:GHSA-92R3-M2MG-PJ97...

PT-2023-7610

Name of the Vulnerable Software and Affected Versions Vite versions prior to 4.4.12 Vite versions prior to 4.5.1 Vite versions prior to 5.0.5 Description The issue is related to Vite's HTML transformation when invoked manually via server.transformIndexHtml. If the original request URL is passed i...