OSV - Open Source Vulnerabilities

GHSA-33r3-4whc-44c2

npm/vite-plus

Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME

13 hours ago

Fix available
Severity - 8.4 (High)

GHSA-4w7w-66w2-5vf9

npm/vite

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

06 Apr

Fix available
Severity - 6.3 (Medium)

GHSA-v2wj-q39q-566r

npm/vite

Vite: `server.fs.deny` bypassed with queries

06 Apr

Fix available
Severity - 8.2 (High)

GHSA-p9ff-h696-f583

npm/vite

Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket

06 Apr

Fix available
Severity - 8.2 (High)

MAL-2026-1338

npm/vite-chunker

Malicious code in vite-chunker (npm)

11 Mar

No fix available

MAL-2026-918

npm/webpack-vite

Malicious code in webpack-vite (npm)

16 Feb

No fix available

MAL-2026-747

npm/react-vite-sync

Malicious code in react-vite-sync (npm)

04 Feb

No fix available

MAL-2026-669

npm/vite-ui-components

Malicious code in vite-ui-components (npm)

03 Feb

No fix available

MAL-2025-192884

npm/vite-react-setting

Malicious code in vite-react-setting (npm)

23 Dec 2025

No fix available

MAL-2025-191600

npm/vite-dynamic-chunks

Malicious code in vite-dynamic-chunks (npm)

01 Dec 2025

No fix available

MAL-2025-191474

npm/vite-dynachunk

Malicious code in vite-dynachunk (npm)

26 Nov 2025

No fix available

MAL-2025-191383

npm/@voiceflow/vite-config

Malicious code in @voiceflow/vite-config (npm)

25 Nov 2025

No fix available

MAL-2025-190741

npm/@ensdomains/vite-plugin-i18next-loader

Malicious code in @ensdomains/vite-plugin-i18next-loader (npm)

24 Nov 2025

No fix available

MAL-2025-190787

npm/vite-plugin-httpfile

Malicious code in vite-plugin-httpfile (npm)

24 Nov 2025

No fix available

MAL-2025-190176

npm/vite-chunk-master

Malicious code in vite-chunk-master (npm)

13 Nov 2025

No fix available

MAL-2025-181051

npm/teate-thy-sonic-vite

Malicious code in teate-thy-sonic-vite (npm)

12 Nov 2025

No fix available