pkg:npm/@builder.io/qwik-city

8 total CVEsCRITICAL1HIGH1MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.3CVE-2026-25150Prototype Pollution via FormData Processing in Qwik City
    from 0, < 1.19.0
  • HIGH7.5CVE-2026-32701Qwik City has array method pollution in FormData processing allows type confusion and DoS
    from 0, < 1.19.2
  • MEDIUM5.9CVE-2026-25155Qwik City CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data)
    from 0, < 1.12.0
  • MEDIUM5.9CVE-2026-25151Qwik City has a CSRF Protection Bypass via Content-Type Header Validation
    from 0, < 1.19.0
  • MEDIUM4.7CVE-2023-2307@builder.io/qwik-city Cross-Site Request Forgery vulnerability
    from 0, < 0.104.0
  • CVE-2026-25149Qwik City Open Redirect via fixTrailingSlash
    from 0, < 1.19.0
  • CVE-2026-25148Qwik SSR XSS via Unsafe Virtual Node Serialization
    from 0, < 1.19.0
  • CVE-2025-53620Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests
    from 0, < 1.13.0