pkg:npm/svelte

All known vulnerabilities

• MEDIUM6.1CVE-2022-25875Svelte vulnerable to XSS when using objects during server-side rendering
  from 0, < 3.49.0
• MEDIUM5.4CVE-2024-45047Svelte has a potential mXSS vulnerability due to improper HTML escaping
  from 0, < 4.2.19
• —CVE-2026-42573Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
  from 0, < 5.55.7
• —CVE-2026-42567Svelte: ReDoS in `<svelte:element>` Tag Validation
  >= 5.51.5, < 5.55.7
• —CVE-2026-42599Svelte SSR vulnerable to cross-site scripting via spread attributes
  from 0, < 5.55.7
• —CVE-2026-27902Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
  >= 5.53.0, < 5.53.5
• —CVE-2026-27901Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
  from 0, < 5.53.5
• —CVE-2026-27125Svelte SSR attribute spreading includes inherited properties from prototype chain
  from 0, < 5.51.5
• —CVE-2026-27122Svelte SSR does not validate dynamic element tag names in `<svelte:element>`
  from 0, < 5.51.5
• —CVE-2026-27121Svelte affected by cross-site scripting via spread attributes in Svelte SSR
  from 0, < 5.51.5
• —CVE-2026-27119Svelte affected by XSS in SSR `<option>` element
  >= 5.39.3, < 5.51.5
• —CVE-2025-15265svelte vulnerable to Cross-site Scripting
  >= 5.46.0, < 5.46.4