pkg:npm/vite-plus
4 total CVEsCRITICAL2
✅ Check your installed version
All known vulnerabilities
CRITICAL10.0CVE-2026-41211Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME from 0, < 0.1.17
CRITICAL9.8CVE-2026-53633Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE from 0, < 0.1.24
—CVE-2026-53632launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows from 0, < 0.1.24
—CVE-2026-53571vite: `server.fs.deny` bypass on Windows alternate paths from 0, < 0.1.24