pkg:npm/vitest

2 total CVEsCRITICAL2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-47429When Vitest UI server is listening, arbitrary file can be read and executed
    from 0, < 4.1.0
  • CRITICAL9.6CVE-2025-24964Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
    >= 1.0.0, < 1.6.1
npm/vitest — 2 CVEs · VulnScope