pkg:npm/@sveltejs/kit

共 10 筆 CVEHIGH3MEDIUM2

✅ 檢查你的版本

所有已知漏洞

  • HIGH8.8CVE-2023-29008SvelteKit framework has Insufficient CSRF protection for CORS requests
    from 0, < 1.15.2
  • HIGH8.8CVE-2023-29003SvelteKit vulnerable to Cross-Site Request Forgery
    from 0, < 1.15.1
  • HIGH7.5CVE-2024-23641Sending a GET or HEAD request with a body crashes SvelteKit
    >= 2.0.0, < 2.4.3
  • MEDIUM5.4CVE-2025-32388@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params
    >= 2.0.0, < 2.20.6
  • MEDIUM4.2CVE-2024-53262@sveltejs/kit has unescaped error message included on error page
    from 0, < 2.8.3
  • NONE0.0CVE-2024-53261@sveltejs/kit vulnerable to XSS on dev mode 404 page
    from 0, < 2.8.3
  • CVE-2026-40074@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service
    from 0, < 2.57.1
  • CVE-2026-40073@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass
    from 0, < 2.57.1
  • CVE-2026-22803@sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata)
    >= 2.49.0, < 2.49.5
  • CVE-2025-67647SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering
    >= 2.19.0, < 2.49.5