Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
npm/@builder.io/qwik-city — 8 CVEs · VulnScope
pkg:npm/
@builder.io/qwik-city
8 total CVEs
CRITICAL
1
HIGH
1
MEDIUM
3
✅ Check your installed version
Check
All known vulnerabilities
CRITICAL
9.3
CVE-2026-25150
Prototype Pollution via FormData Processing in Qwik City
from 0, < 1.19.0
HIGH
7.5
CVE-2026-32701
Qwik City has array method pollution in FormData processing allows type confusion and DoS
from 0, < 1.19.2
MEDIUM
5.9
CVE-2026-25155
Qwik City CSRF protection middleware does not work properly for content type header with parameters (eg. multipart/form-data)
from 0, < 1.12.0
MEDIUM
5.9
Qwik City has a CSRF Protection Bypass via Content-Type Header Validation
from 0, < 1.19.0
MEDIUM
4.7
@builder.io/qwik-city Cross-Site Request Forgery vulnerability
from 0, < 0.104.0
—
Qwik City Open Redirect via fixTrailingSlash
from 0, < 1.19.0
—
Qwik SSR XSS via Unsafe Virtual Node Serialization
from 0, < 1.19.0
—
Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests
from 0, < 1.13.0
CVE-2026-25151
CVE-2023-2307
CVE-2026-25149
CVE-2026-25148
CVE-2025-53620