Vuln
·
Scope
Home
Packages
KEV
Critical
Insights
Jobs
Pricing
EN
中
Loading…
npm/@sveltejs/kit — 10 CVEs · VulnScope
pkg:npm/
@sveltejs/kit
10 total CVEs
HIGH
3
MEDIUM
2
✅ Check your installed version
Check
All known vulnerabilities
HIGH
8.8
CVE-2023-29008
SvelteKit framework has Insufficient CSRF protection for CORS requests
from 0, < 1.15.2
HIGH
8.8
CVE-2023-29003
SvelteKit vulnerable to Cross-Site Request Forgery
from 0, < 1.15.1
HIGH
7.5
CVE-2024-23641
Sending a GET or HEAD request with a body crashes SvelteKit
>= 2.0.0, < 2.4.3
MEDIUM
5.4
@sveltejs/kit vulnerable to Cross-site Scripting via tracked search_params
>= 2.0.0, < 2.20.6
MEDIUM
4.2
@sveltejs/kit has unescaped error message included on error page
from 0, < 2.8.3
NONE
0.0
@sveltejs/kit vulnerable to XSS on dev mode 404 page
from 0, < 2.8.3
—
@sveltejs/kit: Unvalidated redirect in handle hook causes Denial-of-Service
from 0, < 2.57.1
—
@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass
from 0, < 2.57.1
—
@sveltejs/kit has memory amplification DoS vulnerability in Remote Functions binary form deserializer (application/x-sveltekit-formdata)
>= 2.49.0, < 2.49.5
—
SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering
>= 2.19.0, < 2.49.5
CVE-2025-32388
CVE-2024-53262
CVE-2024-53261
CVE-2026-40074
CVE-2026-40073
CVE-2026-22803
CVE-2025-67647