Exposure of Vite
Miscellaneous71
exposure score
63,301
sites use
1
exploited
0
critical
CVEs
21 resultsCVE-2025-31125MEDIUMVite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` queryEPSS 62.1%KEVCVE-2025-30208MEDIUMVite bypasses server.fs.deny when using `?raw??`EPSS 78.6%CVE-2025-31486MEDIUMVite allows server.fs.deny to be bypassed with .svg or relative pathsEPSS 35.1%CVE-2023-34092HIGHVite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)EPSS 3.2%CVE-2026-39363HIGHVite Affected by Arbitrary File Read via Vite Dev Server WebSocketEPSS 2.3%CVE-2026-39364HIGHVite has a `server.fs.deny` bypass with queriesEPSS 1.7%CVE-2025-32395MEDIUMVite has an `server.fs.deny` bypass with an invalid `request-target`EPSS 1.7%CVE-2025-58751LOWVite middleware may serve files starting with the same name with the public directoryEPSS 1.2%CVE-2025-46565MEDIUMVite's server.fs.deny bypassed with /. for files under project rootEPSS 1.1%CVE-2025-62522MEDIUMvite allows server.fs.deny bypass via backslash on WindowsEPSS 1.0%CVE-2024-45811MEDIUMserver.fs.deny bypassed when using ?import&raw in viteEPSS 1.0%CVE-2023-49293MEDIUMCross-site Scripting in `server.transformIndexHtml` via URL payload in viteEPSS 1.0%CVE-2026-39365MEDIUMVite has a Path Traversal in Optimized Deps `.map` HandlingEPSS 0.9%CVE-2024-23331HIGHVite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystemEPSS 0.8%CVE-2024-31207MEDIUMVite's `server.fs.deny` did not deny requests for patterns with directoriesEPSS 0.7%CVE-2024-45812MEDIUMDOM Clobbering gadget found in vite bundled scripts that leads to XSS in ViteEPSS 0.6%CVE-2025-58752LOWVite's `server.fs` settings were not applied to HTML filesEPSS 0.6%CVE-2024-52011HIGHlaunch-editor vulnerable to command injection via the crafted request on WindowsEPSS 0.5%CVE-2026-53571HIGHVite: `server.fs.deny` bypass on Windows alternate pathsEPSS 0.4%CVE-2026-53632MEDIUMNTLMv2 hash disclosure via UNC path handling on WindowsEPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →