Vulnerabilities in sveltejs
26 resultsCVE-2024-23641HIGHSending a GET or HEAD request with a body crashes SvelteKitEPSS 0.8%CVE-2023-29003HIGHSvelteKit has Insufficient Cross-Site Request Forgery ProtectionEPSS 0.6%CVE-2026-40073HIGHSvelteKit has a BODY_SIZE_LIMIT bypass in @sveltejs/adapter-nodeEPSS 0.5%CVE-2026-22803HIGHSvelteKit has a memory amplification DoS in Remote Functions binary form deserializerEPSS 0.5%CVE-2026-22774HIGHdevalue vulnerable to denial of service due to memory exhaustion in devalue.parseEPSS 0.5%CVE-2026-22775HIGHdevalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parseEPSS 0.5%CVE-2024-53262LOWUnescaped error message included on error page in SvelteKitEPSS 0.5%CVE-2025-67647HIGHSvelteKit Denial of service and possible SSRF when using prerenderingEPSS 0.5%CVE-2026-42567MEDIUMSvelte: ReDoS in `<svelte:element>` Tag ValidationEPSS 0.4%CVE-2026-27125MEDIUMSvelte SSR attribute spreading includes inherited properties from prototype chainEPSS 0.4%CVE-2023-29008HIGHSvelteKit framework has Insufficient CSRF protection for CORS requestsEPSS 0.4%CVE-2026-30226MEDIUMdevalue has prototype pollution in devalue.parse and devalue.unflattenEPSS 0.4%CVE-2026-40074MEDIUMSvelteKit's invalidated redirect in handle hook causes Denial-of-ServiceEPSS 0.4%CVE-2026-42570HIGHSvelte devalue: DoS via sparse array deserializationEPSS 0.3%CVE-2025-57820HIGHSvelte devalue vulnerable to prototype pollutionEPSS 0.3%CVE-2024-45047MEDIUMPotential mXSS vulnerability due to improper HTML escaping in svelteEPSS 0.3%CVE-2024-53261LOWCross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKitEPSS 0.3%CVE-2026-27118MEDIUMCache poisoning in @sveltejs/adapter-vercelEPSS 0.3%CVE-2025-32388MEDIUMSvelteKit allows XSS via tracked search_paramsEPSS 0.3%CVE-2026-27902MEDIUMSvelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration MarkersEPSS 0.2%