Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

Svelte

Cybernetically enhanced web apps
Collective - Host: opensource - https://opencollective.com/svelte - Website: https://svelte.dev - Code: https://github.com/sveltejs

Low

kit: GSA_kwCzR0hTQS1yamp2LTg3bXgtNngzaM4ABBvG

@sveltejs/kit vulnerable to on dev mode 404 page
Ecosystems: npm
Packages: @sveltejs/kit
Source: github
Published: 26 days ago

Low

kit: GSA_kwCzR0hTQS1taDJ4LWZjcWgtZm1xds4ABBvF

@sveltejs/kit has unescaped error message included on error page
Ecosystems: npm
Packages: @sveltejs/kit
Source: github
Published: 26 days ago

Moderate

svelte: GSA_kwCzR0hTQS04MjY2LTg0d3Atd3Y1Y84AA_Dj

Svelte has a potential mXSS vulnerability due to improper HTML escaping
Ecosystems: npm
Packages: svelte
Source: github
Published: 4 months ago

High

kit: GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX

Sending a GET or HEAD request with a body crashes SvelteKit
Ecosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: github
Published: 11 months ago

High

kit: GSA_kwCzR0hTQS1ndjdnLXg1OXgtd2Y4Zs4AAyoO

SvelteKit framework has Insufficient CSRF protection for CORS requests
Ecosystems: npm
Packages: @sveltejs/kit
Source: github
Published: over 1 year ago

High

kit: GSA_kwCzR0hTQS01cDc1LXZjNWctOHJ2Ms4AAyiw

SvelteKit vulnerable to Cross-Site Request Forgery
Ecosystems: npm
Packages: @sveltejs/kit
Source: github
Published: over 1 year ago

Moderate

svelte: GSA_kwCzR0hTQS13djhxLXI5MzItOGhjN84AAtWH

Svelte vulnerable to XSS when using objects during server-side rendering
Ecosystems: npm
Packages: svelte
Source: github
Published: over 2 years ago