Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/vitejs/vite

Next generation frontend tooling. It's fast!
https://github.com/vitejs/vite

Moderate

GSA_kwCzR0hTQS02NHZyLWc0NTItcXZwM84AA_m5

Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Ecosystems: npm
Packages: vite
Source: github
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS05Y3d4LTI4ODMtNHdmeM4AA_m4

Vite's `server.fs.deny` is bypassed when using `?import&raw`
Ecosystems: npm
Packages: vite
Source: github
Published: 3 months ago

Moderate

GSA_kwCzR0hTQS04amh3LTI4OWgtamgyZ84AA6l1

Vite's `server.fs.deny` did not deny requests for patterns with directories.
Ecosystems: npm
Packages: vite
Source: github
Published: 9 months ago

High

GSA_kwCzR0hTQS1jMjR2LThyZmMtdzh2d84AA4lu

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Ecosystems: npm
Packages: vite
Source: github
Published: 11 months ago

Moderate

GSA_kwCzR0hTQS05MnIzLW0ybWctcGo5N84AA3lD

Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Ecosystems: npm
Packages: vite
Source: github
Published: about 1 year ago

High

GSA_kwCzR0hTQS0zNTNmLTV4ZjQtcXc2N84AAzpR

Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
Ecosystems: npm
Packages: vite
Source: github
Published: over 1 year ago

High

GSA_kwCzR0hTQS1tdjQ4LWhjdmgtOGpqOM4AAuGt

Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
Ecosystems: npm
Packages: vite
Source: github
Published: over 2 years ago