vitejs vite Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting vitejs vite, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every vitejs vite version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

create-app@1.0.014 CVEs
create-app@1.0.114 CVEs
create-app@1.0.214 CVEs
create-app@1.0.314 CVEs
create-app@1.0.414 CVEs
create-app@1.0.514 CVEs
create-app@1.0.614 CVEs
create-app@1.1.014 CVEs
create-app@1.3.014 CVEs
create-app@1.4.014 CVEs
create-app@1.5.014 CVEs
create-app@1.5.114 CVEs
create-app@1.5.214 CVEs
create-app@1.6.014 CVEs
create-app@1.7.014 CVEs
create-app@1.7.114 CVEs
create-app@1.8.014 CVEs
create-app@2.0.014 CVEs
create-app@2.0.114 CVEs
create-app@2.0.214 CVEs
create-app@2.1.014 CVEs
create-app@2.2.014 CVEs
create-app@2.2.114 CVEs
create-app@2.2.214 CVEs
create-app@2.2.314 CVEs
create-app@2.2.414 CVEs
create-app@2.2.514 CVEs
create-app@2.3.014 CVEs
create-app@2.3.114 CVEs
create-app@2.3.214 CVEs
create-app@2.4.014 CVEs
create-app@2.4.114 CVEs
create-app@2.4.214 CVEs
create-app@2.4.314 CVEs
create-app@2.4.414 CVEs
create-app@2.4.514 CVEs
create-vite@2.5.014 CVEs
create-vite@2.5.114 CVEs
create-vite@2.5.214 CVEs
create-vite@2.5.314 CVEs
create-vite@2.5.414 CVEs
create-vite@2.6.114 CVEs
create-vite@2.6.214 CVEs
create-vite@2.6.314 CVEs
create-vite@2.6.414 CVEs
create-vite@2.6.514 CVEs
create-vite@2.6.614 CVEs
create-vite@2.7.014 CVEs
create-vite@2.7.114 CVEs
create-vite@2.7.214 CVEs
create-vite@2.8.014 CVEs
create-vite@2.9.014 CVEs
create-vite@2.9.114 CVEs
create-vite@2.9.214 CVEs
create-vite@2.9.314 CVEs
create-vite@4.0.014 CVEs
create-vite@4.1.014 CVEs
create-vite@4.2.014 CVEs
create-vite@4.3.014 CVEs
create-vite@4.3.114 CVEs
plugin-legacy@1.0.014 CVEs
plugin-legacy@1.0.114 CVEs
plugin-legacy@1.1.014 CVEs
plugin-legacy@1.1.114 CVEs
plugin-legacy@1.2.014 CVEs
plugin-legacy@1.2.114 CVEs
plugin-legacy@1.2.214 CVEs
plugin-legacy@1.2.314 CVEs
plugin-legacy@1.3.014 CVEs
plugin-legacy@1.3.114 CVEs
plugin-legacy@1.3.214 CVEs
plugin-legacy@1.3.314 CVEs
plugin-legacy@1.3.414 CVEs
plugin-legacy@1.4.014 CVEs
plugin-legacy@1.4.114 CVEs
plugin-legacy@1.4.214 CVEs
plugin-legacy@1.4.314 CVEs
plugin-legacy@1.4.414 CVEs
plugin-legacy@1.5.014 CVEs
plugin-legacy@1.5.114 CVEs
plugin-legacy@1.5.214 CVEs
plugin-legacy@1.5.314 CVEs
plugin-legacy@1.6.014 CVEs
plugin-legacy@1.6.114 CVEs
plugin-legacy@1.6.214 CVEs
plugin-legacy@1.6.314 CVEs
plugin-legacy@1.6.414 CVEs
plugin-legacy@1.7.014 CVEs
plugin-legacy@1.8.014 CVEs
plugin-legacy@1.8.114 CVEs
plugin-legacy@1.8.214 CVEs
plugin-legacy@3.0.014 CVEs
plugin-legacy@3.0.114 CVEs
plugin-legacy@4.0.014 CVEs
plugin-legacy@4.0.114 CVEs
plugin-legacy@4.0.214 CVEs
plugin-legacy@4.0.314 CVEs
plugin-legacy@4.0.414 CVEs
plugin-react-refresh@1.1.014 CVEs
plugin-react-refresh@1.1.114 CVEs
plugin-react-refresh@1.1.214 CVEs
plugin-react-refresh@1.1.314 CVEs
plugin-react-refresh@1.2.014 CVEs
plugin-react-refresh@1.2.114 CVEs
plugin-react-refresh@1.2.214 CVEs
plugin-react-refresh@1.3.014 CVEs
plugin-react-refresh@1.3.114 CVEs
plugin-react-refresh@1.3.214 CVEs
plugin-react-refresh@1.3.314 CVEs
plugin-react-refresh@1.3.414 CVEs
plugin-react-refresh@1.3.514 CVEs
plugin-react-refresh@1.3.614 CVEs
plugin-react@1.0.014 CVEs
plugin-react@1.0.0-beta.014 CVEs
plugin-react@1.0.114 CVEs
plugin-react@1.0.214 CVEs
plugin-react@1.0.314 CVEs
plugin-react@1.0.414 CVEs
plugin-react@1.0.514 CVEs
plugin-react@1.0.614 CVEs
plugin-react@1.1.014 CVEs
plugin-react@1.1.0-beta.014 CVEs
plugin-react@1.1.0-beta.114 CVEs
plugin-react@1.1.114 CVEs
plugin-react@1.1.214 CVEs
plugin-react@1.1.314 CVEs
plugin-react@1.1.414 CVEs
plugin-react@1.2.014 CVEs
plugin-react@1.3.014 CVEs
plugin-react@1.3.114 CVEs
plugin-react@1.3.214 CVEs
plugin-vue-jsx@1.0.014 CVEs
plugin-vue-jsx@1.0.114 CVEs
plugin-vue-jsx@1.0.214 CVEs
plugin-vue-jsx@1.0.314 CVEs
plugin-vue-jsx@1.1.014 CVEs
plugin-vue-jsx@1.1.114 CVEs
plugin-vue-jsx@1.1.214 CVEs
plugin-vue-jsx@1.1.314 CVEs
plugin-vue-jsx@1.1.414 CVEs
plugin-vue-jsx@1.1.514 CVEs
plugin-vue-jsx@1.1.614 CVEs
plugin-vue-jsx@1.1.714 CVEs
plugin-vue-jsx@1.1.814 CVEs
plugin-vue-jsx@1.2.014 CVEs
plugin-vue-jsx@1.3.014 CVEs
plugin-vue-jsx@1.3.0-beta.014 CVEs
plugin-vue-jsx@1.3.114 CVEs
plugin-vue-jsx@1.3.1014 CVEs
plugin-vue-jsx@1.3.214 CVEs
plugin-vue-jsx@1.3.314 CVEs
plugin-vue-jsx@1.3.414 CVEs
plugin-vue-jsx@1.3.614 CVEs
plugin-vue-jsx@1.3.714 CVEs
plugin-vue-jsx@1.3.814 CVEs
plugin-vue-jsx@1.3.914 CVEs
plugin-vue@1.0.314 CVEs
plugin-vue@1.0.414 CVEs
plugin-vue@1.0.514 CVEs
plugin-vue@1.0.614 CVEs
plugin-vue@1.1.014 CVEs
plugin-vue@1.1.114 CVEs
plugin-vue@1.1.214 CVEs
plugin-vue@1.1.314 CVEs
plugin-vue@1.1.414 CVEs
plugin-vue@1.1.514 CVEs
plugin-vue@1.10.014 CVEs
plugin-vue@1.10.0-beta.014 CVEs
plugin-vue@1.10.0-beta.114 CVEs
plugin-vue@1.10.114 CVEs
plugin-vue@1.10.214 CVEs
plugin-vue@1.2.014 CVEs
plugin-vue@1.2.114 CVEs
plugin-vue@1.2.214 CVEs
plugin-vue@1.2.314 CVEs
plugin-vue@1.2.414 CVEs
plugin-vue@1.2.514 CVEs
plugin-vue@1.3.014 CVEs
plugin-vue@1.4.014 CVEs
plugin-vue@1.5.014 CVEs
plugin-vue@1.6.014 CVEs
plugin-vue@1.6.114 CVEs
plugin-vue@1.6.214 CVEs
plugin-vue@1.7.014 CVEs
plugin-vue@1.7.114 CVEs
plugin-vue@1.8.014 CVEs
plugin-vue@1.8.114 CVEs
plugin-vue@1.9.014 CVEs
plugin-vue@1.9.114 CVEs
plugin-vue@1.9.214 CVEs
plugin-vue@1.9.314 CVEs
plugin-vue@1.9.414 CVEs
plugin-vue@2.0.014 CVEs
plugin-vue@2.0.114 CVEs
plugin-vue@2.1.014 CVEs
plugin-vue@2.2.014 CVEs
plugin-vue@2.2.114 CVEs
plugin-vue@2.2.214 CVEs
plugin-vue@2.2.314 CVEs
plugin-vue@2.2.414 CVEs
plugin-vue@2.3.014 CVEs
plugin-vue@2.3.0-beta.014 CVEs
plugin-vue@2.3.114 CVEs
plugin-vue@2.3.214 CVEs
v1.0.0-rc.1014 CVEs
v1.0.0-rc.1114 CVEs
v1.0.0-rc.1314 CVEs
v1.0.0-rc.514 CVEs
v1.0.0-rc.614 CVEs
v1.0.0-rc.714 CVEs
v1.0.0-rc.814 CVEs
v1.0.0-rc.914 CVEs
v2.0.014 CVEs
v2.0.0-alpha.114 CVEs
v2.0.0-alpha.214 CVEs
v2.0.0-alpha.314 CVEs
v2.0.0-alpha.414 CVEs
v2.0.0-alpha.514 CVEs
v2.0.0-beta.114 CVEs
v2.0.0-beta.1014 CVEs
v2.0.0-beta.1114 CVEs
v2.0.0-beta.1214 CVEs
v2.0.0-beta.1314 CVEs
v2.0.0-beta.1414 CVEs
v2.0.0-beta.1514 CVEs
v2.0.0-beta.1614 CVEs
v2.0.0-beta.1714 CVEs
v2.0.0-beta.1814 CVEs
v2.0.0-beta.1914 CVEs
v2.0.0-beta.214 CVEs
v2.0.0-beta.2014 CVEs
v2.0.0-beta.2114 CVEs
v2.0.0-beta.2214 CVEs
v2.0.0-beta.2314 CVEs
v2.0.0-beta.2414 CVEs
v2.0.0-beta.2514 CVEs
v2.0.0-beta.2614 CVEs
v2.0.0-beta.2714 CVEs
v2.0.0-beta.2814 CVEs
v2.0.0-beta.2914 CVEs
v2.0.0-beta.314 CVEs
v2.0.0-beta.3014 CVEs
v2.0.0-beta.3114 CVEs
v2.0.0-beta.3214 CVEs
v2.0.0-beta.3314 CVEs
v2.0.0-beta.3414 CVEs
v2.0.0-beta.3514 CVEs
v2.0.0-beta.3714 CVEs
v2.0.0-beta.3814 CVEs
v2.0.0-beta.3914 CVEs
v2.0.0-beta.414 CVEs
v2.0.0-beta.4014 CVEs
v2.0.0-beta.4114 CVEs
v2.0.0-beta.4214 CVEs
v2.0.0-beta.4314 CVEs
v2.0.0-beta.4414 CVEs
v2.0.0-beta.4514 CVEs
v2.0.0-beta.4614 CVEs
v2.0.0-beta.4714 CVEs
v2.0.0-beta.4814 CVEs
v2.0.0-beta.4914 CVEs
v2.0.0-beta.514 CVEs
v2.0.0-beta.5014 CVEs
v2.0.0-beta.5114 CVEs
v2.0.0-beta.5214 CVEs
v2.0.0-beta.5314 CVEs
v2.0.0-beta.5414 CVEs
v2.0.0-beta.5514 CVEs
v2.0.0-beta.5614 CVEs
v2.0.0-beta.5714 CVEs
v2.0.0-beta.5814 CVEs
v2.0.0-beta.5914 CVEs
v2.0.0-beta.614 CVEs
v2.0.0-beta.6014 CVEs
v2.0.0-beta.6114 CVEs
v2.0.0-beta.6214 CVEs
v2.0.0-beta.6314 CVEs
v2.0.0-beta.6414 CVEs
v2.0.0-beta.6514 CVEs
v2.0.0-beta.6614 CVEs
v2.0.0-beta.6714 CVEs
v2.0.0-beta.6814 CVEs
v2.0.0-beta.6914 CVEs
v2.0.0-beta.714 CVEs
v2.0.0-beta.7014 CVEs
v2.0.0-beta.814 CVEs
v2.0.0-beta.914 CVEs
v2.0.114 CVEs
v2.0.214 CVEs
v2.0.314 CVEs
v2.0.414 CVEs
v2.0.514 CVEs
v2.1.014 CVEs
v2.1.114 CVEs
v2.1.214 CVEs
v2.1.314 CVEs
v2.1.414 CVEs
v2.1.514 CVEs
v2.2.014 CVEs
v2.2.114 CVEs
v2.2.214 CVEs
v2.2.314 CVEs
v2.2.414 CVEs
v2.3.014 CVEs
v2.3.114 CVEs
v2.3.214 CVEs
v2.3.314 CVEs
v2.3.414 CVEs
v2.3.514 CVEs
v2.3.614 CVEs
v2.3.714 CVEs
v2.3.814 CVEs
v2.4.014 CVEs
v2.4.0-beta.014 CVEs
v2.4.0-beta.114 CVEs
v2.4.0-beta.214 CVEs
v2.4.0-beta.314 CVEs
v2.4.114 CVEs
v2.4.214 CVEs
v2.4.314 CVEs
v2.4.414 CVEs
v2.5.014 CVEs
v2.5.0-beta.014 CVEs
v2.5.0-beta.114 CVEs
v2.5.0-beta.214 CVEs
v2.5.0-beta.314 CVEs
v2.5.114 CVEs
v2.5.214 CVEs
v2.5.314 CVEs
v2.5.414 CVEs
v2.5.514 CVEs
v2.5.614 CVEs
v2.5.714 CVEs
v2.6.014 CVEs
v2.6.0-beta.014 CVEs
v2.6.0-beta.114 CVEs
v2.6.0-beta.214 CVEs
v2.6.0-beta.314 CVEs
v2.6.0-beta.414 CVEs
v2.6.114 CVEs
v2.6.1014 CVEs
v2.6.1114 CVEs
v2.6.1214 CVEs
v2.6.1314 CVEs
v2.6.214 CVEs
v2.6.314 CVEs
v2.6.414 CVEs
v2.6.514 CVEs
v2.6.614 CVEs
v2.6.714 CVEs
v2.6.814 CVEs
v2.6.914 CVEs
v2.7.014 CVEs
v2.7.0-beta.014 CVEs
v2.7.0-beta.114 CVEs
v2.7.0-beta.1014 CVEs
v2.7.0-beta.1114 CVEs
v2.7.0-beta.214 CVEs
v2.7.0-beta.314 CVEs
v2.7.0-beta.414 CVEs
v2.7.0-beta.514 CVEs
v2.7.0-beta.614 CVEs
v2.7.0-beta.714 CVEs
v2.7.0-beta.814 CVEs
v2.7.0-beta.914 CVEs
v2.7.114 CVEs
v2.7.214 CVEs
v2.7.314 CVEs
v2.7.414 CVEs
v2.7.514 CVEs
v2.7.614 CVEs
v2.7.714 CVEs
v2.7.814 CVEs
v2.7.914 CVEs
v2.8.014 CVEs
v2.8.0-beta.014 CVEs
v2.8.0-beta.114 CVEs
v2.8.0-beta.214 CVEs
v2.8.0-beta.314 CVEs
v2.8.0-beta.414 CVEs
v2.8.0-beta.514 CVEs
v2.8.0-beta.614 CVEs
v2.8.0-beta.714 CVEs
v2.8.114 CVEs
v2.8.214 CVEs
v2.8.314 CVEs
v2.8.414 CVEs
v2.8.514 CVEs
v2.8.614 CVEs
v2.9.014 CVEs
v2.9.0-beta.014 CVEs
v2.9.0-beta.114 CVEs
v2.9.0-beta.1014 CVEs
v2.9.0-beta.1114 CVEs
v2.9.0-beta.214 CVEs
v2.9.0-beta.314 CVEs
v2.9.0-beta.414 CVEs
v2.9.0-beta.514 CVEs
v2.9.0-beta.614 CVEs
v2.9.0-beta.714 CVEs
v2.9.0-beta.814 CVEs
v2.9.0-beta.914 CVEs
v2.9.114 CVEs
v2.9.214 CVEs
v2.9.314 CVEs
v2.9.414 CVEs
v2.9.514 CVEs
v2.9.614 CVEs
v2.9.714 CVEs
v2.9.814 CVEs
v4.0.014 CVEs
v4.0.114 CVEs
v4.0.214 CVEs
v4.0.314 CVEs
v4.0.414 CVEs
v4.1.014 CVEs
v4.1.114 CVEs
v4.1.214 CVEs
v4.1.314 CVEs
v4.1.414 CVEs
v4.2.014 CVEs
v4.2.114 CVEs
v4.3.014 CVEs
v4.3.114 CVEs
v4.3.214 CVEs
v4.3.314 CVEs
v4.3.414 CVEs
v4.3.514 CVEs
v4.3.614 CVEs
v4.3.714 CVEs
v4.3.814 CVEs
create-vite@3.0.113 CVEs
create-vite@3.0.213 CVEs
create-vite@3.1.013 CVEs
create-vite@3.2.013 CVEs
create-vite@3.2.113 CVEs
create-vite@4.1.0-beta.013 CVEs
create-vite@4.2.0-beta.013 CVEs
create-vite@4.2.0-beta.113 CVEs
create-vite@4.3.0-beta.013 CVEs
create-vite@4.3.213 CVEs
create-vite@4.4.013 CVEs
create-vite@4.4.113 CVEs
create-vite@5.0.013 CVEs
plugin-legacy@2.0.0-alpha.013 CVEs
plugin-legacy@2.0.0-alpha.113 CVEs
plugin-legacy@2.0.0-alpha.213 CVEs
plugin-legacy@2.0.0-beta.013 CVEs
plugin-legacy@2.0.113 CVEs
plugin-legacy@2.1.013 CVEs
plugin-legacy@2.1.0-beta.013 CVEs
plugin-legacy@2.2.013 CVEs
plugin-legacy@2.3.013 CVEs
plugin-legacy@2.3.0-beta.013 CVEs
plugin-legacy@2.3.113 CVEs
plugin-legacy@4.0.513 CVEs
plugin-legacy@4.1.013 CVEs
plugin-legacy@4.1.113 CVEs
plugin-legacy@5.0.013 CVEs
plugin-legacy@5.1.013 CVEs
plugin-legacy@5.2.013 CVEs
plugin-react@2.0.0-alpha.013 CVEs
plugin-react@2.0.0-alpha.113 CVEs
plugin-react@2.0.0-alpha.213 CVEs
plugin-react@2.0.0-alpha.313 CVEs
plugin-react@2.0.0-beta.013 CVEs
plugin-react@2.0.113 CVEs
plugin-react@2.1.013 CVEs
plugin-react@2.1.0-beta.013 CVEs
plugin-react@2.2.013 CVEs
plugin-react@2.2.0-beta.013 CVEs
plugin-vue-jsx@2.0.0-alpha.013 CVEs
plugin-vue-jsx@2.0.0-alpha.113 CVEs
plugin-vue-jsx@2.0.0-beta.013 CVEs
plugin-vue-jsx@2.0.113 CVEs
plugin-vue-jsx@2.1.013 CVEs
plugin-vue-jsx@2.1.0-beta.013 CVEs
plugin-vue-jsx@2.1.113 CVEs
plugin-vue@3.0.0-alpha.013 CVEs
plugin-vue@3.0.0-alpha.113 CVEs
plugin-vue@3.0.0-alpha.213 CVEs
plugin-vue@3.0.0-beta.013 CVEs
plugin-vue@3.0.213 CVEs
plugin-vue@3.0.313 CVEs
plugin-vue@3.1.013 CVEs
plugin-vue@3.1.0-beta.013 CVEs
plugin-vue@3.2.013 CVEs
plugin-vue@3.2.0-beta.013 CVEs
v3.0.0-alpha.013 CVEs
v3.0.0-alpha.113 CVEs
v3.0.0-alpha.1013 CVEs
v3.0.0-alpha.1113 CVEs
v3.0.0-alpha.1213 CVEs
v3.0.0-alpha.1313 CVEs
v3.0.0-alpha.1413 CVEs
v3.0.0-alpha.213 CVEs
v3.0.0-alpha.313 CVEs
v3.0.0-alpha.413 CVEs
v3.0.0-alpha.513 CVEs
v3.0.0-alpha.613 CVEs
v3.0.0-alpha.713 CVEs
v3.0.0-alpha.813 CVEs
v3.0.0-alpha.913 CVEs
v3.0.0-beta.013 CVEs
v3.0.0-beta.113 CVEs
v3.0.0-beta.213 CVEs
v3.0.0-beta.313 CVEs
v3.0.213 CVEs
v3.0.313 CVEs
v3.0.413 CVEs
v3.0.513 CVEs
v3.0.613 CVEs
v3.0.713 CVEs
v3.0.813 CVEs
v3.0.913 CVEs
v3.1.013 CVEs
v3.1.0-beta.013 CVEs
v3.1.0-beta.113 CVEs
v3.1.0-beta.213 CVEs
v3.1.113 CVEs
v3.1.213 CVEs
v3.1.313 CVEs
v3.2.013 CVEs
v3.2.0-beta.013 CVEs
v3.2.0-beta.113 CVEs
v3.2.0-beta.213 CVEs
v3.2.0-beta.313 CVEs
v3.2.0-beta.413 CVEs
v3.2.113 CVEs
v3.2.213 CVEs
v3.2.313 CVEs
v4.1.0-beta.013 CVEs
v4.1.0-beta.113 CVEs
v4.1.0-beta.213 CVEs
v4.2.0-beta.013 CVEs
v4.2.0-beta.113 CVEs
v4.2.0-beta.213 CVEs
v4.3.0-beta.013 CVEs
v4.3.0-beta.113 CVEs
v4.3.0-beta.213 CVEs
v4.3.0-beta.313 CVEs
v4.3.0-beta.413 CVEs
v4.3.0-beta.513 CVEs
v4.3.0-beta.613 CVEs
v4.3.0-beta.713 CVEs
v4.3.0-beta.813 CVEs
v4.3.913 CVEs
v4.4.013 CVEs
v4.4.0-beta.013 CVEs
v4.4.0-beta.113 CVEs
v4.4.0-beta.213 CVEs
v4.4.0-beta.313 CVEs
v4.4.0-beta.413 CVEs
v4.4.113 CVEs
v4.4.213 CVEs
v4.4.313 CVEs
v4.4.413 CVEs
v4.4.513 CVEs
v4.4.613 CVEs
v4.4.713 CVEs
v4.4.813 CVEs
v4.4.913 CVEs
v5.0.013 CVEs
v5.0.113 CVEs
v5.0.213 CVEs
v5.0.313 CVEs
v5.0.413 CVEs
create-vite@3.0.012 CVEs
create-vite@5.1.012 CVEs
plugin-legacy@2.0.012 CVEs
plugin-legacy@2.0.0-beta.112 CVEs
plugin-react@2.0.012 CVEs
plugin-react@2.0.0-beta.112 CVEs
plugin-vue-jsx@2.0.012 CVEs
plugin-vue@3.0.012 CVEs
plugin-vue@3.0.0-beta.112 CVEs
plugin-vue@3.0.112 CVEs
v3.0.012 CVEs
v3.0.0-beta.1012 CVEs
v3.0.0-beta.412 CVEs
v3.0.0-beta.512 CVEs
v3.0.0-beta.612 CVEs
v3.0.0-beta.712 CVEs
v3.0.0-beta.812 CVEs
v3.0.0-beta.912 CVEs
v3.0.112 CVEs
v5.0.1012 CVEs
v5.0.1112 CVEs
v5.0.512 CVEs
v5.0.612 CVEs
v5.0.712 CVEs
v5.0.812 CVEs
v5.0.912 CVEs
create-vite@5.2.011 CVEs
create-vite@5.2.111 CVEs
create-vite@5.2.211 CVEs
create-vite@5.2.311 CVEs
create-vite@5.3.011 CVEs
create-vite@5.4.011 CVEs
create-vite@5.5.011 CVEs
create-vite@5.5.111 CVEs
create-vite@5.5.211 CVEs
plugin-legacy@5.3.011 CVEs
plugin-legacy@5.3.111 CVEs
plugin-legacy@5.3.211 CVEs
plugin-legacy@5.4.011 CVEs
plugin-legacy@5.4.211 CVEs
v4.4.1011 CVEs
v4.4.1111 CVEs
v4.5.011 CVEs
v5.1.011 CVEs
v5.1.0-beta.011 CVEs
v5.1.0-beta.111 CVEs
v5.1.0-beta.211 CVEs
v5.1.0-beta.311 CVEs
v5.1.0-beta.411 CVEs
v5.1.0-beta.511 CVEs
v5.1.0-beta.611 CVEs
v5.1.0-beta.711 CVEs
v5.1.111 CVEs
v5.1.211 CVEs
v5.1.311 CVEs
v5.1.411 CVEs
v5.1.511 CVEs
v5.1.611 CVEs
v5.2.011 CVEs
v5.2.0-beta.011 CVEs
v5.2.0-beta.111 CVEs
v5.2.111 CVEs
v5.2.1011 CVEs
v5.2.1111 CVEs
v5.2.1211 CVEs
v5.2.211 CVEs
v5.2.311 CVEs
v5.2.411 CVEs
v5.2.511 CVEs
v5.2.611 CVEs
v5.2.711 CVEs
v5.2.811 CVEs
v5.2.911 CVEs
v5.3.011 CVEs
v5.3.111 CVEs
v5.3.211 CVEs
v5.3.311 CVEs
v5.3.411 CVEs
v5.3.511 CVEs
v5.4.011 CVEs
v5.4.111 CVEs
v5.4.211 CVEs
v5.4.311 CVEs
v5.4.411 CVEs
v5.4.511 CVEs
create-vite@4.0.0-beta.010 CVEs
plugin-legacy@3.0.0-alpha.010 CVEs
plugin-react@3.0.0-alpha.010 CVEs
plugin-react@3.0.0-alpha.110 CVEs
plugin-react@3.0.0-alpha.210 CVEs
plugin-vue-jsx@3.0.0-alpha.010 CVEs
plugin-vue@4.0.0-alpha.010 CVEs
plugin-vue@4.0.0-alpha.110 CVEs
plugin-vue@4.0.0-alpha.210 CVEs
v4.0.0-alpha.010 CVEs
v4.0.0-alpha.110 CVEs
v4.0.0-alpha.210 CVEs
v4.0.0-alpha.310 CVEs
v4.0.0-alpha.410 CVEs
v4.0.0-alpha.510 CVEs
v4.0.0-alpha.610 CVEs
v4.0.0-beta.010 CVEs
v4.0.0-beta.110 CVEs
v4.0.0-beta.210 CVEs
v4.0.0-beta.310 CVEs
v4.0.0-beta.410 CVEs
v4.0.0-beta.510 CVEs
v4.0.0-beta.610 CVEs
v4.0.0-beta.710 CVEs
v4.5.110 CVEs
create-vite@6.0.09 CVEs
create-vite@6.0.19 CVEs
create-vite@6.1.09 CVEs
create-vite@6.1.19 CVEs
plugin-legacy@5.4.19 CVEs
plugin-legacy@6.0.09 CVEs
v4.5.29 CVEs
v5.3.0-beta.09 CVEs
v5.3.0-beta.19 CVEs
v5.3.0-beta.29 CVEs
v5.4.0-beta.09 CVEs
v5.4.0-beta.19 CVEs
v5.4.109 CVEs
v5.4.119 CVEs
v5.4.69 CVEs
v5.4.79 CVEs
v5.4.89 CVEs
v5.4.99 CVEs
v6.0.09 CVEs
v6.0.19 CVEs
v6.0.29 CVEs
v6.0.39 CVEs
v6.0.49 CVEs
v6.0.59 CVEs
v6.0.69 CVEs
v6.0.79 CVEs
v6.0.89 CVEs
create-vite@6.2.08 CVEs
create-vite@6.2.18 CVEs
create-vite@6.3.08 CVEs
create-vite@6.3.18 CVEs
plugin-legacy@6.0.18 CVEs
plugin-legacy@6.0.28 CVEs
v4.5.38 CVEs
v4.5.48 CVEs
v5.4.128 CVEs
v5.4.138 CVEs
v5.4.148 CVEs
v6.0.108 CVEs
v6.0.118 CVEs
v6.0.98 CVEs
v6.1.08 CVEs
v6.1.18 CVEs
v6.2.08 CVEs
v6.2.18 CVEs
v6.2.28 CVEs
v5.4.157 CVEs
v4.5.56 CVEs
v5.4.166 CVEs
v4.5.65 CVEs
v4.5.75 CVEs
v4.5.85 CVEs
v4.5.95 CVEs
v5.4.175 CVEs
create-vite@6.4.04 CVEs
create-vite@6.4.14 CVEs
plugin-legacy@6.1.04 CVEs
plugin-legacy@6.1.14 CVEs
v3.2.44 CVEs
v3.2.54 CVEs
v3.2.64 CVEs
v4.5.104 CVEs
v5.4.184 CVEs
v6.1.0-beta.04 CVEs
v6.1.0-beta.14 CVEs
v6.1.0-beta.24 CVEs
v6.1.24 CVEs
v6.2.34 CVEs
v6.3.04 CVEs
v6.3.14 CVEs
v6.3.24 CVEs
v6.3.34 CVEs
>= 8.0.0, < 8.0.53 CVEs
create-vite@2.9.43 CVEs
create-vite@5.0.0-beta.03 CVEs
create-vite@5.0.0-beta.13 CVEs
create-vite@6.5.03 CVEs
create-vite@7.0.03 CVEs
create-vite@7.0.13 CVEs
create-vite@7.0.23 CVEs
create-vite@7.0.33 CVEs
create-vite@7.1.03 CVEs
create-vite@7.1.13 CVEs
plugin-legacy@5.0.0-beta.03 CVEs
plugin-legacy@5.0.0-beta.13 CVEs
plugin-legacy@5.0.0-beta.23 CVEs
plugin-legacy@5.0.0-beta.33 CVEs
plugin-legacy@7.0.03 CVEs
plugin-legacy@7.0.13 CVEs
plugin-legacy@7.1.03 CVEs
plugin-legacy@7.2.03 CVEs
plugin-legacy@7.2.13 CVEs
plugin-vue@2.3.33 CVEs
v2.9.103 CVEs
v2.9.113 CVEs
v2.9.123 CVEs
v2.9.93 CVEs
v3.2.73 CVEs
v4.5.113 CVEs
v5.0.0-beta.03 CVEs
v5.0.0-beta.13 CVEs
v5.0.0-beta.103 CVEs
v5.0.0-beta.113 CVEs
v5.0.0-beta.123 CVEs
v5.0.0-beta.133 CVEs
v5.0.0-beta.143 CVEs
v5.0.0-beta.153 CVEs
v5.0.0-beta.163 CVEs
v5.0.0-beta.173 CVEs
v5.0.0-beta.183 CVEs
v5.0.0-beta.193 CVEs
v5.0.0-beta.23 CVEs
v5.0.0-beta.203 CVEs
v5.0.0-beta.33 CVEs
v5.0.0-beta.43 CVEs
v5.0.0-beta.53 CVEs
v5.0.0-beta.63 CVEs
v5.0.0-beta.73 CVEs
v5.0.0-beta.83 CVEs
v5.0.0-beta.93 CVEs
v5.4.193 CVEs
v6.0.123 CVEs
v6.1.33 CVEs
v6.2.0-beta.03 CVEs
v6.2.0-beta.13 CVEs
v6.2.43 CVEs
v6.3.0-beta.03 CVEs
v6.3.0-beta.13 CVEs
v6.3.0-beta.23 CVEs
v6.3.43 CVEs
v6.3.53 CVEs
v7.0.03 CVEs
v7.0.13 CVEs
v7.0.23 CVEs
v7.0.33 CVEs
v7.0.43 CVEs
v7.0.53 CVEs
v7.0.63 CVEs
v7.1.03 CVEs
v7.1.13 CVEs
v7.1.23 CVEs
v7.1.33 CVEs
v7.1.43 CVEs
< 3.2.112 CVEs
< 5.4.202 CVEs
>= 4.0.0, < 4.5.52 CVEs
>= 5.0.0, < 5.2.142 CVEs
>= 5.3.0, < 5.3.62 CVEs
>= 5.4.0, < 5.4.62 CVEs
>= 6.0.0, < 6.3.62 CVEs
>= 6.0.0, < 6.4.22 CVEs
>= 7.0.0, < 7.0.72 CVEs
>= 7.0.0, < 7.3.22 CVEs
>= 7.1.0, < 7.1.52 CVEs
create-vite@2.9.52 CVEs
plugin-vue@2.3.42 CVEs
v2.9.132 CVEs
v2.9.142 CVEs
v2.9.152 CVEs
v3.2.102 CVEs
v3.2.92 CVEs
v4.5.122 CVEs
v5.2.132 CVEs
v6.0.132 CVEs
v6.1.42 CVEs
v6.2.52 CVEs
< 2.9.161 CVE
< 4.5.101 CVE
< 4.5.111 CVE
< 4.5.121 CVE
< 4.5.131 CVE
< 4.5.141 CVE
< 4.5.61 CVE
= 4.5.01 CVE
>= 2.7.0, <= 2.9.171 CVE
>= 2.9.18, < 3.0.01 CVE
>= 3.0.0, <= 3.2.81 CVE
>= 3.0.2, < 3.2.71 CVE
>= 3.2.9, < 4.0.01 CVE
>= 4.0.0, < 4.0.51 CVE
>= 4.0.0, <= 4.5.21 CVE
>= 4.1.0, < 4.1.51 CVE
>= 4.2.0, < 4.2.31 CVE
>= 4.3.0, < 4.3.91 CVE
>= 4.5.3, < 5.0.01 CVE
>= 5.0.0, < 5.4.121 CVE
>= 5.0.0, < 5.4.151 CVE
>= 5.0.0, < 5.4.161 CVE
>= 5.0.0, < 5.4.181 CVE
>= 5.0.0, < 5.4.191 CVE
>= 5.0.0, <= 5.0.121 CVE
>= 5.1.0, <= 5.1.61 CVE
>= 5.2.0, <= 5.2.51 CVE
>= 5.2.6, < 5.4.211 CVE
>= 6.0.0, < 6.0.121 CVE
>= 6.0.0, < 6.0.131 CVE
>= 6.0.0, < 6.0.151 CVE
>= 6.0.0, < 6.0.91 CVE
>= 6.0.0, < 6.1.61 CVE
>= 6.0.0, < 6.4.11 CVE
>= 6.1.0, < 6.1.21 CVE
>= 6.1.0, < 6.1.31 CVE
>= 6.1.0, < 6.1.51 CVE
>= 6.2.0, < 6.2.31 CVE
>= 6.2.0, < 6.2.41 CVE
>= 6.2.0, < 6.2.61 CVE
>= 6.2.0, < 6.2.71 CVE
>= 6.3.0, < 6.3.41 CVE
>= 7.0.0, < 7.0.81 CVE
>= 7.1.0, < 7.1.111 CVE
>= 7.1.0, < 7.3.21 CVE
>=2.7.0, < 2.9.171 CVE
>=3.0.0, <3.2.81 CVE
>=4.0.0, < 4.5.21 CVE
>=4.4.0, < 4.4.121 CVE
>=5.0.0, < 5.0.121 CVE
>=5.0.0, < 5.0.51 CVE
>=5.0.0, < 5.4.171 CVE
>=6.0.0, < 6.0.141 CVE
>=6.1.0, < 6.1.41 CVE
>=6.2.0, < 6.2.51 CVE
create-vite@7.1.21 CVE
create-vite@7.1.31 CVE
create-vite@8.0.01 CVE
create-vite@8.0.0-beta.01 CVE
create-vite@8.0.11 CVE
create-vite@8.0.21 CVE
v2.9.161 CVE
v4.2.21 CVE
v4.5.131 CVE
v5.0.121 CVE
v5.4.201 CVE
v6.0.141 CVE
v6.1.51 CVE
v6.2.61 CVE
v6.3.61 CVE
v6.3.71 CVE
v6.4.01 CVE
v7.0.71 CVE
v7.1.101 CVE
v7.1.51 CVE
v7.1.61 CVE
v7.1.71 CVE
v7.1.81 CVE
v7.1.91 CVE

Fixed in

4.5.53 CVEs
3.2.112 CVEs
3f337c5e24504e51188d29c970de1416ee523dbb2 CVEs
45b8644543f1adfb9c02bf88461278d9f71196422 CVEs
5.2.142 CVEs
5.3.62 CVEs
5.4.202 CVEs
5.4.62 CVEs
564754061e9494f355370e31ee9d7ea5abef60372 CVEs
6.3.62 CVEs
673ae1607dde2f4296dfd2a90f7de77897c4bd5e2 CVEs
7.0.72 CVEs
7.1.52 CVEs

Find a version

20 CVEs

Sort

launch-editor vulnerable to command injection via the crafted request on Windows
CVE-2024-52011
Patch
CWE-77
High · CVSS 7.5
EPSS 0.1% (19th pct)2026-06-01
Vite has a Path Traversal in Optimized Deps `.map` Handling
CVE-2026-39365
Public exploit
Patch
CWE-22
Medium · CVSS 6.3
EPSS 1.5% (81th pct)2026-04-07
Vite has a `server.fs.deny` bypass with queries
CVE-2026-39364
Public exploit
Patch
CWE-180
High · CVSS 8.2
EPSS 5.1% (90th pct)2026-04-07
Vite Affected by Arbitrary File Read via Vite Dev Server WebSocket
CVE-2026-39363
Public exploit
Patch
CWE-200
High · CVSS 8.2
EPSS 6.6% (91th pct)2026-04-07
vite allows server.fs.deny bypass via backslash on Windows
CVE-2025-62522
Public exploit
Patch
CWE-22
Medium · CVSS 6.0
EPSS 1.1% (78th pct)2025-10-20
Vite's `server.fs` settings were not applied to HTML files
CVE-2025-58752
Public exploit
Patch
CWE-23
Low · CVSS 2.3
EPSS 0.0% (8th pct)2025-09-08
Vite middleware may serve files starting with the same name with the public directory
CVE-2025-58751
Public exploit
Patch
CWE-22
Low · CVSS 2.3
EPSS 1.4% (81th pct)2025-09-08
Vite's server.fs.deny bypassed with /. for files under project root
CVE-2025-46565
Public exploit
Patch
CWE-22
Medium · CVSS 6.0
EPSS 1.4% (81th pct)2025-05-01
Vite has an `server.fs.deny` bypass with an invalid `request-target`
CVE-2025-32395
Public exploit
Patch
CWE-200
Medium · CVSS 6.0
EPSS 3.2% (87th pct)2025-04-10
Vite allows server.fs.deny to be bypassed with .svg or relative paths
CVE-2025-31486
Public exploit
Patch
CWE-200
Medium · CVSS 5.3
EPSS 4.7% (90th pct)2025-04-03
Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
CVE-2025-31125
CISA KEV
Public exploit
Patch
CWE-284
Added to CISA KEV 2026-01-22
High · CVSS 8.7
EPSS 83.2% (99th pct)2025-03-31
Vite bypasses server.fs.deny when using `?raw??`
CVE-2025-30208
Public exploit
Patch
CWE-200
Medium · CVSS 5.3
EPSS 89.8% (100th pct)2025-03-24
Vite allows any websites to send any requests to the development server and read the response
CVE-2025-24010
Public exploit
Patch
CWE-346
Medium · CVSS 6.5
EPSS 0.1% (26th pct)2025-01-20
Medium vulnerability · 2024-09-17
CVE-2024-45812
Public exploit
Patch
CWE-79
Medium · CVSS 6.4
EPSS 0.3% (49th pct)2024-09-17
Medium vulnerability · 2024-09-17
CVE-2024-45811
Public exploit
Patch
CWE-284
Medium · CVSS 4.8
EPSS 0.0% (3th pct)2024-09-17
Vite's `server.fs.deny` did not deny requests for patterns with directories
CVE-2024-31207
Patch
CWE-284
Medium · CVSS 5.9
EPSS 0.2% (47th pct)2024-04-04
High vulnerability · 2024-01-19
CVE-2024-23331
Public exploit
Patch
CWE-178
High · CVSS 7.5
EPSS 0.5% (65th pct)2024-01-19
Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite
CVE-2023-49293
Patch
CWE-79
Medium · CVSS 6.1
EPSS 7.3% (92th pct)2023-12-04
High vulnerability · 2023-06-01
CVE-2023-34092
Public exploit
Patch
CWE-50
High · CVSS 7.5
EPSS 51.3% (98th pct)2023-06-01
Vulnerability · 2022-08-18
CVE-2022-35204
Patch
Unscored
EPSS 1.0% (77th pct)2022-08-18

vitejs vite Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other vitejs products

Frequently asked questions

How many CVEs does vitejs vite have?

How many vitejs vite CVEs are in CISA KEV?

Are there public exploits for vitejs vite vulnerabilities?

Which versions of vitejs vite are affected?

What are the most common weakness types in vitejs vite CVEs?

What is the average severity of vitejs vite CVEs?

References

Track vitejs vite vulnerabilities