Vite — CVE history (npm)

Vite

22 CVEs affect the Vite npm package (highest CVSS 8.3). 1 on CISA's Known Exploited Vulnerabilities catalog. Latest disclosed: 2026-06-22. Full CVE history sourced from NVD.

Summary

Package
Vite (npm)
Total CVEs
22
Actively exploited (CISA KEV)
1
Highest CVSS
8.3
Latest disclosed
2026-06-22

Recent CVEs (top 20)

CVESeverityCVSSKEVPublishedSummary
CVE-2026-536322026-06-22launch-editor allows users to open files with line numbers in editor from Node.js.
CVE-2026-53571High7.52026-06-22Vite is a frontend tooling framework for JavaScript.
CVE-2024-52011High8.32026-06-01launch-editor allows users to open files with line numbers in editor from Node.js.
CVE-2026-39365Medium5.32026-04-07Vite is a frontend tooling framework for JavaScript.
CVE-2026-39364High7.52026-04-07Vite is a frontend tooling framework for JavaScript.
CVE-2026-39363High7.52026-04-07Vite is a frontend tooling framework for JavaScript.
CVE-2025-625222025-10-20Vite is a frontend tooling framework for JavaScript.
CVE-2025-58752Medium5.32025-09-08Vite is a frontend tooling framework for JavaScript.
CVE-2025-58751Medium5.32025-09-08Vite is a frontend tooling framework for JavaScript.
CVE-2025-46565Medium5.32025-05-01Vite is a frontend tooling framework for javascript.
CVE-2025-323952025-04-10Vite is a frontend tooling framework for javascript.
CVE-2025-31486Medium5.32025-04-03Vite is a frontend tooling framework for javascript.
CVE-2025-31125Medium5.3KEV2025-03-31Vite is a frontend tooling framework for javascript.
CVE-2025-30208Medium5.32025-03-24Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10.
CVE-2025-24010Medium6.52025-01-20Vite is a frontend tooling framework for javascript.
CVE-2024-45812Medium6.42024-09-17Vite a frontend build tooling framework for javascript.
CVE-2024-45811Medium4.82024-09-17Vite a frontend build tooling framework for javascript.
CVE-2024-31207Medium5.92024-04-04Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories.
CVE-2024-23331High7.52024-01-19Vite is a frontend tooling framework for javascript.
CVE-2023-49293Medium6.12023-12-04Vite is a website frontend framework.

All-time worst (top 10 by CVSS)

CVESeverityCVSSKEVPublishedSummary
CVE-2024-52011High8.32026-06-01launch-editor allows users to open files with line numbers in editor from Node.js.
CVE-2026-53571High7.52026-06-22Vite is a frontend tooling framework for JavaScript.
CVE-2026-39364High7.52026-04-07Vite is a frontend tooling framework for JavaScript.
CVE-2026-39363High7.52026-04-07Vite is a frontend tooling framework for JavaScript.
CVE-2024-23331High7.52024-01-19Vite is a frontend tooling framework for javascript.
CVE-2023-34092High7.52023-06-01Vite provides frontend tooling.
CVE-2025-24010Medium6.52025-01-20Vite is a frontend tooling framework for javascript.
CVE-2024-45812Medium6.42024-09-17Vite a frontend build tooling framework for javascript.
CVE-2023-49293Medium6.12023-12-04Vite is a website frontend framework.
CVE-2024-31207Medium5.92024-04-04Vite (French word for "quick", pronounced /vit/, like "veet") is a frontend build tooling to improve the frontend development experience.`server.fs.deny` does not deny requests for patterns with directories.

Actively exploited (CISA KEV — 1)

CVESeverityCVSSKEVPublishedSummary
CVE-2025-31125Medium5.3KEV2025-03-31Vite is a frontend tooling framework for javascript.