Qwikdev Qwik
9 CVEs affecting Qwikdev Qwik. Latest disclosed: 2026-03-20. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-25150 | Critical | 9.3 | 2026-02-03 | Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj() function within @bui… |
CVE-2026-32701 | High | 7.5 | 2026-03-20 | Qwik is a performance-focused JavaScript framework. Versions prior to 1.19.2 improperly inferred arrays from dotted form field names during FormData parsing. B… |
CVE-2024-41677 | Medium | 6.3 | 2024-08-06 | Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik impr… |
CVE-2026-25151 | Medium | 5.9 | 2026-02-03 | Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request hea… |
CVE-2026-25155 | Medium | 5.9 | 2026-02-03 | Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of… |
CVE-2026-27971 | | 2026-03-03 | Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechan… | |
CVE-2026-25148 | | 2026-02-03 | Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual att… | |
CVE-2026-25149 | | 2026-02-03 | Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware a… | |
CVE-2025-53620 | | 2025-07-09 | @builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an inv… |