Sveltejs Kit
11 CVEs affecting Sveltejs Kit. Latest disclosed: 2026-04-10. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-29008 | High | 8.8 | 2023-04-06 | The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for… |
CVE-2023-29003 | High | 8.8 | 2023-04-04 | SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.j… |
CVE-2024-23641 | High | 7.5 | 2024-01-24 | SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request wit… |
CVE-2025-32388 | Medium | 5.4 | 2025-04-15 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.20.6 , unsanitized search param names cause XSS vu… |
CVE-2026-40074 | | 2026-04-10 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle… | |
CVE-2026-40073 | | 2026-04-10 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could… | |
CVE-2026-27118 | | 2026-02-20 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulne… | |
CVE-2026-22803 | | 2026-01-15 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function… | |
CVE-2025-67647 | | 2026-01-15 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side req… | |
CVE-2024-53261 | | 2024-11-25 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, w… | |
CVE-2024-53262 | | 2024-11-25 | SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholde… |