High severityOSV Advisory· Published Oct 15, 2025· Updated Apr 15, 2026
CVE-2025-62381
CVE-2025-62381
Description
sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can inject string and array properties into Object.prototype, leading to denial of service, type confusion, and potential remote code execution in downstream applications that rely on polluted objects. This vulnerability is fixed in 2.27.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sveltekit-superformsnpm | < 2.27.4 | 2.27.4 |
Affected products
2- Range: v2.0.0, v2.1.0, v2.10.5, …
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.