VYPR

npm package

@builder.io/qwik

pkg:npm/%40builder.io/qwik

Vulnerabilities (4)

  • CVE-2026-27971Mar 3, 2026
    affected < 1.19.1fixed 1.19.1

    Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any

  • CVE-2024-41677Aug 6, 2024
    affected < 1.7.3fixed 1.7.3

    Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` fil

  • CVE-2023-1283Mar 8, 2023
    affected < 0.21.0fixed 0.21.0

    Code Injection in GitHub repository builderio/qwik prior to 0.21.0.

  • CVE-2023-0410Jan 20, 2023
    affected < 0.16.2fixed 0.16.2

    Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.