npm package
@builder.io/qwik
pkg:npm/%40builder.io/qwik
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27971 | — | < 1.19.1 | 1.19.1 | Mar 3, 2026 | Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any | ||
| CVE-2024-41677 | — | < 1.7.3 | 1.7.3 | Aug 6, 2024 | Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` fil | ||
| CVE-2023-1283 | — | < 0.21.0 | 0.21.0 | Mar 8, 2023 | Code Injection in GitHub repository builderio/qwik prior to 0.21.0. | ||
| CVE-2023-0410 | — | < 0.16.2 | 0.16.2 | Jan 20, 2023 | Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5. |
- CVE-2026-27971Mar 3, 2026affected < 1.19.1fixed 1.19.1
Qwik is a performance focused javascript framework. qwik <=1.19.0 is vulnerable to RCE due to an unsafe deserialization vulnerability in the server$ RPC mechanism that allows any unauthenticated user to execute arbitrary code on the server with a single HTTP request. Affects any
- CVE-2024-41677Aug 6, 2024affected < 1.7.3fixed 1.7.3
Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the `render-ssr.ts` fil
- CVE-2023-1283Mar 8, 2023affected < 0.21.0fixed 0.21.0
Code Injection in GitHub repository builderio/qwik prior to 0.21.0.
- CVE-2023-0410Jan 20, 2023affected < 0.16.2fixed 0.16.2
Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.