npm package
vuetify
pkg:npm/vuetify
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-8083 | Hig | 8.6 | >= 2.2.0-beta.2, < 3.0.0-alpha.10 | 3.0.0-alpha.10 | Dec 12, 2025 | The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html due to the internal 'mergeDeep' utility function used t | |
| CVE-2025-8082 | Med | 6.3 | >= 2.0.0, < 3.0.0 | 3.0.0 | Dec 12, 2025 | Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'tit | |
| CVE-2022-25873 | — | >= 2.0.0-beta.4, < 2.6.10 | 2.6.10 | Sep 18, 2022 | The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component. |
- affected >= 2.2.0-beta.2, < 3.0.0-alpha.10fixed 3.0.0-alpha.10
The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html due to the internal 'mergeDeep' utility function used t
- affected >= 2.0.0, < 3.0.0fixed 3.0.0
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting (XSS) https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'tit
- CVE-2022-25873Sep 18, 2022affected >= 2.0.0-beta.4, < 2.6.10fixed 2.6.10
The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.