Vendor
Vitest Dev
Products
1
CVEs
2
Across products
2
Status
Private
Products
1- 2 CVEs
Recent CVEs
2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47429 | cri | 0.59 | — | — | Jun 1, 2026 | ### Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. ### Impact Only users that match either of the following conditions are affected: - explicitly exposes the Vitest UI server to the network (using… | ||
| CVE-2026-47428 | cri | 0.52 | — | — | Jun 1, 2026 | ## Summary Vitest browser mode served `/__vitest_test__/` with the `otelCarrier` query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes… |
- risk 0.59cvss —epss —
### Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. ### Impact Only users that match either of the following conditions are affected: - explicitly exposes the Vitest UI server to the network (using…
- risk 0.52cvss —epss —
## Summary Vitest browser mode served `/__vitest_test__/` with the `otelCarrier` query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes…