CVE-2026-22803
- EPSS 0.02%
- Veröffentlicht 15.01.2026 18:37:57
- Zuletzt bearbeitet 21.01.2026 20:34:46
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing a representation of submitted form data. A specially-c...
CVE-2025-67647
- EPSS 0.02%
- Veröffentlicht 15.01.2026 18:33:25
- Zuletzt bearbeitet 21.01.2026 20:37:37
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial of service (DoS) under certain conditions. From 2.44.0 throu...
CVE-2024-53261
- EPSS 0.12%
- Veröffentlicht 25.11.2024 20:15:10
- Zuletzt bearbeitet 28.08.2025 14:34:39
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Sit...
CVE-2024-23641
- EPSS 0.26%
- Veröffentlicht 24.01.2024 17:15:08
- Zuletzt bearbeitet 21.11.2024 08:58:04
SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, o...