Browse all 5 CVE security advisories affecting vitest-dev. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-53633 | Vitest: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE — vitestCWE-749 | 9.8 | Critical | 2026-07-14 |
| CVE-2026-47428 | Vitest browser mode serves unsanitized otelCarrier query parameter as inline script — vitestCWE-79 | 9.6 | Critical | 2026-07-14 |
| CVE-2026-47429 | Vitest: Arbitrary file can be read and executed when Vitest UI server is listening — vitestCWE-22 | 9.8 | Critical | 2026-07-14 |
| CVE-2025-24963 | Browser mode serves arbitrary files in vitest — vitestCWE-22 | 5.9 | Medium | 2025-02-04 |
| CVE-2025-24964 | Remote Code Execution when accessing a malicious website while Vitest API server is listening — vitestCWE-1385 | 9.7 | Critical | 2025-02-04 |
This page lists every published CVE security advisory associated with vitest-dev. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.