Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

vite

Ecosystem:
npm
Package URL:
pkg:npm/vite
Total PRs:
106,988 Dependabot PRs
Latest PR:
about 3 hours ago
Unique Repositories:
41,432 repositories
Unique Repos (30 days):
1,119 repositories
Security Advisories
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
GHSA-353f-5xf4-qw67 CVE-2023-34092 HIGH published almost 3 years ago • updated 4 days ago
The issue involves a security vulnerability in Vite where the server options can be bypassed using a double forward slash (`//`). This vulnerabilit...
Vite middleware may serve files starting with the same name with the public directory
GHSA-g4jq-h2w9-997c CVE-2025-58751 LOW published 6 months ago • updated 15 days ago
### Summary Files starting with the same name with the public directory were served bypassing the `server.fs` settings. ### Impact Only apps that ...
Vite's server.fs.deny bypassed with /. for files under project root
GHSA-859w-5945-r5v3 CVE-2025-46565 MODERATE published 10 months ago • updated 13 days ago
### Summary The contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching patt...
Vite has an `server.fs.deny` bypass with an invalid `request-target`
GHSA-356w-63v5-8wf4 CVE-2025-32395 MODERATE published 11 months ago • updated 7 days ago
### Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. ### Impact Only apps with ...
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
GHSA-mv48-hcvh-8jj8 CVE-2022-35204 HIGH published over 3 years ago • updated 27 days ago
Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.
View all 16 advisories
Recent PRs
RSS Feed
Bump vite from 6.4.1 to 7.3.1

hermes-hq/hermes-ide #66

6.4.1 → 7.3.1 Major PR
Open about 3 hours ago 1 comment
hermes-hq
build(deps): bump the npm_and_yarn group across 1 directory with 21 updates

JounQin/renovate #12

6.3.5 → 6.4.1 Minor PR
Open about 4 hours ago 3 comments
JounQin
Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__vercel__PR36880__20260310 #37

6.1.0 → 7.3.1 Major PR
Open about 6 hours ago 1 comment
code-review-benchmark
Bump vite from 6.3.5 to 6.4.1 in the npm_and_yarn group across 1 directory

Wasel-14/Wasselridesharing14 #1

6.3.5 → 6.4.1 Minor PR
Closed about 6 hours ago 2 comments
Wasel-14
chore(deps-dev): bump vite from 5.4.21 to 7.3.1

mickosana/dura #5

5.4.21 → 7.3.1 Major PR
Closed about 7 hours ago 2 comments
mickosana
build(deps-dev): bump the npm_and_yarn group across 2 directories with 2 updates

Dargon789/thirdweb-dev #661

7.1.7 → 7.1.11 Patch PR
Open about 13 hours ago 1 comment
Dargon789
Bump the dev-dependencies group across 1 directory with 20 updates

journium/journium-js #69

5.4.21 → 7.3.1 Major PR
Open about 14 hours ago 1 comment
journium
chore(deps): bump esbuild and vite

Chiammu/Expense-Tracker #26

5.4.21 → 7.3.1 Major PR
Open about 14 hours ago 3 comments
Chiammu
Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__bito__PR37429__20260310 #53

6.1.0 → 7.3.1 Major PR
Open about 15 hours ago 1 comment
code-review-benchmark
build(deps): Bump the npm_and_yarn group across 1 directory with 9 updates

OsoPanda1/citemesh-roots #2

5.4.19 → 5.4.21 Patch PR
Open about 15 hours ago 1 comment
OsoPanda1
Bump vite from 6.0.11 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__bito__PR36882__20260310 #12

6.0.11 → 7.3.1 Major PR
Open about 16 hours ago 1 comment
code-review-benchmark
Bump vite from 6.2.3 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__sentry__PR38446__20260310 #52

6.2.3 → 7.3.1 Major PR
Open about 16 hours ago 1 comment
code-review-benchmark
Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__sentry__PR37038__20260309 #45

6.1.0 → 7.3.1 Major PR
Open about 16 hours ago 1 comment
code-review-benchmark
Bump vite from 8.0.0-beta.16 to 8.0.0-beta.18

Gobd/dak #180

8.0.0-beta.16 → 8.0.0-beta.18
Open about 17 hours ago 1 comment
Gobd
Bump vite from 7.0.5 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak-greptile__korbit__PR1__20260309 #45

7.0.5 → 7.3.1 Minor PR
Open about 17 hours ago 1 comment
code-review-benchmark
build(deps-dev): bump vite from 4.5.14 to 7.3.1

Krugou/elementdemo #3

4.5.14 → 7.3.1 Major PR
Closed about 19 hours ago 1 comment
Krugou
chore(deps-dev): bump the development-dependencies group across 1 directory with 8 updates

byldpartners/byld.ui #4

6.4.1 → 7.3.1 Major PR
Closed about 19 hours ago 1 comment
byldpartners
Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__codeant__PR37429__20260309 #31

6.1.0 → 7.3.1 Major PR
Open about 20 hours ago 1 comment
code-review-benchmark
Bump vite from 6.2.3 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__kodus__PR38446__20260309 #52

6.2.3 → 7.3.1 Major PR
Open about 20 hours ago 1 comment
code-review-benchmark
Bump vite from 7.0.5 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak-greptile__linearb__PR1__20260309 #44

7.0.5 → 7.3.1 Minor PR
Open about 20 hours ago 1 comment
code-review-benchmark
Bump vite from 6.2.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__codeant__PR37634__20260309 #35

6.2.0 → 7.3.1 Major PR
Open about 20 hours ago 1 comment
code-review-benchmark
Bump vite from 6.2.3 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__codeant__PR38446__20260309 #35

6.2.3 → 7.3.1 Major PR
Open about 20 hours ago 1 comment
code-review-benchmark
Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__kodus__PR36880__20260309 #44

6.1.0 → 7.3.1 Major PR
Open about 21 hours ago 1 comment
code-review-benchmark
Bump vite from 5.4.5 to 7.3.1

code-review-benchmark/keycloak__keycloak__codeant__PR32918__20260309 #61

5.4.5 → 7.3.1 Major PR
Open about 21 hours ago 1 comment
code-review-benchmark
Bump vite from 6.0.11 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__macroscope__PR36882__20260309 #18

6.0.11 → 7.3.1 Major PR
Open about 22 hours ago 1 comment
code-review-benchmark
Bump vite from 5.4.21 to 7.3.1 in /frontend

Mentat-Lab/preclinical #27

5.4.21 → 7.3.1 Major PR
Open about 23 hours ago 1 comment
Mentat-Lab
Bump esbuild and vite

Davidic-Core/D-Bolt-AI #3

5.4.21 → 7.3.1 Major PR
Closed about 23 hours ago 2 comments
Davidic-Core
Bump esbuild and vite in /frontend

Mentat-Lab/preclinical #11

5.4.21 → 7.3.1 Major PR
Closed about 23 hours ago 3 comments
Mentat-Lab
chore(deps-dev): bump vite from 5.4.21 to 7.3.1 in /frontend

ironlayer/ironlayer_oss #20

5.4.21 → 7.3.1 Major PR
Open about 23 hours ago 1 comment
ironlayer
Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__macroscope__PR37038__20260309 #38

6.1.0 → 7.3.1 Major PR
Open about 23 hours ago 1 comment
code-review-benchmark
Bump vite from 6.1.0 to 7.3.1 in /js

zionfyre/keycloak__keycloak__gadaa__PR37038__20260309 #58

6.1.0 → 7.3.1 Major PR
Open about 23 hours ago 1 comment
zionfyre
chore(deps-dev): bump vite from 6.4.1 to 7.3.1 in /web

pfenerty/oxidex #7

6.4.1 → 7.3.1 Major PR
Open about 23 hours ago 1 comment
pfenerty
Bump vite from 6.1.0 to 7.3.1 in /js

CloudAEye/keycloak__keycloak__cloudaeye__PR37038__20260310 #40

6.1.0 → 7.3.1 Major PR
Open 1 day ago 1 comment
CloudAEye
Bump vite from 6.0.11 to 7.3.1 in /js

CloudAEye/keycloak__keycloak__cloudaeye__PR36882__20260310 #44

6.0.11 → 7.3.1 Major PR
Open 1 day ago 1 comment
CloudAEye
Bump vite from 5.4.5 to 7.3.1

CloudAEye/keycloak__keycloak__cloudaeye__PR32918__20260310 #62

5.4.5 → 7.3.1 Major PR
Open 1 day ago 1 comment
CloudAEye
Bump vite from 7.0.5 to 7.3.1 in /js

CloudAEye/keycloak__keycloak-greptile__cloudaeye__PR1__20260310 #48

7.0.5 → 7.3.1 Minor PR
Open 1 day ago 1 comment
CloudAEye
Bump vite from 6.2.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__claude-code__PR37634__20260309 #22

6.2.0 → 7.3.1 Major PR
Open 1 day ago 1 comment
code-review-benchmark
chore(deps-dev): bump the development-dependencies group across 1 directory with 7 updates

byldpartners/byld.ui #3

6.4.1 → 7.3.1 Major PR
Closed 1 day ago 2 comments
byldpartners
deps: bump the development-dependencies group in /app with 26 updates

utkarsh5026/mdhd #62

6.4.1 → 7.3.1 Major PR
Open 1 day ago 2 comments
utkarsh5026
deps(npm)(deps-dev): bump vite from 6.4.1 to 7.3.1

alksef/TTSBard #10

6.4.1 → 7.3.1 Major PR
Open 1 day ago 1 comment
alksef
chore(deps-dev): bump vite from 5.4.21 to 7.3.1

BlackRoad-OS/blackroad-os-core #83

5.4.21 → 7.3.1 Major PR
Open 1 day ago 2 comments
BlackRoad-OS
chore(deps-dev): bump the development-dependencies group across 1 directory with 27 updates

neighborhood-lab/folk-care #1124

7.2.6 → 7.3.1 Minor PR
Open 1 day ago 5 comments
neighborhood-lab
chore(deps): bump the build group across 1 directory with 5 updates

harshareddy-bathala/devAtlas #44

7.3.0 → 7.3.1 Patch PR
Open 1 day ago 2 comments
harshareddy-bathala
deps: bump the dev-dependencies group across 1 directory with 15 updates

SheetMetalConnect/eryxon-flow #440

7.3.0 → 7.3.1 Patch PR
Open 1 day ago 2 comments
SheetMetalConnect
build(deps-dev): bump vite from 5.4.21 to 7.3.1 in /dashboard

CodeWizarz/Temporallayr-Powerhouse #8

5.4.21 → 7.3.1 Major PR
Open 1 day ago 5 comments
CodeWizarz
build(deps): bump the dependencies group across 1 directory with 24 updates

Hoggorm-Design/HappyBrainAndBody #151

7.2.7 → 7.3.1 Minor PR
Open 1 day ago 1 comment
Hoggorm-Design
chore(deps): bump the npm-minor group across 1 directory with 16 updates

rocky2431/ai-trading-system #15

7.2.7 → 7.3.1 Minor PR
Open 1 day ago 1 comment
rocky2431
chore(deps): Bump the npm_and_yarn group across 1 directory with 7 updates

blackboxprogramming/nextjs-ai-chatbot #25

7.1.6 → 7.3.1 Minor PR
Open 1 day ago 2 comments
blackboxprogramming
chore(deps): bump vite from 5.4.21 to 7.3.1 in /frontend

t3ja-parw4tha/KESTREL_SOC #16

5.4.21 → 7.3.1 Major PR
Open 1 day ago 1 comment
t3ja-parw4tha
deps(deps-dev): bump vite from 6.4.1 to 7.3.1 in /frontend

thitar/chore-ganizer #25

6.4.1 → 7.3.1 Major PR
Open 1 day ago 1 comment
thitar
Package Details
Name: vite
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/vite
JSON API: View JSON
Security Advisories

16

Active advisories
HIGH 3
MODERATE 11
LOW 2
View All npm Advisories
Package Information
Description:

Native-ESM powered web dev build tool

Repository: https://github.com/vitejs/vite
Homepage: https://vite.dev
Latest Release: 6.3.5
10 months ago
Dependent Repos: 363,358
Dependent Packages: 31,388
Downloads: 105,034,023
Ranking: Top 0.0591% by dependent repos Top 0.036% by downloads Top 0.0036% by dependent pkgs
PR Status
Open 51,195 (47.9%)
Merged 15,941 (14.9%)
Closed 35,423 (33.1%)
PR Types
Removal 1,010 (0.9%)
Minor 22,052 (20.6%)
Major 31,965 (29.9%)
Patch 47,384 (44.3%)