`vite`

Ecosystem:
npm

Package URL:
pkg:npm/vite

Total PRs:
107,021 Dependabot PRs

Latest PR:
about 3 hours ago

Unique Repositories:
41,447 repositories

Unique Repos (30 days):
1,078 repositories

Security Advisories

Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)

GHSA-353f-5xf4-qw67 CVE-2023-34092 HIGH published almost 3 years ago • updated 5 days ago

The issue involves a security vulnerability in Vite where the server options can be bypassed using a double forward slash (`//`). This vulnerabilit...

Vite middleware may serve files starting with the same name with the public directory

GHSA-g4jq-h2w9-997c CVE-2025-58751 LOW published 6 months ago • updated 15 days ago

### Summary Files starting with the same name with the public directory were served bypassing the `server.fs` settings. ### Impact Only apps that ...

Vite's server.fs.deny bypassed with /. for files under project root

GHSA-859w-5945-r5v3 CVE-2025-46565 MODERATE published 11 months ago • updated 14 days ago

### Summary The contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching patt...

Vite has an `server.fs.deny` bypass with an invalid `request-target`

GHSA-356w-63v5-8wf4 CVE-2025-32395 MODERATE published 11 months ago • updated 8 days ago

### Summary The contents of arbitrary files can be returned to the browser if the dev server is running on Node or Bun. ### Impact Only apps with ...

Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service

GHSA-mv48-hcvh-8jj8 CVE-2022-35204 HIGH published over 3 years ago • updated 28 days ago

Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

View all 16 advisories

Recent PRs

RSS Feed

Bump esbuild and vite

jchiam/game-tracker #1

5.4.21 → 7.3.1 Major PR

Open about 3 hours ago 1 comment

Bump vite from 5.4.19 to 5.4.21 in /org.knime.r/js-src

knime/knime-r #12

5.4.19 → 5.4.21 Patch PR

Open about 5 hours ago 1 comment

Bump esbuild and vite

zympz/nullrod_ui #1

5.4.21 → 7.3.1 Major PR

Closed about 13 hours ago 2 comments

build(deps): bump the npm_and_yarn group across 1 directory with 21 updates

JounQin/renovate #13

6.3.5 → 6.4.1 Minor PR

Open about 14 hours ago 2 comments

chore(deps-dev): bump vite from 6.4.1 to 7.3.1

seonghobae/bandscope #20

6.4.1 → 7.3.1 Major PR

Open about 15 hours ago 1 comment

chore(deps): bump the frontend-deps group across 1 directory with 48 updates

phrimm136/dante-planner #77

7.2.2 → 7.3.1 Minor PR

Open about 15 hours ago 1 comment

chore(deps): bump the npm_and_yarn group across 9 directories with 29 updates

RemyLoveLogicAI/asi-alliance-wallet #86

5.0.11 → 5.4.21 Minor PR

Open about 15 hours ago 6 comments

chore(deps): bump the npm_and_yarn group across 3 directories with 34 updates

RemyLoveLogicAI/asi-alliance-wallet #85

5.0.11 → 5.4.21 Minor PR

Open about 15 hours ago 5 comments

chore(deps): bump the npm_and_yarn group across 4 directories with 19 updates

Dargon789/aa-sdk #109

5.4.19 → 5.4.21 Patch PR

Open about 15 hours ago 2 comments

deps: bump the development-dependencies group across 1 directory with 11 updates

Vincent-Holm-Drumgole/Aldwin #49

6.4.1 → 7.3.1 Major PR

Open about 15 hours ago 1 comment

Bump vite from 6.2.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__claude-code__PR37634__20260310 #59

6.2.0 → 7.3.1 Major PR

Open about 16 hours ago 1 comment

build(deps): Bump the npm_and_yarn group across 1 directory with 6 updates

Dargon789/thirdweb-dev #666

7.1.7 → 7.1.11 Patch PR

Open about 16 hours ago 1 comment

chore(deps): Bump the npm_and_yarn group across 1 directory with 9 updates

Sherlock999xxx/MCP-SuperAssistant #4

6.1.0 → 6.4.1 Minor PR

Open about 17 hours ago 3 comments

Bump the npm_and_yarn group across 3 directories with 14 updates

jadenblack/Zero #3

6.3.5 → 6.4.1 Minor PR

Open about 17 hours ago 1 comment

chore(deps): bump the npm_and_yarn group across 3 directories with 27 updates

idgrou/crawlee #30

5.4.2 → 5.4.21 Patch PR

Open about 18 hours ago 1 comment

Bump the npm_and_yarn group across 1 directory with 2 updates

kawax/nostr-vercel-api #66

7.0.2 → 7.3.1 Minor PR

Open about 18 hours ago 1 comment

chore(deps-dev): bump vite from 6.4.1 to 7.3.1 in /website

ProwlrBot/prowlrbot #22

6.4.1 → 7.3.1 Major PR

Open about 20 hours ago 1 comment

Bump vite from 6.4.1 to 7.3.1

hermes-hq/hermes-ide #66

6.4.1 → 7.3.1 Major PR

Open about 21 hours ago 1 comment

chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates

alexcolls/qwen-code #13

7.0.0 → 7.3.1 Minor PR

Closed about 23 hours ago 1 comment

build(deps): bump the npm_and_yarn group across 1 directory with 21 updates

JounQin/renovate #12

6.3.5 → 6.4.1 Minor PR

Open about 23 hours ago 4 comments

Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__vercel__PR36880__20260310 #37

6.1.0 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 6.3.5 to 6.4.1 in the npm_and_yarn group across 1 directory

Wasel-14/Wasselridesharing14 #1

6.3.5 → 6.4.1 Minor PR

Closed 1 day ago 2 comments

chore(deps-dev): bump vite from 5.4.21 to 7.3.1

mickosana/dura #5

5.4.21 → 7.3.1 Major PR

Closed 1 day ago 2 comments

build(deps-dev): bump the npm_and_yarn group across 2 directories with 2 updates

Dargon789/thirdweb-dev #661

7.1.7 → 7.1.11 Patch PR

Open 1 day ago 1 comment

Bump the dev-dependencies group across 1 directory with 20 updates

journium/journium-js #69

5.4.21 → 7.3.1 Major PR

Open 1 day ago 1 comment

chore(deps): bump esbuild and vite

Chiammu/Expense-Tracker #26

5.4.21 → 7.3.1 Major PR

Open 1 day ago 3 comments

Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__bito__PR37429__20260310 #53

6.1.0 → 7.3.1 Major PR

Open 1 day ago 1 comment

build(deps): Bump the npm_and_yarn group across 1 directory with 9 updates

OsoPanda1/citemesh-roots #2

5.4.19 → 5.4.21 Patch PR

Open 1 day ago 1 comment

Bump vite from 6.0.11 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__bito__PR36882__20260310 #12

6.0.11 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 6.2.3 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__sentry__PR38446__20260310 #52

6.2.3 → 7.3.1 Major PR

Open 1 day ago 1 comment

chore(deps): Bump esbuild and vite in /site

carlosduplar/eleicoes-2026-monitor #1

5.4.21 → 7.3.1 Major PR

Closed 1 day ago 1 comment

Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__sentry__PR37038__20260309 #45

6.1.0 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 8.0.0-beta.16 to 8.0.0-beta.18

Gobd/dak #180

8.0.0-beta.16 → 8.0.0-beta.18

Open 1 day ago 1 comment

Bump vite from 7.0.5 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak-greptile__korbit__PR1__20260309 #45

7.0.5 → 7.3.1 Minor PR

Open 1 day ago 1 comment

build(deps-dev): bump vite from 4.5.14 to 7.3.1

Krugou/elementdemo #3

4.5.14 → 7.3.1 Major PR

Closed 1 day ago 1 comment

chore(deps-dev): bump the development-dependencies group across 1 directory with 8 updates

byldpartners/byld.ui #4

6.4.1 → 7.3.1 Major PR

Closed 1 day ago 1 comment

Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__codeant__PR37429__20260309 #31

6.1.0 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 6.2.3 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__kodus__PR38446__20260309 #52

6.2.3 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 7.0.5 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak-greptile__linearb__PR1__20260309 #44

7.0.5 → 7.3.1 Minor PR

Open 1 day ago 1 comment

Bump vite from 6.2.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__codeant__PR37634__20260309 #35

6.2.0 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 6.2.3 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__codeant__PR38446__20260309 #35

6.2.3 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__kodus__PR36880__20260309 #44

6.1.0 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 5.4.5 to 7.3.1

code-review-benchmark/keycloak__keycloak__codeant__PR32918__20260309 #61

5.4.5 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 6.0.11 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__macroscope__PR36882__20260309 #18

6.0.11 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 5.4.21 to 7.3.1 in /frontend

Mentat-Lab/preclinical #27

5.4.21 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump esbuild and vite

Davidic-Core/D-Bolt-AI #3

5.4.21 → 7.3.1 Major PR

Closed 1 day ago 2 comments

Bump esbuild and vite in /frontend

Mentat-Lab/preclinical #11

5.4.21 → 7.3.1 Major PR

Closed 1 day ago 3 comments

chore(deps-dev): bump vite from 5.4.21 to 7.3.1 in /frontend

ironlayer/ironlayer_oss #20

5.4.21 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 6.1.0 to 7.3.1 in /js

code-review-benchmark/keycloak__keycloak__macroscope__PR37038__20260309 #38

6.1.0 → 7.3.1 Major PR

Open 1 day ago 1 comment

Bump vite from 6.1.0 to 7.3.1 in /js

zionfyre/keycloak__keycloak__gadaa__PR37038__20260309 #58

6.1.0 → 7.3.1 Major PR

Open 1 day ago 1 comment

Package Details

Name:	`vite`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/vite`
JSON API:	View JSON

Security Advisories

16

Active advisories

HIGH 3

MODERATE 11

LOW 2

View All npm Advisories

Package Information

Description:

Native-ESM powered web dev build tool

Repository:	https://github.com/vitejs/vite
Homepage:	https://vite.dev
Latest Release:	`6.3.5` 10 months ago
Dependent Repos:	363,358
Dependent Packages:	31,388
Downloads:	105,034,023
Ranking:	Top 0.0591% by dependent repos Top 0.036% by downloads Top 0.0036% by dependent pkgs

PR Status

Open 51,213 (47.9%)

Merged 15,941 (14.9%)

Closed 35,438 (33.1%)

PR Types

Removal 1,010 (0.9%)

Minor 22,061 (20.6%)

Major 31,978 (29.9%)

Patch 47,395 (44.3%)