`vite`

Ecosystem:
npm

Package URL:
pkg:npm/vite

Total PRs:
48,723 Dependabot PRs

Latest PR:
about 3 hours ago

Unique Repositories:
16,985 repositories

Unique Repos (30 days):
5,590 repositories

Security Advisories

Vite's `server.fs.deny` did not deny requests for patterns with directories.

GHSA-8jhw-289h-jh2g CVE-2024-31207 MODERATE published over 1 year ago • updated 3 months ago

### Summary [Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` did not deny requests for patte...

Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service

GHSA-mv48-hcvh-8jj8 CVE-2022-35204 HIGH published about 3 years ago • updated about 1 month ago

Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

Vite's server.fs.deny bypassed with /. for files under project root

GHSA-859w-5945-r5v3 CVE-2025-46565 MODERATE published 4 months ago • updated about 2 months ago

### Summary The contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching patt...

Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

GHSA-c24v-8rfc-w8vw CVE-2024-23331 HIGH published over 1 year ago • updated 3 months ago

### Summary [Vite dev server option](https://vitejs.dev/config/server-options.html#server-fs-deny) `server.fs.deny` can be bypassed on case-insensi...

Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query

GHSA-4r4m-qw57-chr8 CVE-2025-31125 MODERATE published 5 months ago • updated about 1 month ago

### Summary The contents of arbitrary files can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the n...

View all 13 advisories

Recent PRs

RSS Feed

Bump vite from 6.3.5 to 7.1.4

jaypotter/Nextplate #17

6.3.5 → 7.1.4 Major PR

Open about 20 hours ago

Bump vite from 6.3.5 to 7.1.4

tobiasKaminsky/declarativetest #21

6.3.5 → 7.1.4 Major PR

Open about 20 hours ago

Bump vite from 7.1.3 to 7.1.4 in /frontend

keithamoss/mapa #2250

7.1.3 → 7.1.4 Patch PR

Merged about 20 hours ago

build(deps-dev): bump the security group across 1 directory with 2 updates

replicatedhq/embedded-cluster #2809

7.1.3 → 7.1.4 Patch PR

Open about 20 hours ago 1 comment

build(deps-dev): bump vite from 5.4.19 to 7.1.4

lnwlf2121/eros #15

5.4.19 → 7.1.4 Major PR

Open about 20 hours ago

Bump vite from 5.4.10 to 5.4.19

Ovotron-net/c-958300 #2

5.4.10 → 5.4.19 Patch PR

Open about 20 hours ago

chore(deps-dev): Bump vite from 5.4.19 to 7.1.4

nextcloud/profiler #618

5.4.19 → 7.1.4 Major PR

Open about 20 hours ago

Chore(deps-dev): Bump vite from 6.3.5 to 7.1.4

nextcloud/password_policy #818

6.3.5 → 7.1.4 Major PR

Open about 20 hours ago

chore(deps-dev): bump vite from 7.1.3 to 7.1.4

nextcloud/logreader #1729

7.1.3 → 7.1.4 Patch PR

Merged about 20 hours ago

chore(deps-dev): Bump vite from 7.1.3 to 7.1.4

nextcloud/app_template #161

7.1.3 → 7.1.4 Patch PR

Merged about 20 hours ago

build(deps-dev): bump vite from 7.1.3 to 7.1.4

bervProject/my-personal-web #1845

7.1.3 → 7.1.4 Patch PR

Merged about 20 hours ago 1 comment

Chore(deps-dev): Bump vite from 7.1.3 to 7.1.4

nextcloud/guests #1405

7.1.3 → 7.1.4 Patch PR

Merged about 20 hours ago

chore(deps-dev): Bump vite from 6.3.5 to 7.1.4

nextcloud-libraries/nextcloud-files #1318

6.3.5 → 7.1.4 Major PR

Open about 20 hours ago

Bump vite from 7.1.3 to 7.1.4 in /admin

keithamoss/demsausage #4032

7.1.3 → 7.1.4 Patch PR

Merged about 20 hours ago

build(deps-dev): bump vite from 5.4.11 to 5.4.19

amp-labs/react #1313

5.4.11 → 5.4.19 Patch PR

Open about 20 hours ago

Bump vite from 5.4.19 to 7.1.4 in /frontend

ToQuery/wails3-build-action #6

5.4.19 → 7.1.4 Major PR

Open about 20 hours ago

Bump esbuild and vite in /frontend

vinaysingh8866/portfolio-test #3

5.4.19 → 7.1.4 Major PR

Closed about 21 hours ago

build(deps-dev): bump vite from 7.1.3 to 7.1.4

Tosainu/tosainu.github.com #926

7.1.3 → 7.1.4 Patch PR

Open about 21 hours ago

Bump vite from 7.1.3 to 7.1.4

namelivia/plants-client #994

7.1.3 → 7.1.4 Patch PR

Open about 21 hours ago

Bump the npm_and_yarn group across 1 directory with 2 updates

matheus-rech/cv-presentation #1

5.4.19 → 7.1.4 Major PR

Open about 22 hours ago

deps(web)(deps-dev): Bump vite from 6.3.5 to 7.1.4 in /apps/web

PrairieAster-Ai/nearest-nice-weather #226

6.3.5 → 7.1.4 Major PR

Closed about 22 hours ago 2 comments

Bump the npm_and_yarn group across 1 directory with 2 updates

GihanthaDeshabi/AI-Powered-Children-s-Digital-Addiction-Root-Cause-Prediction #1

5.4.19 → 7.1.4 Major PR

Open about 22 hours ago

Bump the npm_and_yarn group across 4 directories with 11 updates

ibiscum/Vue.js-3-Design-Patterns-and-Best-Practices #6

4.5.14 → 7.1.4 Major PR

Merged about 22 hours ago

Bump the npm_and_yarn group across 6 directories with 19 updates

ibiscum/Vue.js-3-Design-Patterns-and-Best-Practices #5

4.2.1 → 4.5.14 Minor PR

Open about 22 hours ago 1 comment

Bump the npm_and_yarn group across 7 directories with 22 updates

ibiscum/Vue.js-3-Design-Patterns-and-Best-Practices #4

4.2.1 → 4.5.14 Minor PR

Merged about 23 hours ago

build(deps): bump the all group across 1 directory with 89 updates

InterstellarMist/Project-Value #5

7.1.3 → 7.1.4 Patch PR

Open about 23 hours ago

Bump the npm_and_yarn group across 7 directories with 19 updates

ibiscum/Vue.js-3-Design-Patterns-and-Best-Practices #2

4.2.1 → 4.5.14 Minor PR

Open about 23 hours ago

chore(deps): Bump the minor group with 14 updates

tmayoff/obsidian-meals #321

7.0.0 → 7.1.4 Minor PR

Open about 23 hours ago

build(deps-dev): Bump vite from 5.4.19 to 7.1.4

Sum1Solutions/alan-watts-complete-works-EXPANDED #2

5.4.19 → 7.1.4 Major PR

Open about 23 hours ago

chore(deps-dev): bump vite from 7.1.2 to 7.1.4

nordwestt/ollama-ai-provider-v2 #22

7.1.2 → 7.1.4 Patch PR

Open about 24 hours ago 1 comment

(auto merged) chore(deps-dev): bump vite from 7.1.3 to 7.1.4

chick-p/chrome-extension-everything-ics #362

7.1.3 → 7.1.4 Patch PR

Merged about 24 hours ago

chore(deps-dev): bump vite from 4.5.14 to 7.1.4 in /frontend

Zzzero-hash/trade-agent #197

4.5.14 → 7.1.4 Major PR

Open about 24 hours ago 1 comment

Bump the npm_and_yarn group across 2 directories with 5 updates

DragonSecurity/drill #4

5.0.12 → 5.4.19 Minor PR

Closed 1 day ago

Bump vite from 7.1.3 to 7.1.4 in /Website

Eri-py/Hobbyist #141

7.1.3 → 7.1.4 Patch PR

Merged 1 day ago

chore(deps-dev): bump vite from 6.3.5 to 7.1.4

Rafaelrdl/traknor-cmms-sistema #44

6.3.5 → 7.1.4 Major PR

Open 1 day ago

chore(deps-dev): bump the development-dependencies group across 1 directory with 10 updates

nimdanitro/handball-ch-widget #464

7.1.3 → 7.1.4 Patch PR

Open 1 day ago

Bump vite from 7.0.0 to 7.0.1 in /Chapter13/Exercise13.03 in the npm_and_yarn group across 1 directory

ibiscum/Frontend-Development-Projects-with-Vue.js-3 #16

7.0.0 → 7.0.1 Patch PR

Open 1 day ago

Bump the npm_and_yarn group across 5 directories with 1 update

ibiscum/Frontend-Development-Projects-with-Vue.js-3 #15

3.2.11 → 7.1.4 Major PR

Open 1 day ago

Bump the npm_and_yarn group across 7 directories with 8 updates

ibiscum/Frontend-Development-Projects-with-Vue.js-3 #13

2.9.18 → 7.1.4 Major PR

Merged 1 day ago

Bump the npm_and_yarn group across 7 directories with 10 updates

ibiscum/Frontend-Development-Projects-with-Vue.js-3 #12

2.9.9 → 7.1.4 Major PR

Merged 1 day ago

Bump the npm_and_yarn group across 6 directories with 16 updates

ibiscum/Frontend-Development-Projects-with-Vue.js-3 #11

2.9.9 → 7.1.4 Major PR

Merged 1 day ago

chore(deps): bump the npm-updates group across 1 directory with 14 updates

vandycknick/nvd.sh #109

7.1.3 → 7.1.4 Patch PR

Open 1 day ago

Bump the npm_and_yarn group across 6 directories with 14 updates

ibiscum/Frontend-Development-Projects-with-Vue.js-3 #10

3.1.8 → 7.1.4 Major PR

Merged 1 day ago

Bump the npm_and_yarn group across 1 directory with 2 updates

mosaikolabs/almanik-viajero #1

5.4.19 → 7.1.4 Major PR

Open 1 day ago

Bump vite from 5.4.10 to 5.4.19 in /osa3/frontend

BigFatRat69/FullStackOpen #1

5.4.10 → 5.4.19 Patch PR

Merged 1 day ago

chore(deps): bump the non-breaking-changes group across 1 directory with 22 updates

tuquet/catalyst #12

7.1.3 → 7.1.4 Patch PR

Open 1 day ago

chore(deps): bump the version-all group across 1 directory with 46 updates

jeffxfs/jeffxfs_openhands_dev #37

7.0.6 → 7.1.4 Minor PR

Open 1 day ago

chore(deps): bump the version-all group across 1 directory with 45 updates

christophbertsch/0711-OpenHands #38

7.0.6 → 7.1.4 Minor PR

Open 1 day ago

Bump the npm_and_yarn group across 1 directory with 3 updates

pillarjs/path-to-regexp #406

6.0.11 → 6.3.5 Minor PR

Closed 1 day ago 2 comments

Bump vite from 6.0.11 to 6.3.5 in the npm_and_yarn group across 1 directory

pillarjs/path-to-regexp #405

6.0.11 → 6.3.5 Minor PR

Closed 1 day ago 1 comment

Package Details

Name:	`vite`
Ecosystem:	npm
PURL Type:	npm
Package URL:	`pkg:npm/vite`
JSON API:	View JSON

Security Advisories

13

Active advisories

HIGH 3

MODERATE 10

View All npm Advisories

Package Information

Description:

Native-ESM powered web dev build tool

Repository:	https://github.com/vitejs/vite
Homepage:	https://vite.dev
Latest Release:	`6.3.5` 4 months ago
Dependent Repos:	363,358
Dependent Packages:	31,388
Downloads:	105,034,023
Ranking:	Top 0.0591% by dependent repos Top 0.036% by downloads Top 0.0036% by dependent pkgs

PR Status

Open 19,886 (40.9%)

Merged 9,699 (19.9%)

Closed 14,622 (30.1%)

PR Types

Removal 110 (0.2%)

Minor 8,485 (17.4%)

Major 18,583 (38.2%)

Patch 16,955 (34.9%)