📦 Kit

SvelteKit versions 2.19.0 through 2.49.4 are vulnerable to server-side request forgery (SSRF) and denial of service (DoS) attacks. The vulnerability affects applications with prerendered routes, parti...

CVE-2026-22803 is a denial-of-service vulnerability in SvelteKit's experimental form remote function that allows attackers to cause memory exhaustion by sending specially-crafted binary payloads. This...

SvelteKit 2 applications crash when receiving GET or TRACE requests with a body, requiring manual restart. This affects SvelteKit 2 apps in preview or production hosting, but not prerendered pages or ...