📦 Svelte

This vulnerability in the unofficial Svelte extension for Visual Studio Code allows attackers to execute arbitrary code by tricking users into opening a malicious workspace configuration. It affects d...

This vulnerability in Svelte web framework allows HTML injection and Cross-Site Scripting (XSS) when using bind:innerText or bind:textContent on contenteditable elements with untrusted data. It affect...

Svelte versions before 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering when using spread syntax with untrusted data. This allows attackers to inject malicious event ha...

This vulnerability in Svelte's server-side rendering allows attribute spreading on elements to enumerate inherited properties from an object's prototype chain when Object.prototype pollution exists. T...

This vulnerability allows attackers to execute arbitrary JavaScript in users' browsers by injecting malicious keys into Svelte's async hydration process. When exploited, it enables cross-site scriptin...

This CVE describes a mutation XSS (mXSS) vulnerability in Svelte's server-side rendering where HTML escaping is improperly handled. Attackers can inject malicious content into attributes within noscri...