Svelte Security Vulnerabilities (CVEs)
Track 12 security vulnerabilities affecting Svelte products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in Svelte web framework allows HTML injection and Cross-Site Scripting (XSS) when using bind:innerText or bind:textContent on conte...
Feb 26, 2026Svelte versions before 5.51.5 are vulnerable to cross-site scripting (XSS) during server-side rendering when using spread syntax with untrusted data. ...
Feb 20, 2026This vulnerability in Svelte's server-side rendering allows attribute spreading on elements to enumerate inherited properties from an object's prototy...
Feb 20, 2026This vulnerability allows attackers to execute arbitrary JavaScript in users' browsers by injecting malicious keys into Svelte's async hydration proce...
Jan 15, 2026CVE-2026-22803 is a denial-of-service vulnerability in SvelteKit's experimental form remote function that allows attackers to cause memory exhaustion ...
Jan 15, 2026CVE-2026-22774 is a denial-of-service vulnerability in the Svelte devalue JavaScript library where specially crafted inputs cause excessive CPU and me...
Jan 15, 2026CVE-2026-22775 is a denial-of-service vulnerability in the Svelte devalue JavaScript library where specially crafted inputs cause excessive CPU and me...
Jan 15, 2026SvelteKit versions 2.19.0 through 2.49.4 are vulnerable to server-side request forgery (SSRF) and denial of service (DoS) attacks. The vulnerability a...
Jan 15, 2026This CVE describes a reflected XSS vulnerability in SvelteKit's development mode where unsanitized input from request URLs flows into HTML rendering. ...
Nov 25, 2024This CVE describes a mutation XSS (mXSS) vulnerability in Svelte's server-side rendering where HTML escaping is improperly handled. Attackers can inje...
Aug 30, 2024SvelteKit 2 applications crash when receiving GET or TRACE requests with a body, requiring manual restart. This affects SvelteKit 2 apps in preview or...
Jan 24, 2024This vulnerability in the unofficial Svelte extension for Visual Studio Code allows attackers to execute arbitrary code by tricking users into opening...
Apr 5, 2021Why Monitor Svelte Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 12+ known vulnerabilities affecting Svelte products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Svelte packages in under 60 seconds. No agents required - completely agentless scanning that works across Svelte deployments.
Free vulnerability database: Access detailed information about every Svelte CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Svelte CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
