CRITICAL 10.0 npm
GHSA-33r3-4whc-44c2 · CVE-2026-41211 Path traversal in vite-plus/binding downloadPackageManager() writes outside VP_HOME
Modified: 5/6/2026
package
npm / vite-plus
pkg:npm/vite-plus
HIGH npm
GHSA-fx2h-pf6j-xcff · CVE-2026-53571 vite: `server.fs.deny` bypass on Windows alternate paths
Modified: 6/15/2026
CRITICAL 9.8 npm
GHSA-g8mr-85jm-7xhm · CVE-2026-53633 Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE
Modified: 6/15/2026
MEDIUM npm
GHSA-v6wh-96g9-6wx3 · CVE-2026-53632 launch-editor: NTLMv2 hash disclosure via UNC path handling on Windows
Modified: 6/15/2026