CRITICAL 9.8 npm
GHSA-5xrq-8626-4rwp · CVE-2026-47429 When Vitest UI server is listening, arbitrary file can be read and executed
Modified: 6/8/2026
package
npm / vitest
pkg:npm/vitest
CRITICAL 9.6 npm
GHSA-9crc-q9x8-hgqq · CVE-2025-24964 Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Modified: 2/4/2025