Vitest.Dev Vitest vulnerabilities
2 known vulnerabilities affecting vitest.dev/vitest.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-24964HIGHCVSS 8.8≤ 0.0.125≥ 1.0.0, < 1.6.1+2 more2025-02-04
CVE-2025-24964 [HIGH] CWE-1385 CVE-2025-24964: Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Cod
Vitest is a testing framework powered by Vite. Affected versions are subject to arbitrary remote Code Execution when accessing a malicious website while Vitest API server is listening by Cross-site WebSocket hijacking (CSWSH) attacks. When `api` option is enabled (Vitest UI enables it), Vitest starts a WebSocket server. This WebSocket server did not
nvd
CVE-2025-24963HIGHCVSS 7.5PoCfixed in 2.1.9≥ 3.0.0, < 3.0.42025-02-04
CVE-2025-24963 [HIGH] CWE-22 CVE-2025-24963: Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode
Vitest is a testing framework powered by Vite. The `__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by `browser.api.host: true`, an attacker can send a request to that handler from remote to get the content of arbitrary files.This `__screenshot-erro
nvd