Live data from GitHub and npm, updated daily.
Data last fetched: 2026-05-15
10 active CVEs reported via OSV.dev
svelte vulnerable to Cross-site Scripting
Svelte has a potential mXSS vulnerability due to improper HTML escaping
Svelte: ReDoS in `<svelte:element>` Tag Validation
Svelte SSR attribute spreading includes inherited properties from prototype chain
Svelte: SSR XSS via Insecure Promise Serialization in hydratable
Svelte affected by cross-site scripting via spread attributes in Svelte SSR
svelte is vulnerable to XSS with textarea bind:value
Svelte affected by XSS in SSR `<option>` element
Svelte SSR does not validate dynamic element tag names in `<svelte:element>`
Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`
Other UI Library projects in the Node.js ecosystem worth evaluating.
Get SLA-backed support, security patches, and direct access to senior engineers for Svelte โ without relying on volunteer maintainers.
Talk to an Expert โ