Live data from GitHub and npm, updated daily.
Data last fetched: 2026-06-29
2 active CVEs reported via OSV.dev
When Vitest UI server is listening, arbitrary file can be read and executed
Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
Get SLA-backed support, security patches, and direct access to senior engineers for Vitest — without relying on volunteer maintainers.