本ページは swiperjs swiper に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-27212 | Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf() function is used to check whether user provided input contain forbidden strings. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.pr | [email protected] | 9.4 | 0.35% | 2026-02-21 | 2026-06-17 |
| CVE-2024-39853 | adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 6.5 | 0.52% | 2024-07-01 | 2026-06-17 |
| CVE-2024-39000 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 6.5 | 0.41% | 2024-07-01 | 2026-06-17 |
| CVE-2024-38997 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 6.5 | 0.54% | 2024-07-01 | 2026-06-17 |
| CVE-2021-23370 | This affects the package swiper before 6.5.1. | [email protected] | 7.5 | 2.20% | 2021-04-12 | 2026-06-16 |