This page lists publicly disclosed CVE vulnerabilities affecting swiperjs swiper (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-27212 | Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf() function is used to check whether user provided input contain forbidden strings. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.pr | [email protected] | 9.4 | 0.35% | 2026-02-21 | 2026-06-17 |
| CVE-2024-39853 | adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 6.5 | 0.52% | 2024-07-01 | 2026-06-17 |
| CVE-2024-39000 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 6.5 | 0.41% | 2024-07-01 | 2026-06-17 |
| CVE-2024-38997 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 6.5 | 0.54% | 2024-07-01 | 2026-06-17 |
| CVE-2021-23370 | This affects the package swiper before 6.5.1. | [email protected] | 7.5 | 2.20% | 2021-04-12 | 2026-06-17 |