Aggregates CVE and security vulnerability intelligence across all swiperjs-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk denial of service; exposure may include vendor impact application crash in vendor surface software deployment and vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-27212 | Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in line 94 of shared/utils.mjs, where the indexOf() function is used to check whether user provided input contain forbidden strings. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key, it is still possible to pollute Object.pr | [email protected] | 9.4 | 0.06% | 2026-02-21 | 2026-02-24 |
| CVE-2024-39853 | adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 6.5 | 0.15% | 2024-07-01 | 2025-07-10 |
| CVE-2024-39000 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 6.5 | 0.41% | 2024-07-01 | 2025-07-07 |
| CVE-2024-38997 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | [email protected] | 6.5 | 0.54% | 2024-07-01 | 2025-07-07 |
| CVE-2021-23370 | This affects the package swiper before 6.5.1. | [email protected] | 7.5 | 1.54% | 2021-04-12 | 2024-11-21 |