CVE-2026-22775

A flaw was found in devalue, a JavaScript library used for serializing values. A remote attacker could exploit this vulnerability by providing specially crafted input to the devalue.parse function. This improper input validation, specifically during the ArrayBuffer hydration process, can cause th...

GHSA-G2PG-6438-JWPF devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the ArrayBuffer...

CVE-2026-22775

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

EUVD-2026-2680

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

Svelte security vulnerabilities

Svelte is an open-source approach to building web applications. Versions of Svelte from 5.1.0 to 5.6.1 have security vulnerabilities. These vulnerabilities stem from the ArrayBuffer hydration process not checking input assumptions properly, which can lead to denial-of-service attacks...