5 matches found
CVE-2026-23736
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, due to improper input validation, a malicious object key can lead to prototype pollution during JSON deserialization. This vulnerability affects only JSON...
CVE-2026-23736
creationtimestamp| type| source ---|---|--- 2026-01-22 01:16:42+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mcxz7lasom2t...
org.webjars.npm:solid-js (=1.9.5) potentially affected by CVE-2026-23736 via org.webjars.npm:seroval (=1.2.1)
org.webjars.npm:seroval MAVEN version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:seroval and may be impacted: - org.webjars.npm:solid-js =1.9.5 Source cves: CVE-2026-23736 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15054524...
@aexol/opencode-tui (>=0.2.5 <=0.2.10), @alcyone-labs/arg-parser (>=2.11.0 <=2.13.4) +90 more potentially affected by CVE-2026-23736 via seroval (>=1.0.7 <=1.3.2)
seroval NPM version =1.0.7, =0.2.5, =2.11.0, =1.0.0, =1.1.54, =1.1.54, =1.0.24, =0.1.0, =0.3.0, =1.0.0, =1.1.1 - @gettrace/agent =1.0.0 and more Source cves: CVE-2026-23736 Source advisory: SNYK:JS-SEROVAL-15054523...
@aexol/opencode-tui (>=0.2.5 <=0.2.10), @agent-embed/js (>=0.0.1 <=0.0.45) +292 more potentially affected by CVE-2026-23736 via seroval (>=0.10.4 <=1.3.2)
seroval NPM version =0.10.4, =0.2.5, =0.0.1, =2.11.0, =1.0.0, =0.0.1, =0.0.1, =0.0.7, =0.0.1, =0.0.1, =1.0.0, =0.1.26, =0.0.1, =1.1.54, =1.1.55 and more Source cves: CVE-2026-23736 Source advisory: OSV:GHSA-HJ76-42VX-JWP4...