Lucene search
K

365 matches found

vulnersOsv
vulnersOsv
added 2026/01/30 9:17 p.m.8 views

@bindercli/core (>=0.1.0 <=0.1.7), @localess/cli (>=3.0.1 <=3.0.5-dev.20260428203008) +20 more potentially affected by CVE-2026-25141 via @orval/core (>=8.0.0 <=8.1.0)

@orval/core NPM version =8.0.0, =0.1.0, =3.0.1, =8.0.0, =8.0.0, =8.14.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =6.11.0-alpha, =8.0.0, =8.0.0, =8.0.0, =0.5.0, =0.6.1 and more Source cves: CVE-2026-25141 Source advisory: OSV:GHSA-GCH2-PHQH-FG9Q...

9.8CVSS5.7AI score0.00603EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.15 views

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

9.8CVSS5.8AI score0.00678EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/23 12:49 a.m.6 views

orval (>=8.0.0 <=8.0.2) potentially affected by CVE-2026-24132 via @orval/mock (>=8.0.0-rc.0 <=8.0.2)

@orval/mock NPM version =8.0.0-rc.0, =8.0.0, =8.0.2 Source cves: CVE-2026-24132 Source advisory: SNYK:JS-ORVALMOCK-15091570...

9.8CVSS5.8AI score0.00678EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/23 12:49 a.m.5 views

d2m-apigen (>=1.0.1 <=2.1.7), dm-apigen (>=0.0.0 <=1.0.0) +2 more potentially affected by CVE-2026-24132 via @orval/mock (>=7.0.0 <=7.1.1)

@orval/mock NPM version =7.0.0, =1.0.1, =0.0.0, =7.0.0, =7.1.0, =7.13.2 Source cves: CVE-2026-24132 Source advisory: SNYK:JS-ORVALMOCK-15091570...

9.8CVSS5.8AI score0.00678EPSS
Exploits0
Snyk
Snyk
added 2026/01/23 12:49 a.m.8 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the getMockScalar function. An attacker can execute arbitrary code by supplying a crafted OpenAPI specification containing malicious values in the const property, which are then interpolated into generate...

9.8CVSS6.2AI score0.00678EPSS
Exploits0References2
NVD
NVD
added 2026/01/23 12:15 a.m.15 views

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

9.8CVSS0.00678EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/01/22 11:47 p.m.4 views

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

7.7CVSS5.6AI score0.00678EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2026/01/22 11:47 p.m.31 views

CVE-2026-24132 Orval Mock Generation Code Injection via const

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

7.7CVSS0.00678EPSS
Exploits0References9
CVE
CVE
added 2026/01/22 11:47 p.m.22 views

CVE-2026-24132

CVE-2026-24132 affects Orval’s mock generation path in @orval/mock. Untrusted OpenAPI specs can inject arbitrary TypeScript/JavaScript into generated mock files through the const values on schema properties, which are interpolated into the mock scalar generator without proper escaping. This can l...

9.8CVSS5.8AI score0.00678EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/01/22 11:47 p.m.4 views

CVE-2026-24132 Orval Mock Generation Code Injection via const

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

7.7CVSS5.8AI score0.00678EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/01/22 11:47 p.m.2 views

CVE-2026-24132 Orval Mock Generation Code Injection via const

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

7.7CVSS5.8AI score0.00678EPSS
Exploits0References9
EUVD
EUVD
added 2026/01/22 6:9 p.m.5 views

EUVD-2026-3783

Orval Mock Generation Code Injection via const...

7.7CVSS5.5AI score0.00678EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2026/01/22 6:9 p.m.4 views

@dohyper/cli.hyper (>=0.0.1 <=0.0.10), @lumeweb/portal-sdk (>=0.0.0-20240306223335 <=0.0.2) +16 more potentially affected by CVE-2026-24132 via @orval/mock (>=6.21.0 <=7.1.1)

@orval/mock NPM version =6.21.0, =0.0.1, =0.0.0-20240306223335, =1.0.0, =0.1.0, =1.0.0, =1.2.0, =1.9.101, =1.9.101, =1.0.1, =0.0.0, =6.21.0, =7.19.0 and more Source cves: CVE-2026-24132 Source advisory: OSV:GHSA-F456-RF33-4626...

9.8CVSS5.8AI score0.00678EPSS
Exploits0
OSV
OSV
added 2026/01/22 6:9 p.m.8 views

GHSA-F456-RF33-4626 Orval Mock Generation Code Injection via const

I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions https://github.com/advisories/GHSA-h526-wf6g-67jv, but it affects a different...

7.7CVSS6AI score0.00678EPSS
Exploits0References11
vulnersOsv
vulnersOsv
added 2026/01/22 6:9 p.m.6 views

orval (>=8.0.0 <=8.0.2) potentially affected by CVE-2026-24132 via @orval/mock (>=8.0.0-rc.0 <=8.0.2)

@orval/mock NPM version =8.0.0-rc.0, =8.0.0, =8.0.2 Source cves: CVE-2026-24132 Source advisory: OSV:GHSA-F456-RF33-4626...

9.8CVSS5.8AI score0.00678EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/22 6:9 p.m.14 views

Orval Mock Generation Code Injection via const

I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions https://github.com/advisories/GHSA-h526-wf6g-67jv, but it affects a different...

9.8CVSS6AI score0.00678EPSS
Exploits0References11Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.13 views

PT-2026-4314

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

7.7CVSS5.8AI score0.00678EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2026/01/20 1:46 a.m.7 views

@orval/angular (>=8.0.0 <=8.0.1), @orval/axios (>=8.0.0 <=8.0.1) +9 more potentially affected by CVE-2026-23947 via @orval/core (>=8.0.0-rc.0 <=8.0.1)

@orval/core NPM version =8.0.0-rc.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.1 Source cves: CVE-2026-23947 Source advisory: SNYK:JS-ORVALCORE-15038726...

9.8CVSS5.8AI score0.0075EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/01/20 1:46 a.m.8 views

@beshkenadze/orval-mcp (=7.11.2-fix.2), @orval/angular (>=7.10.0 <=7.18.0) +11 more potentially affected by CVE-2026-23947 via @orval/core (>=7.10.0 <=7.18.0)

@orval/core NPM version =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =1.0.1, =7.10.0, =7.10.0, =7.13.2 Source cves: CVE-2026-23947 Source advisory: SNYK:JS-ORVALCORE-15038726...

9.8CVSS5.8AI score0.0075EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/11/27 5:16 a.m.298 views

Exploit for CVE-2021-21980

Clippy of the Dead - CVE-2021-21980 testing environment and Nucl...

7.5CVSS6.8AI score0.04601EPSS
Exploits2
Rows per page
Query Builder