Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.8 views

CVE-2026-42570

A flaw was found in devalue, a JavaScript library used for serializing values. Due to quirks in some JavaScript engines, the devalue.parse function could be exploited by a remote attacker when deserializing specially crafted sparse arrays. This could lead to excessive memory consumption, resultin...

7.5CVSS5.4AI score0.00384EPSS
Exploits0References6
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-42570

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

7.5CVSS0.00384EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 4:12 p.m.27 views

CVE-2026-42570 Svelte devalue: DoS via sparse array deserialization

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

7.5CVSS0.00384EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 4:12 p.m.8 views

CVE-2026-42570 Svelte devalue: DoS via sparse array deserialization

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

7.5CVSS5.3AI score0.00384EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 4:12 p.m.39 views

CVE-2026-42570

CVE-2026-42570 affects the Svelte devalue library. devalue.parse could allocate excessive memory when deserializing sparse arrays in versions 5.6.3 through 5.8.0, due to engine quirks. The issue is fixed in version 5.8.1. Affected references include GitHub advisories GHSA-77vg-94rm-hx3p and OSV e...

7.5CVSS5.3AI score0.00384EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:23 p.m.11 views

Svelte devalue: DoS via sparse array deserialization

devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption...

7.5CVSS5.8AI score0.00384EPSS
Exploits0References5Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:23 p.m.12 views

NPM: Svelte devalue: DoS via sparse array deserialization

NPM: Svelte devalue: DoS via sparse array deserialization vulnerability discovered by ? in WordPress Npm devalue versions = 5.6.3, = 5.8.0...

5.8AI score0.00384EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/14 8:23 p.m.7 views

GHSA-77VG-94RM-HX3P Svelte devalue: DoS via sparse array deserialization

devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption...

7.5CVSS5.8AI score0.00384EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/12 11:27 a.m.6 views

CVE-2026-30226

A flaw was found in the Svelte devalue JavaScript library. A remote attacker could exploit a prototype pollution vulnerability by sending maliciously crafted payloads to the devalue.parse or devalue.unflatten functions. Successful exploitation of this flaw could lead to a Denial of Service DoS...

7.5CVSS5.8AI score0.00373EPSS
Exploits0References4
NVD
NVD
added 2026/03/11 6:16 p.m.3 views

CVE-2026-30226

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

7.5CVSS0.00373EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.2 views

PT-2026-24756

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could...

6.3CVSS5.8AI score0.00373EPSS
Exploits0References3
Veracode
Veracode
added 2026/01/20 11:4 a.m.5 views

Denial Of Service (DoS)

Svelte devalue is vulnerable to a Denial-Of-Service DoS. The vulnerability is due to missing input validation during typed array hydration, where devalue.parse assumes an ArrayBuffer input without verification, allowing crafted inputs to trigger excessive CPU or memory consumption when parsing...

7.5CVSS5.9AI score0.0057EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/01/15 7:16 p.m.6 views

CVE-2026-22774

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS0.0057EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/01/15 6:53 p.m.20 views

CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS0.0057EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/15 6:53 p.m.2 views

CVE-2026-22774

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS5.6AI score0.0057EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/15 6:53 p.m.8 views

EUVD-2026-2790

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.2AI score0.0057EPSS
Exploits0References5
CVE
CVE
added 2026/01/15 6:53 p.m.15 views

CVE-2026-22774

CVE-2026-22774 affects the Svelte devalue library. From versions 5.3.0 through 5.6.1, certain inputs trigger devalue.parse to consume excessive CPU time and memory when processing untrusted data, potentially causing denial of service. Root cause: typed array hydration assumes an ArrayBuffer input...

7.5CVSS6.4AI score0.0057EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.4 views

PT-2026-3093

Name of the Vulnerable Software and Affected Versions Svelte devalue versions 5.1.0 through 5.6.1 Description Certain inputs can cause the devalue.parse function to consume excessive CPU time and/or memory, potentially leading to a denial of service. This affects applications using devalue.parse ...

7.5CVSS6.6AI score0.0057EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.4 views

PT-2026-3092

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.7AI score0.0057EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25863

Malicious code in bioql PyPI...

7.9CVSS6.3AI score0.00345EPSS
Exploits0References3
Rows per page
Query Builder