3 matches found
CVE-2026-25141
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...
CVE-2026-23947
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785, but affects a...
@beshkenadze/orval-mcp (=7.11.2-fix.2), @orval/angular (>=7.10.0 <=7.18.0) +11 more potentially affected by CVE-2026-23947 via @orval/core (>=7.10.0 <=7.18.0)
@orval/core NPM version =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =7.10.0, =1.0.1, =7.10.0, =7.10.0, =7.13.2 Source cves: CVE-2026-23947 Source advisory: SNYK:JS-ORVALCORE-15038726...