Lucene search
K

96 matches found

CVE
CVE
added 2026/01/15 6:53 p.m.16 views

CVE-2026-22774

CVE-2026-22774 affects the Svelte devalue library. From versions 5.3.0 through 5.6.1, certain inputs trigger devalue.parse to consume excessive CPU time and memory when processing untrusted data, potentially causing denial of service. Root cause: typed array hydration assumes an ArrayBuffer input...

7.5CVSS6.4AI score0.0057EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/15 6:53 p.m.3 views

CVE-2026-22774

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS5.6AI score0.0057EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/15 6:53 p.m.4 views

CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...

7.5CVSS6.7AI score0.0057EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/15 6:10 p.m.2 views

Asymmetric Resource Consumption (Amplification)

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification due to the improper ArrayBuffer type validation in the...

8.7CVSS6.8AI score0.0057EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/01/15 6:10 p.m.6 views

@deno/sandbox (>=0.0.9 <=0.6.0), @ekairos/dataset (>=1.21.56-beta.0 <=1.22.34-beta.development.0) +34 more potentially affected by CVE-2026-22774 via devalue (>=5.3.2 <=5.6.0)

devalue NPM version =5.3.2, =0.0.9, =1.21.56-beta.0, =1.22.4-beta.development.0, =1.21.56-beta.0, =1.21.67-beta.0, =1.21.88-beta.0, =0.0.0-dev-20260121145510, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.3.4, =0.20.48 and more...

7.5CVSS5.7AI score0.0057EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/15 6:10 p.m.6 views

@deno/sandbox (>=0.0.9 <=0.6.0), @ekairos/dataset (>=1.21.56-beta.0 <=1.22.34-beta.development.0) +34 more potentially affected by CVE-2026-22774 via devalue (>=5.3.2 <=5.6.0)

devalue NPM version =5.3.2, =0.0.9, =1.21.56-beta.0, =1.22.4-beta.development.0, =1.21.56-beta.0, =1.21.67-beta.0, =1.21.88-beta.0, =0.0.0-dev-20260121145510, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =0.0.0-dev-20260115183047, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.3.4, =0.20.48 and more...

7.5CVSS5.7AI score0.0057EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.4 views

PT-2026-3092

Name of the Vulnerable Software and Affected Versions Svelte devalue versions 5.3.0 through 5.6.1 Description Certain inputs can cause the devalue.parse function to consume excessive CPU time and/or memory, potentially leading to a denial of service in systems that parse input from untrusted...

7.5CVSS5.8AI score0.0057EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.5 views

PT-2026-3093

Name of the Vulnerable Software and Affected Versions Svelte devalue versions 5.1.0 through 5.6.1 Description Certain inputs can cause the devalue.parse function to consume excessive CPU time and/or memory, potentially leading to a denial of service. This affects applications using devalue.parse ...

7.8CVSS6.6AI score0.0057EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-0580

Malware in sbrugna...

6.1CVSS6.1AI score0.01347EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-25863

Malicious code in bioql PyPI...

7.9CVSS6.3AI score0.00345EPSS
Exploits0References3
Veracode
Veracode
added 2025/09/22 7:7 a.m.17 views

Prototype Pollution

devalue is vulnerable to prototype pollution. The vulnerability is due to devalue.parse not validating that an index is numeric, which allows an attacker to pass a crafted string with a proto property to assign prototypes to objects and properties...

7.9CVSS6.9AI score0.00345EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/09/17 7:15 p.m.8 views

CVE-2025-59414

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...

3.1CVSS0.00347EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/17 6:39 p.m.7 views

CVE-2025-59414 Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival

Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island payload revival mechanism allowed attackers to manipulate client-side requests to different endpoints within the same application domain when specifi...

3.1CVSS0.00347EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:17 p.m.4 views

CVE-2025-57820

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

7.9CVSS6.7AI score0.00345EPSS
Exploits0References1
NVD
NVD
added 2025/08/26 11:15 p.m.8 views

CVE-2025-57820

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

7.9CVSS0.00345EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 10:33 p.m.3 views

CVE-2025-57820 Svelte devalue vulnerable to prototype pollution

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

7.9CVSS7.1AI score0.00345EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 10:33 p.m.34 views

CVE-2025-57820

CVE-2025-57820 affects the JavaScript library devalue (used with Svelte). Prior to version 5.3.2, parsing payloads with devalue.parse could allow a proto property and non-numeric indices to be treated in dangerous ways, enabling prototype pollution on objects via the prototype chain. The issue is...

7.9CVSS6.6AI score0.00345EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/26 10:33 p.m.8 views

CVE-2025-57820 Svelte devalue vulnerable to prototype pollution

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

7.9CVSS0.00345EPSS
Exploits0References2
OSV
OSV
added 2025/08/26 10:33 p.m.5 views

CVE-2025-57820 Svelte devalue vulnerable to prototype pollution

Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a proto property and devalue.parse does not check that an index is numeric. This could result in assigning prototypes to objects and properties, leading to prototype...

7.9CVSS6.6AI score0.00345EPSS
Exploits0References4
Snyk
Snyk
added 2025/08/26 10:33 p.m.2 views

Prototype Pollution

Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Prototype Pollution via the parse function. An attacker can manipulate object prototypes or assign...

10CVSS8.1AI score0.00345EPSS
Exploits0References2
Rows per page
Query Builder