8 matches found
@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +66 more potentially affected by CVE-2026-31865 via elysia (>=1.0.13 <=1.4.26)
elysia NPM version =1.0.13, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =0.1.0, =1.0.0-next.4, =1.0.0, =0.0.1, =1.0.3, =1.0.8 and more Source cves: CVE-2026-31865 Source advisory: SNYK:JS-ELYSIA-15680180...
@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +124 more potentially affected by CVE-2026-31865 via elysia (>=0.1.2 <=1.4.26)
elysia NPM version =0.1.2, =0.0.1, =0.0.1, =0.0.7, =0.0.1-0, =0.0.1, =0.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =1.6.1-canary.0 and more Source cves: CVE-2026-31865 Source advisory: OSV:GHSA-8HQ9-PHH3-P2WP...
@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +64 more potentially affected by CVE-2026-30837 via elysia (>=1.0.13 <=1.4.22)
elysia NPM version =1.0.13, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =0.1.0, =1.0.0-next.4, =1.0.0, =0.0.1, =1.0.3, =1.0.8 and more Source cves: CVE-2026-30837 Source advisory: SNYK:JS-ELYSIA-15469934...
@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +122 more potentially affected by CVE-2026-30837 via elysia (>=0.1.2 <=1.4.22)
elysia NPM version =0.1.2, =0.0.1, =0.0.1, =0.0.7, =0.0.1-0, =0.0.1, =0.0.3, =0.0.1, =0.1.0, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =1.6.1-canary.0 and more Source cves: CVE-2026-30837 Source advisory: OSV:GHSA-F45G-68Q3-5W8X...
@dockstat/plugin-builder (>=1.0.3 <=1.0.8), @dockstat/typings (>=1.1.0 <=1.1.2) +8 more potentially affected by CVE-2025-66456 via elysia (>=1.4.11 <=1.4.16)
elysia NPM version =1.4.11, =1.0.3, =1.1.0, =0.1.29, =0.0.21-alpha.3, =2.0.0, =1.2.11, =0.0.1, =0.1.0, =0.6.0 - nautika-types =1.6.0 Source cves: CVE-2025-66456 Source advisory: SNYK:JS-ELYSIA-14287465...
@228-fund/elysia-effect (=0.0.1), @228-fund/elysia-msgpack (>=0.0.1 <=0.0.3) +117 more potentially affected by CVE-2025-66456 +1 more via elysia (>=0.1.2 <=1.4.17)
elysia NPM version =0.1.2, =0.0.1, =0.0.1, =0.0.7, =0.0.1-0, =0.0.1, =0.0.3, =0.0.1, =0.1.0, =0.0.1, =0.1.0, =0.1.4, =0.1.0, =0.1.0, =1.0.0-next.4, =1.0.0-next.6 and more Source cves: CVE-2025-66456, CVE-2025-66457 Source advisory: OSV:GHSA-8VCH-M3F4-Q8JF...
Elysia vulnerable to prototype pollution with multiple standalone schema validation
Prototype pollution vulnerability in mergeDeep after merging results of two standard schema validations with the same key. Due to the ordering of merging, there must be an any type that is set as a standalone guard, to allow for the proto prop to be merged. When combined with GHSA-8vch-m3f4-q8jf...
elysia-cors Origin Validation Error
An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing CORS restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an...