79 matches found
EUVD-2026-2680
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...
CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...
CVE-2026-22774 devalue vulnerable to denial of service due to memory exhaustion in devalue.parse
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...
EUVD-2026-2790
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse inpu...
CVE-2026-22774
CVE-2026-22774 affects the Svelte devalue library. From versions 5.3.0 through 5.6.1, certain inputs trigger devalue.parse to consume excessive CPU time and memory when processing untrusted data, potentially causing denial of service. Root cause: typed array hydration assumes an ArrayBuffer input...
Asymmetric Resource Consumption (Amplification)
Overview devalue is a JSON.stringify, but handles cyclical references, repeated references, undefined, regular expressions, dates, Map and Set. Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification due to the improper ArrayBuffer type validation in the...
GHSA-VW5P-8CQ8-M7MV Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse
Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array...
Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse
Summary Certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading to denial of service in systems that parse input from untrusted sources. This affects applications using devalue.parse on externally-supplied data. The root cause is the typed array...
PT-2026-3092
Name of the Vulnerable Software and Affected Versions Svelte devalue versions 5.3.0 through 5.6.1 Description Certain inputs can cause the devalue.parse function to consume excessive CPU time and/or memory, potentially leading to a denial of service in systems that parse input from untrusted...
Svelte security vulnerabilities
Svelte is an open-source approach to building web applications. Versions of Svelte from 5.3.0 to 5.6.1 have security vulnerabilities. These vulnerabilities stem from the type array hydration process not checking input assumptions properly, which can lead to denial-of-service attacks...
Svelte security vulnerabilities
Svelte is an open-source approach to building web applications. Versions of Svelte from 5.1.0 to 5.6.1 have security vulnerabilities. These vulnerabilities stem from the ArrayBuffer hydration process not checking input assumptions properly, which can lead to denial-of-service attacks...
PT-2026-3102
An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...
Svelte cross-site scripting vulnerabilities
Svelte is an open-source approach to building web applications developed by Svelte. Versions of Svelte prior to 5.46.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML safe escaping during the asynchronous hydration process, allowing attackers to...
Arbitrary Code Injection
Overview livewire/livewire is an A front-end framework for Laravel. Affected versions of this package are vulnerable to Arbitrary Code Injection via the hydration process of component property updates. An attacker can execute arbitrary commands on the server by sending specially crafted requests ...
CVE-2025-54068
Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios. The issue stems from how certain component property updates are hydrated. This vulnerability is...
Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware
At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea's software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to ...
@aneoconsultingfr/armonik-docs-theme (>=0.6.4 <=0.6.13), @cssninja/nuxt-media-viewer (>=0.0.4 <=0.0.15) +14 more potentially affected by CVE-2024-23657 via @nuxt/devtools (>=0.1.6 <=1.3.7)
@nuxt/devtools NPM version =0.1.6, =0.6.4, =0.0.4, =8.3.3, =1.1.1, =0.0.1, =2.0.2, =0.2.5, =1.0.0, =0.0.1, =0.0.0-rc.29, =0.0.1, =2.0.0, =2.1.1 and more Source cves: CVE-2024-23657 Source advisory: OSV:GHSA-RCVG-RGF7-PPPV...
Cross Site Scripting (XSS)
@tanstack/react-query-next-experimental is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper handling of the id variable within the createHydrationStreamProvider method, which allows an attacker to inject arbitrary JavaScript when react-query-next-experimental preforms...
@neutron.co.id/pemasaran-modules (>=1.1.1-beta.3 <=1.4.0), nuxt-hydration (>=0.0.1 <=0.1.0) potentially affected by CVE-2023-3224 via nuxt (=3.4.2)
nuxt NPM version =3.4.2 is affected by a known vulnerability. The following packages have a transitive dependency on nuxt and may be impacted: - @neutron.co.id/pemasaran-modules =1.1.1-beta.3, =0.0.1, =0.1.0 Source cves: CVE-2023-3224 Source advisory: OSV:GHSA-GC34-5V43-H7V8...