0xble (>=14.0.0 <=21.9.1), 100xchat (>=1.1.5 <=1.3.5) +4358 more potentially affected by CVE-2026-8656 via jsondiffpatch (>=0.0.11 <=0.7.3)

jsondiffpatch NPM version =0.0.11, =14.0.0, =1.1.5, =1.0.0, =1.0.0, =1.0.4, =0.10.6, =0.1.6, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.1, =0.1.0-alpha.1, =0.1.0, =0.3.1, =0.5.10, =1.4.0 and more Source cves: CVE-2026-8656 Source advisory: SNYK:JS-JSONDIFFPATCH-1663594...

Prototype Pollution

Overview jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Prototype Pollution via the jsondiffpatch.patch and jsondiffpatch/formatters/jsonpatch.patch APIs. An attacker can perform prototype pollutio...

0xble (>=14.0.0 <=21.9.1), 100xchat (>=1.1.5 <=1.3.5) +4358 more potentially affected by CVE-2026-8657 via jsondiffpatch (>=0.0.11 <=0.7.3)

jsondiffpatch NPM version =0.0.11, =14.0.0, =1.1.5, =1.0.0, =1.0.0, =1.0.4, =0.10.6, =0.1.6, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.1, =0.1.0-alpha.1, =0.1.0, =0.3.1, =0.5.10, =1.4.0 and more Source cves: CVE-2026-8657 Source advisory: SNYK:JS-JSONDIFFPATCH-1632299...

Prototype Pollution

Overview org.webjars.npm:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Prototype Pollution via the jsondiffpatch.patch and jsondiffpatch/formatters/jsonpatch.patch APIs. An attacker can perform...

Security Bulletin: Astronomer with IBM is vulnerable to cross-site scripting due to the jsondiffpatch package (CVE-2025-9910)

Summary Jsondiffpatch is used by Astronomer with IBM as part of JSON processing functionality. Vulnerability Details CVEID:CVE-2025-9910 DESCRIPTION: Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject...

Cross-site Scripting

jsondiffpatch is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization in HtmlFormatter::nodeBegin, allowing attackers to inject malicious scripts that execute when the HTML formatter renders untrusted diff content...

EUVD-2025-27629

Malicious code in bioql PyPI...

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

PT-2025-37363

🔵 jsondiffpatch, Cross-site Scripting XSS, CVE-2025-42425 Low https://t.co/u1fFvcovOJ...

0xble (>=14.0.0 <=21.9.1), 100xchat (>=1.1.5 <=1.3.5) +4268 more potentially affected by CVE-2025-9910 via jsondiffpatch (>=0.0.11 <=0.6.2)

jsondiffpatch NPM version =0.0.11, =14.0.0, =1.1.5, =1.0.0, =1.0.0, =1.0.4, =0.10.6, =0.1.6, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.1, =0.1.0-alpha.1, =0.1.0, =0.3.1, =0.5.10, =1.2.4 and more Source cves: CVE-2025-9910 Source advisory: OSV:GHSA-33VC-WFWW-VJFV...

GHSA-33VC-WFWW-VJFV jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin

Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...

jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin

Vulnerability in jsondiffpatch Versions of jsondiffpatch prior to 0.7.2 are vulnerable to Cross-site Scripting XSS in the HtmlFormatter HtmlFormatter::nodeBegin. When diffs are rendered to HTML using the built-in formatter, untrusted payloads can inject scripts and execute in the context of a...

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

CVE-2025-9910

Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer...

CVE-2025-9910

CVE-2025-9910 (jsondiffpatch) affects versions prior to 0.7.2 of jsondiffpatch, where HtmlFormatter::nodeBegin can be exploited to inject HTML/JS (XSS) that may enable code execution if untrusted payloads are diffed and rendered with the built-in HTML formatter on a private website. The entry not...

PT-2025-37115

Name of the Vulnerable Software and Affected Versions: jsondiffpatch versions prior to 0.7.2 Description: The package is susceptible to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads, potentially leading to code execution if...

jsondiffpatch 安全漏洞

jsondiffpatch is a software with the ability to differentiate and patch JavaScript objects from Benjamín Eidelman's personal developer. A security vulnerability exists in versions of jsondiffpatch prior to 0.7.2, which stems from the vulnerability of HtmlFormatter::nodeBegin to a cross-site...

Cross-site Scripting (XSS)

Overview org.webjars.bower:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may...