Lucene search
+L

370 matches found

OSV
OSV
added 2026/03/24 4:2 p.m.7 views

MAL-2026-2394 Malicious code in typescript-mock-data (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1a51f9143ac378f3ef81840f6858a902bd37449fa9b93b0999e021321ddafac The package typescript-mock-data was found to contain malicious code...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/03 6:50 a.m.4 views

Malicious Package

Overview chai-as-mock is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/03 6:50 a.m.9 views

Malicious code in chai-as-mock (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 303ff6a2f2561ea67c1d084cbfc1ebdd5364668aab3d06257cb2cbeea42ce5a3 The package chai-as-mock was found to contain malicious code. Source: ghsa-malware 6ab0e6eb41241ac06a623d9e7fa230c2d68067904fd48aa422ab8c2db1cd23e4 A...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/03 6:50 a.m.4 views

MAL-2026-1191 Malicious code in chai-as-mock (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 303ff6a2f2561ea67c1d084cbfc1ebdd5364668aab3d06257cb2cbeea42ce5a3 The package chai-as-mock was found to contain malicious code. Source: ghsa-malware 6ab0e6eb41241ac06a623d9e7fa230c2d68067904fd48aa422ab8c2db1cd23e4 A...

5.7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/30 9:17 p.m.8 views

@bindercli/core (>=0.1.0 <=0.1.7), @localess/cli (>=3.0.1 <=3.0.5-dev.20260428203008) +20 more potentially affected by CVE-2026-25141 via @orval/core (>=8.0.0 <=8.1.0)

@orval/core NPM version =8.0.0, =0.1.0, =3.0.1, =8.0.0, =8.0.0, =8.14.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =6.11.0-alpha, =8.0.0, =8.0.0, =8.0.0, =0.5.0, =0.6.1 and more Source cves: CVE-2026-25141 Source advisory: OSV:GHSA-GCH2-PHQH-FG9Q...

9.8CVSS5.7AI score0.00603EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.15 views

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

9.8CVSS5.8AI score0.00678EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/23 12:49 a.m.6 views

orval (>=8.0.0 <=8.0.2) potentially affected by CVE-2026-24132 via @orval/mock (>=8.0.0-rc.0 <=8.0.2)

@orval/mock NPM version =8.0.0-rc.0, =8.0.0, =8.0.2 Source cves: CVE-2026-24132 Source advisory: SNYK:JS-ORVALMOCK-15091570...

9.8CVSS5.8AI score0.00678EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/23 12:49 a.m.5 views

d2m-apigen (>=1.0.1 <=2.1.7), dm-apigen (>=0.0.0 <=1.0.0) +2 more potentially affected by CVE-2026-24132 via @orval/mock (>=7.0.0 <=7.1.1)

@orval/mock NPM version =7.0.0, =1.0.1, =0.0.0, =7.0.0, =7.1.0, =7.13.2 Source cves: CVE-2026-24132 Source advisory: SNYK:JS-ORVALMOCK-15091570...

9.8CVSS5.8AI score0.00678EPSS
Exploits0
Snyk
Snyk
added 2026/01/23 12:49 a.m.8 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the getMockScalar function. An attacker can execute arbitrary code by supplying a crafted OpenAPI specification containing malicious values in the const property, which are then interpolated into generate...

9.8CVSS6.2AI score0.00678EPSS
Exploits0References2
NVD
NVD
added 2026/01/23 12:15 a.m.15 views

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

9.8CVSS0.00678EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/01/22 11:47 p.m.5 views

CVE-2026-24132

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

7.7CVSS5.6AI score0.00678EPSS
Exploits0References10Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 11:47 p.m.2 views

CVE-2026-24132 Orval Mock Generation Code Injection via const

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

7.7CVSS5.8AI score0.00678EPSS
Exploits0References9
CVE
CVE
added 2026/01/22 11:47 p.m.27 views

CVE-2026-24132

CVE-2026-24132 affects Orval’s mock generation path in @orval/mock. Untrusted OpenAPI specs can inject arbitrary TypeScript/JavaScript into generated mock files through the const values on schema properties, which are interpolated into the mock scalar generator without proper escaping. This can l...

9.8CVSS5.8AI score0.00678EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/01/22 11:47 p.m.32 views

CVE-2026-24132 Orval Mock Generation Code Injection via const

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

7.7CVSS0.00678EPSS
Exploits0References9
OSV
OSV
added 2026/01/22 11:47 p.m.4 views

CVE-2026-24132 Orval Mock Generation Code Injection via const

Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...

7.7CVSS5.8AI score0.00678EPSS
Exploits0References11
EUVD
EUVD
added 2026/01/22 6:9 p.m.5 views

EUVD-2026-3783

Orval Mock Generation Code Injection via const...

7.7CVSS5.5AI score0.00678EPSS
Exploits0References10
vulnersOsv
vulnersOsv
added 2026/01/22 6:9 p.m.4 views

@dohyper/cli.hyper (>=0.0.1 <=0.0.10), @lumeweb/portal-sdk (>=0.0.0-20240306223335 <=0.0.2) +16 more potentially affected by CVE-2026-24132 via @orval/mock (>=6.21.0 <=7.1.1)

@orval/mock NPM version =6.21.0, =0.0.1, =0.0.0-20240306223335, =1.0.0, =0.1.0, =1.0.0, =1.2.0, =1.9.101, =1.9.101, =1.0.1, =0.0.0, =6.21.0, =7.19.0 and more Source cves: CVE-2026-24132 Source advisory: OSV:GHSA-F456-RF33-4626...

9.8CVSS5.8AI score0.00678EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/22 6:9 p.m.6 views

orval (>=8.0.0 <=8.0.2) potentially affected by CVE-2026-24132 via @orval/mock (>=8.0.0-rc.0 <=8.0.2)

@orval/mock NPM version =8.0.0-rc.0, =8.0.0, =8.0.2 Source cves: CVE-2026-24132 Source advisory: OSV:GHSA-F456-RF33-4626...

9.8CVSS5.8AI score0.00678EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/01/22 6:9 p.m.15 views

Orval Mock Generation Code Injection via const

I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions https://github.com/advisories/GHSA-h526-wf6g-67jv, but it affects a different...

9.8CVSS6AI score0.00678EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/01/22 6:9 p.m.9 views

GHSA-F456-RF33-4626 Orval Mock Generation Code Injection via const

I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions https://github.com/advisories/GHSA-h526-wf6g-67jv, but it affects a different...

7.7CVSS6AI score0.00678EPSS
Exploits0References11
Rows per page
Query Builder