370 matches found
MAL-2026-2394 Malicious code in typescript-mock-data (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1a51f9143ac378f3ef81840f6858a902bd37449fa9b93b0999e021321ddafac The package typescript-mock-data was found to contain malicious code...
Malicious Package
Overview chai-as-mock is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in chai-as-mock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 303ff6a2f2561ea67c1d084cbfc1ebdd5364668aab3d06257cb2cbeea42ce5a3 The package chai-as-mock was found to contain malicious code. Source: ghsa-malware 6ab0e6eb41241ac06a623d9e7fa230c2d68067904fd48aa422ab8c2db1cd23e4 A...
MAL-2026-1191 Malicious code in chai-as-mock (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 303ff6a2f2561ea67c1d084cbfc1ebdd5364668aab3d06257cb2cbeea42ce5a3 The package chai-as-mock was found to contain malicious code. Source: ghsa-malware 6ab0e6eb41241ac06a623d9e7fa230c2d68067904fd48aa422ab8c2db1cd23e4 A...
@bindercli/core (>=0.1.0 <=0.1.7), @localess/cli (>=3.0.1 <=3.0.5-dev.20260428203008) +20 more potentially affected by CVE-2026-25141 via @orval/core (>=8.0.0 <=8.1.0)
@orval/core NPM version =8.0.0, =0.1.0, =3.0.1, =8.0.0, =8.0.0, =8.14.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =6.11.0-alpha, =8.0.0, =8.0.0, =8.0.0, =0.5.0, =0.6.1 and more Source cves: CVE-2026-25141 Source advisory: OSV:GHSA-GCH2-PHQH-FG9Q...
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
orval (>=8.0.0 <=8.0.2) potentially affected by CVE-2026-24132 via @orval/mock (>=8.0.0-rc.0 <=8.0.2)
@orval/mock NPM version =8.0.0-rc.0, =8.0.0, =8.0.2 Source cves: CVE-2026-24132 Source advisory: SNYK:JS-ORVALMOCK-15091570...
d2m-apigen (>=1.0.1 <=2.1.7), dm-apigen (>=0.0.0 <=1.0.0) +2 more potentially affected by CVE-2026-24132 via @orval/mock (>=7.0.0 <=7.1.1)
@orval/mock NPM version =7.0.0, =1.0.1, =0.0.0, =7.0.0, =7.1.0, =7.13.2 Source cves: CVE-2026-24132 Source advisory: SNYK:JS-ORVALMOCK-15091570...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the getMockScalar function. An attacker can execute arbitrary code by supplying a crafted OpenAPI specification containing malicious values in the const property, which are then interpolated into generate...
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-24132
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-24132 Orval Mock Generation Code Injection via const
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-24132
CVE-2026-24132 affects Orval’s mock generation path in @orval/mock. Untrusted OpenAPI specs can inject arbitrary TypeScript/JavaScript into generated mock files through the const values on schema properties, which are interpolated into the mock scalar generator without proper escaping. This can l...
CVE-2026-24132 Orval Mock Generation Code Injection via const
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
CVE-2026-24132 Orval Mock Generation Code Injection via const
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into generated mock files via the const keyword on schema...
EUVD-2026-3783
Orval Mock Generation Code Injection via const...
@dohyper/cli.hyper (>=0.0.1 <=0.0.10), @lumeweb/portal-sdk (>=0.0.0-20240306223335 <=0.0.2) +16 more potentially affected by CVE-2026-24132 via @orval/mock (>=6.21.0 <=7.1.1)
@orval/mock NPM version =6.21.0, =0.0.1, =0.0.0-20240306223335, =1.0.0, =0.1.0, =1.0.0, =1.2.0, =1.9.101, =1.9.101, =1.0.1, =0.0.0, =6.21.0, =7.19.0 and more Source cves: CVE-2026-24132 Source advisory: OSV:GHSA-F456-RF33-4626...
orval (>=8.0.0 <=8.0.2) potentially affected by CVE-2026-24132 via @orval/mock (>=8.0.0-rc.0 <=8.0.2)
@orval/mock NPM version =8.0.0-rc.0, =8.0.0, =8.0.2 Source cves: CVE-2026-24132 Source advisory: OSV:GHSA-F456-RF33-4626...
Orval Mock Generation Code Injection via const
I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions https://github.com/advisories/GHSA-h526-wf6g-67jv, but it affects a different...
GHSA-F456-RF33-4626 Orval Mock Generation Code Injection via const
I am reporting a code injection vulnerability in Orval’s mock generation pipeline affecting @orval/mock in both the 7.x and 8.x series. This issue is related in impact to the previously reported enum x-enumDescriptions https://github.com/advisories/GHSA-h526-wf6g-67jv, but it affects a different...