CVE-2026-22785

orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...

CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.

orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...

CVE-2026-22785

Summary: Orval (MCP client/server code path) is vulnerable to arbitrary code execution via unsanitized input in OpenAPI specs. The CVE-2026-22785/MCP issue arises from string-manipulation in the MCP server generation logic that embeds the summary field without proper validation/escaping, allowing...

CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.

orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...

PT-2026-2296

Name of the Vulnerable Software and Affected Versions orval versions prior to 7.18.0 Description orval generates type-safe JS clients TypeScript from OpenAPI specifications. Before version 7.18.0, the server generation logic in the MCP component used string manipulation on the summary field from...

orval 命令注入漏洞

Orval is an interface development tool from Orval Open Source. A command injection vulnerability exists in versions prior to orval 7.18.0 that stems from the MCP server generation logic not properly validating or escaping the summary field of the OpenAPI specification, which could lead to arbitra...

CVE-2025-69222

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

CVE-2025-69222

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

python311-openapi-core-0.22.0-1.1 on GA media (moderate)

python311-openapi-core-0.22.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15848-1 Rating: moderate Cross-References: CVE-2025-66221 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2025:15848-1 python311-openapi-core-0.22.0-1.1 on GA media

These are all security issues fixed in the python311-openapi-core-0.22.0-1.1 package on the GA media of openSUSE Tumbleweed...

WuppieFuzz: Coverage-Guided, Stateful REST API Fuzzing

Many business processes currently depend on web services, often using REST APIs for communication. REST APIs expose web service functionality through endpoints, allowing easy client interaction over the Internet. To reduce the security risk resulting from exposed endpoints, thorough testing is...

GO-2025-4162 Free5GC is vulnerable to DoS via the Nudm_SubscriberDataManagement API in github.com/free5gc/openapi

Free5GC is vulnerable to DoS via the NudmSubscriberDataManagement API in github.com/free5gc/openapi...

CVE-2025-66201

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

EUVD-2025-199888

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

CVE-2025-66201

CVE-2025-66201 affects LibreChat. The vulnerability is a Server-Side Request Forgery (SSRF) in the LibreChat tions feature that can be triggered by passing specially crafted OpenAPI specs, allowing an authenticated user with access to the feature to reach URLs only accessible to the LibreChat se...

CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +33 more potentially affected by CVE-2025-12183 via org.lz4:lz4-pure-java (=1.8.0)

org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...

EUVD-2025-199288

Malicious code in @silgi/openapi npm...

Malicious code in @silgi/openapi (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da37d75ae054be71f7d9d4913bf4e5b1c0e7249774278432c33d89d871d99f28 The package @silgi/openapi was found to contain malicious code. Source: ghsa-malware 3c5eda9815ba5af459be6844eab3b3e9f5cb4615e738904bd8214eb62a2c93e7...