@beshkenadze/orval-mcp (=7.11.2-fix.2), @dohyper/cli.hyper (>=0.0.1 <=0.0.10) +26 more potentially affected by CVE-2026-23947 +1 more via @orval/core (>=6.11.0-alpha.1 <=7.18.0)

@orval/core NPM version =6.11.0-alpha.1, =0.0.1, =0.0.0-20240306223335, =1.0.0, =0.1.0, =1.0.0, =1.2.0, =1.9.101, =1.9.101, =6.11.0, =6.11.0, =6.30.0, =6.26.0, =7.18.0 and more Source cves: CVE-2026-23947, CVE-2026-25141 Source advisory: OSV:GHSA-H526-WF6G-67JV...

Orval security vulnerabilities

Orval is an open-source interface development tool developed by Orval. Versions of Orval from 7.10.0 to 8.0.2 contained security vulnerabilities. These vulnerabilities were caused by the x-enumDescriptions field not being properly escaped and embedded, which could allow arbitrary code to execute...