Lucene search
K
SvelteDevalue

4 matches found

CVE
CVE
added 2026/06/09 4:12 p.m.41 views

CVE-2026-42570

CVE-2026-42570 affects the Svelte devalue library. devalue.parse could allocate excessive memory when deserializing sparse arrays in versions 5.6.3 through 5.8.0, due to engine quirks. The issue is fixed in version 5.8.1. Affected references include GitHub advisories GHSA-77vg-94rm-hx3p and OSV e...

7.5CVSS5.3AI score0.00384EPSS
CVE
CVE
added 2026/01/15 6:59 p.m.18 views

CVE-2026-22775

Summary : CVE-2026-22775 affects the Svelte devalue library. Vulnerable range : devalue.parse input handling from versions 5.1.0 through 5.6.1. Root cause : the ArrayBuffer hydration path decodes input as base64 without validating the input first, allowing crafted data to cause excessive CPU time...

7.5CVSS6.3AI score0.0057EPSS
CVE
CVE
added 2026/01/15 6:53 p.m.17 views

CVE-2026-22774

CVE-2026-22774 affects the Svelte devalue library. From versions 5.3.0 through 5.6.1, certain inputs trigger devalue.parse to consume excessive CPU time and memory when processing untrusted data, potentially causing denial of service. Root cause: typed array hydration assumes an ArrayBuffer input...

7.5CVSS6.4AI score0.0057EPSS
CVE
CVE
added 2026/03/11 5:47 p.m.13 views

CVE-2026-30226

The CVE relates to the Svelte devalue JavaScript library. Affected versions are 5.6.3 and earlier, where devalue.parse and devalue.unflatten are vulnerable to prototype pollution via malicious payloads. Exploitation can cause Denial of Service (DoS) or type confusion. The issue is mitigated by up...

7.5CVSS5.8AI score0.00373EPSS