Package impact
npm / devalue
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42570 | high | — | 8.0 | 20d ago | Svelte devalue: DoS via sparse array deserialization | |||
| CVE-2026-30226 | unknown | — | — | 3mo ago | devalue has prototype pollution in devalue.parse and devalue.unflatten | |||
| CVE-2026-22775 | unknown | — | — | 5mo ago | devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse | |||
| CVE-2026-22774 | unknown | — | — | 5mo ago | Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse | |||
| CVE-2025-57820 | unknown | — | — | 9mo ago | devalue prototype pollution vulnerability |