Package impact
npm / jsonpath
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1615 | critical | 9.8 | 9.8 | 4mo ago | jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions | |||
| CVE-2025-61140 | unknown | — | — | 4mo ago | JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js |