Skip to main content

Devalue

3 CVEs product

Monthly

CVE-2026-30226 npm HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22775 npm HIGH PATCH This Week

Denial of service in Svelte devalue library versions 5.1.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted serialized data. The vulnerability stems from insufficient validation of ArrayBuffer inputs during deserialization. Applications should upgrade to version 5.6.2 or later.

Denial Of Service Devalue
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22774 npm HIGH PATCH This Week

Denial of service in Svelte devalue versions 5.3.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted data. The vulnerability stems from insufficient validation of typed array inputs before hydration, enabling attackers to trigger excessive resource consumption. Update to version 5.6.2 or later to remediate.

Denial Of Service Devalue
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue +2
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Svelte devalue library versions 5.1.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted serialized data. The vulnerability stems from insufficient validation of ArrayBuffer inputs during deserialization. Applications should upgrade to version 5.6.2 or later.

Denial Of Service Devalue
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Svelte devalue versions 5.3.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted data. The vulnerability stems from insufficient validation of typed array inputs before hydration, enabling attackers to trigger excessive resource consumption. Update to version 5.6.2 or later to remediate.

Denial Of Service Devalue
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy