Devalue

3 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-30226 HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22775 HIGH PATCH This Week

Denial of service in Svelte devalue library versions 5.1.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted serialized data. The vulnerability stems from insufficient validation of ArrayBuffer inputs during deserialization. Applications should upgrade to version 5.6.2 or later.

Denial Of Service Devalue Redhat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-22774 HIGH PATCH This Week

Denial of service in Svelte devalue versions 5.3.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted data. The vulnerability stems from insufficient validation of typed array inputs before hydration, enabling attackers to trigger excessive resource consumption. Update to version 5.6.2 or later to remediate.

Denial Of Service Devalue Redhat
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30226
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In devalue v5.6.3, `devalue.parse` and `devalue.unflatten` were susceptible to prototype pollution via maliciously crafted payloads. Successful exploitation could lead to Denial of Service (DoS) or type confusion.

Denial Of Service Prototype Pollution Devalue
NVD GitHub VulDB
CVE-2026-22775
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Svelte devalue library versions 5.1.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted serialized data. The vulnerability stems from insufficient validation of ArrayBuffer inputs during deserialization. Applications should upgrade to version 5.6.2 or later.

Denial Of Service Devalue Redhat +1
NVD GitHub
CVE-2026-22774
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Svelte devalue versions 5.3.0 through 5.6.1 allows remote attackers to exhaust CPU and memory resources by supplying malformed input to the parse function, affecting applications that process untrusted data. The vulnerability stems from insufficient validation of typed array inputs before hydration, enabling attackers to trigger excessive resource consumption. Update to version 5.6.2 or later to remediate.

Denial Of Service Devalue Redhat
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy