CVE-2026-42570
- EPSS 0.35%
- Veröffentlicht 09.06.2026 16:12:26
- Zuletzt bearbeitet 11.06.2026 18:52:51
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to al...
CVE-2026-30226
- EPSS 0.37%
- Veröffentlicht 11.03.2026 17:47:40
- Zuletzt bearbeitet 17.03.2026 19:07:28
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible to prototype pollution via maliciously cr...
CVE-2026-22775
- EPSS 0.49%
- Veröffentlicht 15.01.2026 18:59:37
- Zuletzt bearbeitet 20.01.2026 15:29:35
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading ...
CVE-2026-22774
- EPSS 0.49%
- Veröffentlicht 15.01.2026 18:53:21
- Zuletzt bearbeitet 20.01.2026 15:28:55
Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to consume excessive CPU time and/or memory, potentially leading ...