CVE-2026-25141
- EPSS 0.03%
- Veröffentlicht 30.01.2026 20:19:04
- Zuletzt bearbeitet 27.02.2026 18:21:56
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly...
CVE-2026-24132
- EPSS 0.05%
- Veröffentlicht 22.01.2026 23:47:45
- Zuletzt bearbeitet 27.02.2026 19:00:40
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions 7.19.0 and below and 8.0.0-rc.0 through 8.0.2 allow untrusted OpenAPI specifications to inject arbitrary TypeScript/JavaScript into gen...
CVE-2026-23947
- EPSS 0.04%
- Veröffentlicht 20.01.2026 00:19:48
- Zuletzt bearbeitet 27.02.2026 19:05:08
Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is simila...
CVE-2026-22785
- EPSS 0.03%
- Veröffentlicht 12.01.2026 18:43:16
- Zuletzt bearbeitet 26.02.2026 20:00:15
orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification...