pkg:npm/devalue

All known vulnerabilities

• HIGH7.5CVE-2026-42570Svelte devalue: DoS via sparse array deserialization
  >= 5.6.3, < 5.8.1
• HIGH7.5CVE-2026-22775devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse
  >= 5.1.0, < 5.6.2
• HIGH7.5CVE-2026-22774Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse
  >= 5.3.0, < 5.6.2
• —CVE-2026-30226devalue has prototype pollution in devalue.parse and devalue.unflatten
  from 0, < 5.6.4
• —CVE-2025-57820devalue prototype pollution vulnerability
  from 0, < 5.3.2