pkg:npm/messageformat

All known vulnerabilities

• —CVE-2025-57349messageformat has a prototype pollution vulnerability
  from 0, < 3.0.0-beta.0