OsVault/npm/devalue
npm

devalue

9 known vulnerabilities · 0 critical · 0 high

GHSA-mwv9-gp5h-frr4

Sveltejs devalue's `devalue.parse` and `devalue.unflatten` emit objects with `__proto__` own properties

Published Mar 12, 2026
GHSA-33hq-fvwr-56pm

devalue affected by CPU and memory amplification from sparse arrays

Published Feb 19, 2026
CVE-2026-30226

devalue has prototype pollution in devalue.parse and devalue.unflatten

Published Mar 12, 2026
CVE-2026-22775

devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

Published Jan 15, 2026
GHSA-8qm3-746x-r74r

devalue `uneval`ed code can create objects with polluted prototypes when `eval`ed

Published Feb 19, 2026
CVE-2026-22774

Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

Published Jan 15, 2026
CVE-2019-13506MEDIUM

Cross-Site Scripting in @nuxt/devalue

Published Jul 16, 2019
MAL-2023-123

Malicious code in becoming-the-narcissists-nightmare-how-to-devalue-and-discard-the-narcissist-while-supplying-yoursel (npm)

Published May 10, 2023
MAL-2023-274

Malicious code in dow-load-becoming-the-narcissists-nightmare-how-to-devalue-and-discard-the-narcissist-whil (npm)

Published May 10, 2023
Check your entire dependency tree at onceRun dependency scan →