OsVault/npm/jsonpath
npm1 critical

jsonpath

6 known vulnerabilities · 1 critical · 0 high

CVE-2026-1615

jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

Published Feb 9, 2026
CVE-2025-61140

JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js

Published Jan 28, 2026
CVE-2025-1302

JSONPath Plus allows Remote Code Execution

Published Feb 15, 2025
MAL-2025-588

Malicious code in @adsk-forks/jsonpath (npm)

Published Jan 27, 2025
CVE-2024-21534CRITICAL

JSONPath Plus Remote Code Execution (RCE) Vulnerability

Published Oct 11, 2024
GHSA-pv5w-4p9q-p3v2

Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in `JSONPathBuilder.key()` / `.at()`

Published May 11, 2026
Check your entire dependency tree at onceRun dependency scan →