VYPR

npm package

@evomap/evolver

pkg:npm/%40evomap/evolver

Vulnerabilities (3)

  • CVE-2026-42077MedMay 4, 2026
    affected < 1.69.3fixed 1.69.3

    Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vul

  • CVE-2026-42076CriMay 4, 2026
    affected < 1.69.3fixed 1.69.3

    Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenat

  • CVE-2026-42075HigMay 4, 2026
    affected < 1.69.3fixed 1.69.3

    Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without