VYPR

npm package

@opentelemetry/exporter-prometheus

pkg:npm/%40opentelemetry/exporter-prometheus

Vulnerabilities (1)

  • CVE-2026-44902HigMay 27, 2026
    affected < 0.217.0fixed 0.217.0

    opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default 0.0.0.0:9464) has no error handling around URL parsing, so a requ