VYPR

npm package

@orval/core

pkg:npm/%40orval/core

Vulnerabilities (2)

  • CVE-2026-25141Jan 30, 2026
    affected >= 7.19.0, < 7.21.0fixed 7.21.0

    Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ('), do

  • CVE-2026-23947Jan 20, 2026
    affected >= 8.0.0-rc.0, < 8.0.2fixed 8.0.2

    Orval generates type-safe JS clients (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification. Versions prior to 7.19.0 until 8.0.2 are vulnerable to arbitrary code execution in environments consuming generated clients. This issue is similar in nature to CVE-2026-22785,